Programme @ ESRM uk

Kancharla Manmadh, Head of Cyber Security, Pfizer

In today’s hyper-risk reality, a key business priority is the ability to anticipate new and emerging security threats, master disruptive technologies, and strengthen resilience.

No matter your organisational role, and no matter your area of expertise, from CISO’s, business continuity managers, heads of application security to forensics team leaders, we all need to become better at identifying, mitigating, and resolving security and risk factors.

In our opening address, we explore the extent to which today’s enterprises have the right people, processes, and technology in place to manage our hyper-risk reality world

In a world of disruption, interruption, misinformation, and a number of competing sources of truth, many security and risk leaders are left struggling to harmonise, synchronise and make use of business-critical data.

An inability to effectively streamline your data sources leads to organisational silos, degraded processes, revenue depletion, and a lack of competitiveness.

We explore, what security and risk executives can do to improve the collection, allocation, and dissemination of data sources.

Arun Kumar, Director – Cyber Security Governance & Compliance, Unilever

Developing and translating the value of information security into a tangible objective which the wider business can interpret and relate to is vitally important.

By democratising comprehension of, and access to, the infosec ecosystem you will better articulate security and risk concerns, promote a risk-aware culture, resolve business and IT process-related issues, and drive your security programme strategy in accordance with the business appetite for security and risk.

We address:

• Understanding your IT landscape
• Aligning IT with corporate objectives
• Address the business impact of IT risk
• Identify where value is created
• Measure your organisations risk appetite
• Utilise risk mitigation tools
• Become an adviser to the board

Related to becoming a better communicator is the need to infuse a cross-business appreciation and understanding of some of the most common types of attacks.

Whilst approaches to training non-IT staff have advanced towards more real-life, war-game style, methods of instruction, many businesses still rely on outdated do’s and don’ts rather than address the fundamentals behind successful phishing attacks.

We will explore how to:

• Understand why some links are so clickable
• Engage partners and employees with empathy
• Discover the neurological insights into habits and behaviours
• Deploy the use of positive reinforcement to encourage behaviour change

Geethy Panicker, Head of Enterprise Risk, HSBC

An organisational re-design represents a critical opportunity to ensure IT is better aligned with the strategic direction of an organisation.

Despite the obvious value in implementing structural changes, the many choices on offer have inadvertently developed a crowded market in which the competing approaches and differing priorities have made the task of implementing a best-fit design extremely complex and difficult to navigate.

Added to this complexity is the pressure of competitors and new and emerging technology which many struggles to integrate into existing and soon-to-be business processes.

We address:

• Structure is not just your organisational chart
• Balance adaptability and stability
• Change in practice, not just in theory

Roy Samson, Senior Risk Manager and Lead Architect Product Security, ASML

Deciding what constitutes a clear and present danger to enterprise defences, and prioritising according to the degree of risk, is a real-life decision that needs to be made by security and IT teams on a daily basis.

Of course, remediating all vulnerabilities on a typical enterprise network is impossible, but you can at least react as the situation demands.

We look at, leveraging machine learning and related AI technologies at scale with contextual prioritisation and the role it plays in building a comprehensive risk score for each vulnerability.

The growing prominence of edge computing with 5G has the potential to positively impact across economies and industries by bringing computation and storage closer to where data is generated. The value this provides business users can be witnessed in advanced data control, significantly reduced costs, quicker insight-action, and operational capacity.

Join us as we explore how your business can better manage scalability, variability, and rate of change in edge environments in order to provide you with the data usability you need.

The necessity of remote working brought about by the pandemic has raised a number of issues from a security and risk perspective.

Whilst today’s highly digitised IT environment has enabled a significantly digitalised workforce to migrate to home working, mobile working and remote systems access has widened existing vulnerabilities and created new risks that need to be managed.

We address, how to establish risk-based policies and procedures that are able to support your remote workforce and defend the integrity of enterprise security capabilities.

The evolution of supply chains from the local to the global has inevitably added to a more complex business ecosystem. Added to this complexity is the uncertain times in which individuals and businesses find themselves.

With fragmented workforces, disrupted third party relationships, declining customers, and diminishing revenues, the risks to business viability is clear.

We explore, how to manage and mitigate increasing risks, balance cost pressures, improve efficiency, and prepare for supply chain failures.

One of the primary ways by which hostile actors look to exploit the enterprise network is through the exploitation of devices which business users rely on. Coupled with this is the growing concern of IoT connectivity vulnerability, as well as the multitude of unsecured devices which the typical employee uses on a daily basis.

We address:

• How to best mitigate malicious cyber activity
• Defend enterprise network infrastructure devices
• Understand the scope of the threat
• Drive effective organisational risk mitigation

Many security and risk practitioners, as well as business leaders more broadly, view AI as a technology which is utilised in order to drive business opportunities rather than as a key part of enterprise defences.

As AI-powered malware provides cyber attackers with the means by which to not only increase the severity of attacks but to also increase success rates, organisations are having to deploy defensive cyber AI to identify and neutralise new and emerging hostile activity.

We address, the speed at which offensive AI is evolving, the primary techniques deployed, and the role that defensive AI plays in delivering automated response capabilities.

Reducing the time in which it takes to react, reduce, and resolve a security incident limits business-wide exposure, protects sensitive data, defends the privacy of your employees, and maintains the integrity of business-consumer trust.

Preserving brand reputation in the age of hyper-competitiveness means having an advanced insight into an emerging threat and using that knowledge to inform the next course of action before events overwhelm organisational capabilities.

We will look at:

• The window of opportunity from incident to resolution
• How to act from initial indication to peak crisis
• Real-time monitoring as your clear line of sight
• Deliver on the need for operational excellence no matter the impact
• Use data-driven foresight to your advantage

The flexibility and fluidity of today’s enterprise environment have meant that what constitutes an employee has become less obvious.

With the number of third party actors set to continue on an upward trend as more and more businesses onboard contractors, agents, and consultants, the task of ensuring the integrity and authenticity of each and everyone one of them has made the deployment of an automated IAM system a vital tool to combat the error-ridden inefficiencies of manual processing.

We address:

• Improve employee processes and customer experience
• Adopt a governance-based approach to identity management
• Realise significant cost savings in onboarding and offboarding
• Scale third party capacity and IAM capabilities
• Secure enterprise activity from false-positive authentication and verification