Programme Day 1
- · The growing risks and costs of cybercrime to businesses
- · The importance of cyber skills and strategies
- · The threats to businesses and how to overcome them
- · The latest tools and technologies to fight cyber-attacks
With the sudden shift of the global workforce from in-office to remote, IT teams quickly transformed their operations to accommodate the new realities of business — including large-scale adoption of work-from-home technologies, heightened activity on customer-facing networks, and greater use of online services. While these examples of agility allowed business to continue, they also greatly increased the risk of misconfigurations and cyber threats. Now, it’s looking like they could be here to say for a while. On top of that, bad actors have wasted no time trying to exploit new vulnerabilities. In the past several weeks, we’ve seen ransomware attacks affect several major organisations. These attacks come on the tail of a surge of attacks across the board brought on during the pandemic, as hackers scanned and took advantage of new workloads, and vulnerable VPN connections and misconfigurations left the gates to the network open.
When attacks like these make headlines, panicked board members have one question for CISOs: how can we be sure that won’t happen to us? We will share top strategies for CISOs to lead board-level conversations about risk management amidst the stark new realities of IT.
How nation state and state-aligned cyber attacks have become the new normal, with attribution, accusations and retaliation now commonplace
How private companies should expect to be caught in the crossfire of state-sponsored cyber
How the security industry promotion of ‘Hollywood’ glamour hacks and zero days leads to CISOs and security teams feeling that nation-states simply can’t be defended against
But actually – the majority of state-sponsored activity can be defended by taking a pragmatic approach to cyber-defence
In this presentation Steve will attempt to unravel some of the complicated messaging that accompanies SASE (Secure Access Service Edge). He will go through the advantages that it will bring to the customer and how in this new working world can help your business. Additionally some of the service offerings that Fortinet are offering under this Framework definition. All in a non-technical presentation.
Please take time to visit our sponsors, and interact live with speakers and staff members within their booth.
The future normal will be change, the ability to move at pace will be a differentiator in the next decade. This presentation is a condensed view ( at pace) of the possible changes ahead to consider.
That’s a question many security teams are asking, as the shift to remote working has rapidly accelerated the adoption of cloud-based productivity tools. Join this session for practical, applicable advice on steps every organisation (whether Private or Public Sector) should be taking to securely navigate the new normal. You’ll learn about:
• Security gaps to watch out for with productivity suites like Microsoft 365 – and what to do about them
• Best practice cyber-hygiene for a remote workforce
• Processes and tools that can keep data secure without impacting productivity
• The multiplier effect of taking a holistic approach to your cloud security strategy
Don’t miss the chance to hear from two experts in the field – Josh Douglas, former CISO and Mimecast’s VP of Threat Intelligence, and Max Linscott, Microsoft 365 specialist and Senior Product Marketing Manager for Mimecast.
Please take time to visit our sponsors and network in our lounge.
Did you know 99% of all threats are human-activated, and 96% of all data breaches start with people? [Source: Gartner.]
Despite this reality, most organisations rely on traditional cybersecurity tools that focus more on data and systems than on people. Whether the intent is negligent, malicious or criminal, it’s time to protect your business against data loss and brand damage. The best, most modern security solutions are designed to be people-centric.
Join Rob Bolton, Senior Director at Proofpoint Insider Threat Management, to learn about the four best practices to manage insider threats. Learn why it’s critical to blend people, process and technology to detect, investigate and respond to insider risk in today’s new [work] reality.
In this talk, you will learn:
• How distributed workforces and third-party workers access systems and data
• The unique risks of insider threats
• How to protect against data loss
• Why a people-centric approach is key to mitigating insider risk
Rapid7’s National / Industry / Cloud Exposure Report (NICER) for 2020 is the most comprehensive census of the modern internet. In a time of global pandemic and recession, the Rapid7 research team offers this data-backed analysis of the changing internet risk landscape, measuring the prevalence and geographic distribution of commonly known exposures in the interconnected technologies that shape our world.
Join Matt Rider, International Director, Applied Engineering at Rapid7 for an informational session diving into the key findings and UK observations of the 2020 NICER report.
– Discover the state of the UK’s security posture in 2020
– Understand how the pandemic and technological movements to the cloud have affected internet risk
– Recommendations on how to help keep your organisation safe on the internet
Whatever the weather throws at you, be sure to have appropriate clothing. A look back at the cyber storms we’ve seen since the beginning of the pandemic
This session will explore how in response to the evolution in the threats and attacks, Automation and Artificial intelligence (AI) have become instrumental in becoming more resilient to the volume of attacks and enabling our teams to focus on the more critical attacks with new tools to investigate and automate remediation.
– Intro and Overview(JB)
– Evolution of Threats
– Using AI for Analysis and Investigation
– SOAR – Reducing the window of risk
– Next Generation Security Monitoring and MDR
– Integration into Comtact Services Framework
– Sentinel One – (Elliot)
The “right” threat intelligence helps enterprises understand their attackers, their motives, and how best to defend against evolving attacker TTPs. Threat intelligence isn’t supposed to be one-size-fits-all.
Attackers consistently use current world events to their advantage by developing new exploits and techniques that bypass perimeter defences. We will discuss why organisations should move from a gateway-based single-pass inspection model to a layered security model that includes continuous email monitoring and detection at the inbox to effectively combat today’s phishing threats.
Learn more on how your security team can make your threat detection and response more effective by choosing the right threat intelligence solution
Please take the time to visit our sposnors within the exhibition hall
Zero trust is a regular topic of conversation for most CISO’s today. At its core, zero trust focuses on the principle of maintaining diligent access control for all users of network and systems resources. In itself, that sounds like nothing new, but with it comes a renewed focus to understanding and managing that access at a much finer level of detail. This is even more important when it comes to the current cloud platforms that have become so complex to manage due to the ultra-fine-grained access rights that most companies struggle to even understand who has access to what and if that access is being used or not.
In today’s world of constant breach and threat, a Zero Trust approach to secure your IT landscape makes a lot of sense. But in order to give Zero Trust any chance of success, Identity Governance has to become a critical core competency. In this session, SailPoint will show how Zero Trust and Identity Governance provide the much needed security we are all after and how we can achieve the best results with today’s technology.
Brittany Kaiser is an American former business development director for Cambridge Analytica which collapsed after details of its misuse of Facebook data were revealed to have potentially impacted voting in the UK Brexit referendum, and the 2016 U.S. presidential election. Kaiser testified about her involvement in the work of Cambridge Analytica before the UK Parliament and in private before the Mueller Investigation.
Geoff. White is an accomplished freelance investigative journalist & author specialising in cyber fraud in particular. His work has appeared on both the BBC & Channel 4 television.
Enjoy a catch up with speakers, sponsors & peers and join our after party and DJ Set from Stu Hirst
Programme Day 2
Today, 94% of cyber-threats still originate in the inbox. ‘Impersonation attacks’ are on the rise, as artificial intelligence is increasingly being used to automatically generate spear-phishing emails, or ‘digital fakes’, that expertly mimic the writing style of trusted contacts and colleagues. Humans can no longer distinguish real from fake on their own – businesses are increasingly turning to AI to distinguish friend from foe and fight back with autonomous response. In an era when thousands of documents can be encrypted in minutes, ‘immune system’ technology takes action in seconds – stopping cyber-threats before damage is done. Find out how in this session
With Covid-19 many IT strategies were forced to adapt within days. Having employees working from home or on their private devices, IT departments are encountering new opportunities, as well as new challenges. Keeping devices secure against theft or ransomware attacks is as important as giving the end-user the possibility to choose their own device. Quest KACE will show to you how you can easily:
- Enroll new devices
- Track, lock and wipe sensitive data
- Automate patch deployment
- Scan your system against vulnerabilities
There is a growing need for organisations to protect their sensitive data. If you don’t know where your sensitive data is, how can you focus your security investments on protecting what matters most? And how can you possibly prove regulatory compliance and pass audits? Join us to discover the steps involved in implementing a data-centric security strategy so you can stay one step ahead of both security incidents and the rapidly changing compliance landscape.
This high-level talk will explore previous and current security risks associated with web applications before looking at the future and what challenges we need to tackle to make a better internet.
Security and DevOps has historically been rather fraught. Why?! How can we make that relationship better and what impacts will it have? Stu discussed a raft of areas where Security can speed up DevOps
Why traditional vulnerability management has failed in keeping us secureWhat it takes to deliver vulnerability management at scale and how can we keep pace with the speed of developmentWhat is the trade-off between speed and accuracy and why is this acceptable? We shall also cover off highlights of the Edgescan Vulnerability Stats report 2020 focusing on the most common vulnerabilities and what it means to deliver a robust cybersecurity programme for any enterprise.
Please take the time to visit the sponsor booths and say hello
Sandip Patel QC FCIArb is managing partner of Aliant (London), an international law firm, and member of Furnival Chambers. Sandip has been at the forefront of notable serious and organised cybercrime cases including ‘DarkMarket’, ‘the Facebook Hacker’, prosecution of members of ‘Anonymous’ for the hacking of PayPal, Visa, Sony, FBI, CIA, UK NCA, MoD etc, and ‘the boy who almost broke the Internet’ . He has lectured and trained investigators, lawyers and judges in England and internationally (Italy, Hungary, Latvia, Turkey, Israel, India, Grenada, Trinidad and Tobago) on good cyber policies, procedures and law. He is routinely asked to advise and assist in the creation, training and implementation of cyber law enforcement programmes. For example, in Grenada, he devised and implemented a cyber crime training course for investigators, the A-G’s office and judges so as to give effect to new cyber legislation. He contributed to the leading textbook: Electronic Evidence, 3rd Edition, Stephen Mason As head of Aliant Data Protection Team, he advises and assist organisations on data laws, privacy, protection and cyber security. He is Chairperson of the Cybercrime Practitioners’ Association. He is Chief Adviser to the OSP Cyber Academy. In the “Leading silks” list, The Legal 500 United Kingdom guide to outstanding silks nationwide said this about him, “He has a pleasing and reassuring courtroom manner”, “a very good all- round advocate, who is quick on his feet in court”. Described as “a truly exceptional lawyer with a phenomenal eye for detail”.
At a time of heightened business risk, and in the face of an increasing tide of cybercriminals looking to cash in on the unusual circumstances, it is more important than ever to ensure you have the correct practices and security solutions in place to protect your organisation and users – no matter where they are.
In this session Richard Walters, Censornet CTO will be highlighting key industry standards, recommended architectures and controls to ensure your business can continue to operate effectively and securely with a remote working / hybrid model.
Richard will be joined by Giles Raeside, a Senior Sales Engineer at Censornet, to answer key audience questions around securing remote workers, with practical and actionable advice to help IT professionals tackle the issues and challenges they are facing
In this presentation we will talk about the evolution of endpoint security and some of the limitations exposed by Threat Actors, including some of the solutions we see on the market to address these limitations. The presentation will cover XDR technology, what it is, how it works, and the solution offered by Cynet.
The cyber-threat landscape continues to evolve. Each year, attackers add new techniques and tactics to their arsenal, increasing their ability to evade detection and attack your systems. In this session, we will investigate evolving zero day and malware threats and discuss the best practice options for protecting your business from Endpoint to Network.
• Discover more about how zero day threats can evade traditional defenses
• Learn the tools, techniques and technologies needed to protect your entire security estate from endpoint to network
• Best practice advice to implement a multi-layered approach to protect your organisation
- Endpoint management trends of 2020 and beyond.
- Uni-dimensional approach to endpoint management and security.
- Managing the plethora of devices in your IT landscape both on & off-network from cloud-based solutions.
- Know-hows to orchestrate your cyber hygiene routines and adapting to the dynamic shift in the work environment of employees and their devices.
- Maximizing the visibility of the network by holistic endpoint management from on-premise and on-cloud.
Please take the time to visit the sponsor booths within the exhibition hall
Rupert Collier is Sales Director, International at RangeForce, and, over the last 20 years, has worked in product management and commercial roles at many leading companies in the cybersecurity and wider technology industries. Bilingual in German and English, Rupert is responsible for RangeForce’s business development activity outside of the United States and will give you insights on how simulation-based training is helping organizations elevate cyber skills, fill staffing gaps, and cost-effectively improve their security team’s ability to detect, contain, and remediate cyberattacks. You will get to see the simulation platform in action and learn how it makes it easier to orchestrate and personalize training for larger teams with a diverse range of skill sets.
UK Cyber Security – an Overview, and Challenges in a most Difficult Year!
As an alumnus of GCHQ, myself, I am delighted to introduce our final speaker today, Cieran Martin.
Until the end of last month, Ciaran was the first CEO of the UK National Cyber Security Centre. Having been appointed as Head of Cyber Security at GCHQ in December 2013, he recommended the establishment of a National Cyber Security Centre within the intelligence & security agency.
This was agreed by the Government & announced by then Chancellor George Osborne in November 2015. Cieran was announced as the first Chief Executive in February 2016, & it became operational in October of that year. On 14 February 2017, the NCSC’s new headquarters in Victoria, London, were opened by Her Majesty the Queen.
Cieran is therefore singularly placed to understand both the cyber threats faced by the United Kingdom, and to outline some of the way’s threats can best be combated.
He is also deeply aware of trends, & future likely concerns in this highly important area of organisational & national security, and is well able to advise on the likely directions of attacks in the years ahead.
All of which is grossly magnified by the ‘Working from Home Culture’ necessitated by the current pandemic, which sadly is likely to be still with us for some time.
Over to you Ciaran….
This will be time to relax & listen to a great comedy whilst networking.