Disclosure: cybersecurity's gamechanger

The 4th e-Crime & Cybersecurity Spain

Madrid, 22nd November 2018


If Spanish companies thought that they could take a rest after the efforts to meet May’s GDPR deadline, then the hack at Barcelona-based survey company Typeform quickly corrected that misapprehension. And, in a vivid illustration of how local and global have become inextricably linked in cybersecurity, the first public disclosures of a problem came from UK challenger bank Monzo and purveyors of posh-nosh, Fortnum & Mason. 

Coming after the arrest of the leader of the crime gang behind the Carbanak and Cobalt malware attacks targeting over 100 financial institutions worldwide in Alicante, the attack reminded Spanish businesses that their country is still one of the most highly targeted nations by cyber criminals. 

Perhaps most significantly, it demonstrated that for many businesses, third-party security is a bigger issue than internal issues and with so much reliance on Cloud storage, apps and other third-party providers, as well as suppliers and other partners, the problem is getting worse. 

But the most significant long-term implications of GDPR are only just becoming apparent: as AKJ Associates has long believed, mandatory disclosure and breach notification is a gamechanger for cybersecurity.

Real disclosure will reveal the true scale of the cybersecurity problem to consumers, to stakeholders and investors and to the press. Consumers are already reacting to GDPR with subject access requests and increased complaints. Just wait until they realise how many data breaches have been covered up. Investors too will be able to see which firms are weak and which strong in terms of information security. 

And for the first time, we are seeing how disclosure affects entire business and transaction ecosystems: in the recent Ticketmaster breach, the initial alarm was raised (to Ticketmaster) by digital bank Monzo, which spotted unusual Ticketmaster transactions in client accounts.  Ticketmaster did not announce a problem publicly until after Monzo had sent replacement cards to customers who may have been compromised. The significance of this sequence of event is that now companies may compete to show that they disclosed first, winning the reputational battle. 

So how can CISOs and CSOs  prepare for this new era of disclosure? What does it mean for current cybersecurity practice and processes? Is this the tipping point at which senior management finally acknowledge that current initiatives and budgets are insufficient?


e-Crime & Cybersecurity Spain 2018 will look at the post-GDPR disclosure landscape and the realities of achieving cybersecurity and resilience today. What is realistic? Which solutions providers can deliver it? Who at end-users should be making the key decisions? And what is the true role of the CISO in all this? 

  • Beating ransomware: it can be done

    • Creating an ecosystem that can defeat ransomware
    • Layered protection, network segmentation, application control
    • Maximising employee engagement: turn liabilities into assets
  • Is financial sector cyber-security up to scratch?

    They have the biggest IT budgets but they have the most complex cyber-security problems. How are the best banks protecting their core data and payment processes?

    • Securing the web, apps and mobile
    • Securing legacy systems while maintaining critical data exchange with regulators, clearing houses and exchanges
    • Fighting the last war: what are the latest regulatory developments?
    • Multi-factor authentication – the latest solutions
  • When state-actors are the main threat

    • Identifying and protecting critical assets
    • Ensuring plans are fit for real-world deployment
    • Containing, slowing and stopping a breach and managing post-incident fallout
    • Communicating with stakeholders and partners to respond smartly as events develop
    • Understanding the role that cyber insurance can play
  • Employee engagement

    Telling people they are to blame, that they are stupid and that they are the weakest link will not engage them. A team approach and good training will.

    • Examples of best practice in employee engagement
    • Turning employees into cyber-security assets
    • Cyber-security training: what works and what doesn’t?
    • What about dishonest insiders? How to monitor, detect and defeat
  • The foundations of cyber resilience

    The proliferation of threats and potential solutions makes cyber risk management an ongoing headache. If threats are constantly evolving, and solution providers disagree on the basic defensive concepts, where do CISOs and other data security professionals start?

    • Building repeatable, adaptive systems and processes
    • Access control and managing privileged accounts access
    • Effective monitoring and detection systems 
    • Incident response planning, preparation, testing and execution
  • Securing digital identity

    • Compromised credentials as a key entry point: reduce the risk
    • Improving privileged user account controls
    • Managing identities cost effectively
  • Payments innovation and cyber risk

    Payment channel innovation is a headache for banks, consumers and the companies that serve them. The newer and more convenient the payment mechanism - think contactless - the more the concerns over cyber-security.

    • Balancing customer convenience and security
    • Fighting determined multi-channel attacks
    • Tokenisation and the future of payment security
    • Lessons from PCI DSS and other payment security standards
  • Beating ransomware: it can be done

    • Creating an ecosystem that can defeat ransomware
    • Layered protection, network segmentation, application control
    • Maximising employee engagement: turn liabilities into assets
  • Is financial sector cyber-security up to scratch?

    They have the biggest IT budgets but they have the most complex cyber-security problems. How are the best banks protecting their core data and payment processes?

    • Securing the web, apps and mobile
    • Securing legacy systems while maintaining critical data exchange with regulators, clearing houses and exchanges
    • Fighting the last war: what are the latest regulatory developments?
    • Multi-factor authentication – the latest solutions
  • When state-actors are the main threat

    • Identifying and protecting critical assets
    • Ensuring plans are fit for real-world deployment
    • Containing, slowing and stopping a breach and managing post-incident fallout
    • Communicating with stakeholders and partners to respond smartly as events develop
    • Understanding the role that cyber insurance can play
  • Employee engagement

    Telling people they are to blame, that they are stupid and that they are the weakest link will not engage them. A team approach and good training will.

    • Examples of best practice in employee engagement
    • Turning employees into cyber-security assets
    • Cyber-security training: what works and what doesn’t?
    • What about dishonest insiders? How to monitor, detect and defeat
  • The foundations of cyber resilience

    The proliferation of threats and potential solutions makes cyber risk management an ongoing headache. If threats are constantly evolving, and solution providers disagree on the basic defensive concepts, where do CISOs and other data security professionals start?

    • Building repeatable, adaptive systems and processes
    • Access control and managing privileged accounts access
    • Effective monitoring and detection systems 
    • Incident response planning, preparation, testing and execution
  • Securing digital identity

    • Compromised credentials as a key entry point: reduce the risk
    • Improving privileged user account controls
    • Managing identities cost effectively
  • Payments innovation and cyber risk

    Payment channel innovation is a headache for banks, consumers and the companies that serve them. The newer and more convenient the payment mechanism - think contactless - the more the concerns over cyber-security.

    • Balancing customer convenience and security
    • Fighting determined multi-channel attacks
    • Tokenisation and the future of payment security
    • Lessons from PCI DSS and other payment security standards

Who attends

Job titles

Information Security Officer
U.I.T
Security Manager
Head of Fraud Risk Management
Director de Seguridad
CIO
CIO
Ingeniero
Security Manager
Arquitecto TI
Director de Seguridad
Profesor
Gerente Seguridad Tecnologías
Head of Card Payment department
Deputy IT Director
Seguridad Coperativa
Security Manager
CISO
Resp. Seguridad de la Información
Prevencion del eFraude
Director de Seguridad Bancaria
Head of Cyber Security
Consultor Senior
Director - IT Infrastructure & IT Security
Networking and Security
Asesora i Vocal del Consejo Nacional
Card Fraud Monitoring&Response
Auditoría Interna
Dirección de Seguridad
CISO
CISO Chief Information Security Officer
Responsable IT Compliance
Experto en Seguridad
Security Infrastructure Manager
Asesor
VP - Lead Security & Risk
Information Security Manager
Seguridad de la Información
Jefe de Proyecto
Director de Seguridad IT
Director de Seguridad
Director de Sistemas de Información
Tecnico
Manager Corporate Security
Director of Data Protection & Privacy
Resp. Seguridad Informática
Information Security Officer
Big Analytics + Fraud Reporting
CSIRT Manager
Analista
Subdirector Seguridad
Seguridad de la Información
Consultor
Gerente Infraestructura De Seguridad
SEGURIDAD DE LA INFORMACIÓN
Director Investigacion e-Fraude
Jefe de Area Seguridad
Chief Information Officer
Coordinador de Seguridad
Empresas/Business
Manager Audit IT
Ingeniero Seguridad
Regional Information Security Officer
Engineer IT Security
Chief Information Security Officer
Network Security Consultant
Head of Systems & Security
Analista
CISO
IT Security Officer
Chief Technology Risk Audit
Seguridad TIC
Security Manager
Director Seguridad en Sistemas
CIO
Responsable de Seguridad
Seguridad Corporativa
Consultor de Seguridad
Director Juridico
Director de Seguridad
Jefe de Tecnologia
Gerente Seguridad Sistemas
Director de Seguridad
CISO
Director de Auditoria IT Risks
Director de Seguridad de la Informacion
Gerente de seguridad
Gestion Riesgos Tecnologicos
CISO
IT Technician
CIO

Companies

Siemens
Cuerpo Nacional de Policia Madrid
La Caixa
Banco Popular España
Metro de Madrid
Redexis Gas
Tecnicas Reunidas
Telefonica
Grupo FCC
Enagas
Novo Banco
Universidad Politecnica de Madrid
Bankinter
The Spanish Bankers' Association
JB Capital Markets
Repsol España
Grupo FCC
Grupo FCC
Solvia Servicios Inmobiliarios
Bankinter
Santander
Hibu
Telefonica
BANCO INVERSIS NET S.A.
LaSegunda
Ministerio de Justicia
BBVA Grupo
CECA Bank
Vodafone
Iberdrola
EVO Banco
Cetelem Spain
Mapfre
Mapfre
Arrona de la Rosa y Asociados
Barclays
Reparalia
La Caixa
ISDEFE
Codere
Mapfre
Grupo DaXa
DGII
Codere
BGBG Abogados
Leroy Merlin
Siemens
BBVA Grupo
El Corte Inglés
Cuerpo Nacional de Policia Madrid
Mapfre
Iberdrola
Telefonica
Rural Servicios Informáticos
Sareb
Santander
Supermercados Dia
Perez Llorca
Telemadrid
AXA España
Banco Exterior
BT España
Daimler
Adidas
Tecnicas Reunidas
BT España
Grupo Cortefiel
Telefonica
Cajamar
General Dynamics ELS
Santander
Administración General del Estado
ISDEFE
Mapfre
Nautalia & Wamos
Codere
Iberdrola
ISACA
I-Olvido
Codere
Nautalia & Wamos
Grupo Mutua
Novo Banco
Yoigo Spain
BBVA Grupo
Sanitas
Cajamar
Banco de Crédito Cooperativo
CESCE
JB Capital Markets
Codeactivos

Industries

Electronic/Electrical Equipment
Regional Law Enforcement
Banking
Banking
Transportation/Shipping
Oil/Gas
Oil/Gas
Telecommunications
Construction
Oil/Gas
Banking
Education
Banking
Association
Banking
Oil/Gas
Construction
Construction
Real Estate
Banking
Banking
Media
Telecommunications
Banking
Insurance
Central Government
Banking
Association
Telecommunications
Electricity
Banking
Banking
Insurance
Insurance
Legal
Banking
Insurance
Banking
Aerospace/Defence
Casinos/Gaming
Insurance
Food/Beverage/Tobacco
Central Government
Casinos/Gaming
Legal
Retail
Electronic/Electrical Equipment
Banking
Retail
Regional Law Enforcement
Insurance
Electricity
Telecommunications
Banking
Banking
Banking
Retail
Legal
Media
Insurance
Banking
Telecommunications
Automobiles/Parts
Retail
Oil/Gas
Telecommunications
Retail
Telecommunications
Banking
Aerospace/Defence
Banking
Healthcare Services
Aerospace/Defence
Insurance
Travel/Leisure/Hospitality
Casinos/Gaming
Electricity
Association
Legal
Casinos/Gaming
Travel/Leisure/Hospitality
Insurance
Banking
Telecommunications
Banking
Healthcare Services
Banking
Banking
Insurance
Banking
Banking


Venue

NH Collection Eurobuilding, Madrid

NH Collection

Location:
NH Collection Madrid Eurobuilding
Barrio Chamartín, Padre Damián, 23 
28036 Madrid
Spain 
Telephone: +34 91 3537300