Security in the Age of Disorder

19th annual e-Crime & Cybersecurity Congress
2nd & 3rd March 2021 • Online


New security models for a new era: government, business, work and play have changed, so must security
 

 

We are at a decisive moment. The era in which most of us have spent our adult lives, an era of globalisation, is coming to an end.

It is not being ended by COVID-19: its central assumptions have been fraying for the past decade. But overwhelming technological change, and its acceleration by the pandemic, has hastened the end. The workplace, shopping, banking, personal communications, dating, politics - there's no part of our lives, personal or professional, that is not being upended by the virtual world.

These disruptions that we're seeing presage at least a temporary Age of Disorder, in which old certainties crumble and new ones take their place. And nowhere are the effects of this more obvious than in cybersecurity.

Out of the comfort zone, into the fire

Even pre-pandemic, more than two billion of us are spending over 25% of our online time on social networks. Phishing attacks and scams on these platforms are on the rise, and the platforms themselves offer only minimal controls to prevent the further propagation of account takeover - and this activity is invisible to the enterprise.

Post-COVID, with remote working common, this is an enormous problem.

The broad adoption of collaboration, chat and social channels - such as Skype, Zoom, WhatsApp and LinkedIn - as critical work tools has increased the attack surface and weakened controls. These channels are rapidly outpacing email as the communications tool of choice, and they are even less secure than email, which is itself still the key vector for social engineering and credential theft.

Most security teams have no existing tools in their arsenal to extend their visibility into this realm, particularly when these accounts are personal rather than company-owned - and attempts to do so raise questions about privacy and surveillance.

And governments and businesses are finally having to walk the walk on digitalisation.

When a pizza company takes all its orders via app, DDoS attacks become its top threat. When schools teach lessons online, but local authorities are quibbling over the additional costs of an E5 license for O365, children are put at risk. When the national power grid can't get budget to secure NT/4 boxes in physically insecure sub-stations, CNI is vulnerable. When hospitals can't treat patients because of ransomware, people die.

Digitalisation and the IoT are concrete developments with real impacts  - and security needs to respond.

Will BigTech help to secure the citizen?

In the public sector, accountability to the public and to corporations will force governments to do a better job. Cyberspace is not a target in itself - it's a medium. And that medium connects, in every direction, to the machinery of civilisation itself.

That machinery is critical national infrastructure. It's the medium through which populations access information, goods and services; it's the basis upon which businesses now operate in a digital world; with the Internet of Things, it's a parallel world that lacks almost all the safeguards we expect the state to provide in the 'real' world.

Cyberspace needs the investment in laws, police and paramedics that the physical world has. Citizens and businesses demand a better service.

In the private sector, boards are being held to account for cybersecurity by key stakeholders and the regulators. They will in turn make others accountable to them. But who? Is this the moment the CISO rises in prominence, or will the real responsibility fall to others?

Ultimately, the answer depends on who can give boards answers to business problems, not just IT problems.

Will risk managers, business units and CISOs - and the insurance industry - be able to give them an idea of potential losses and predictive data on breaches and their impact? How will CISOs satisfy senior management's needs for evidence of cybersecurity? Who will present this to investors and regulators?

 

The e-Crime & Cybersecurity Congress will take place online and will look at how the fabric of cybersecurity regulation, governance and enforcement must change, as well as the latest technologies, strategies and architectures that can keep society and business safe. As digitalisation goes critical, is this finally the moment at which traditional cybersecurity management has to change?

  • Cybersecurity for business resilience

    • Forced, rapid digitalisation has revealed the fragmented nature of many security programmes
    • Protecting the business while enabling innovation and flexibility requires new models and approaches for cyber
    • Are automation and orchestration the answer?
  • Securing the workplace revolution

    • Lockdowns and the extremes of WFH will end, but the cost, productivity, work-life balance and carbon benefits of remote working mean it's here to stay.
    • As flexible working becomes the norm, new hardware, software and processes will need to be implemented across all areas of the business.
    • Many initial measures put in place were intended as a short-term stopgap. What new long-term security measures are required by a permanent change to working patterns?
  • Strengthening identity and access management

    • IDAM is still the Achilles heel of many organisations
    • Remote working has thrown a spotlight on IDAM policies and the technologies that can help overstretched cybersecurity professionals tighten up
    • What have we learned from the past few months? Have any solutions or strategies proved their superiority?
  • Securing the customer - are your websites up to it?

    • The immediate need to move to online business channels creates a host of security and monitoring challenges
    • Are existing websites scalable to securely meet additional customer demands?
    • Do you rely too heavily on a single supplier? And what about the recent security changes to browsers such as Chrome which impact existing websites?
  • Building in security: easier said than done?

    • As businesses ramp up their digital business models, it's critical that they build security in from the beginning
    • But given the speed at which businesses are having to transform, that's a big ask. Even pre-coronavirus, security teams often found it hard to gain leverage over the business
    • How can cybersecurity teams ensure digital transformation and innovation are done securely?
    • Is this a CIO vs CISO battle?
  • What to do about ransomware?

    • Ransomware has come a long way from 'spray and pray' phishing emails and website popups
    • What are the focused, sophisticated methods organised criminals are now using to get a better ROI for their efforts?
    • How should CISOs respond? Is the answer better security - or just better backup and recovery solutions?
  • Securing the citizen

    • The COVID era demands unprecendented levels of citizen engagement
    • The systems required to provide safety create a huge data security and privacy challenge for both governments and employers
    • Are compromises inevitable? How can this critical data best be kept safe?
  • Performing critical security tasks remotely - how can CISOs regain control?

    • Employees for whom long-term, secure remote working processes hadn't been set up in advance will not just be outside centrally controlled endpoint protection processes, they'll be beyond any patching and update processes.
    • Many security tools depend on being on the local network. How can security teams manage the basics remotely?
    • Will remediation and reimaging capabilities work as intended in a remote environment? What updates are needed to incident response playbooks?
    • Most organisations have 'abandoned' their existing office environments - including all the devices within them. These need to be monitored and protected too. Can it be done remotely?
  • Stuck in the Cloud

    • Most companies have been forced to rely on Cloud-based apps and storage
    • So, they need visibility and controls, they need logs from providers to review for unauthorised access and data exfiltration, and they need to limit unauthorised access and services.
    • And what do their Cloud contracts say about force majeure?
  • Securing digital currencies

    • The move towards cashless payment methods during the crisis has been extreme, and looks like it may be irreversible
    • Many more governments are now looking at developing their own digital currencies
    • How do we go about securing a world in which most - perhaps all - payments are digital?

Who attends

Job titles

CISO
PCI Security Manager
Group Head of IT Security
Detective Chief Superintendent
Global Security Officer
Global Information Security Officer
Head Of Cybersecurity Unit and Deputy Chief for Computer Crime
Head of Security, Risk and Compliance
Chief Privacy Officer / Data Protection Officer
CISO
Director, Compliance & Operational Risk
I.T. Director
DPO
Head of I.S., Projects & PMO
CIO
Head of IT Resilience
Global Security, Senior Special Agent
Head of Cyber Security Unit
Group DPO
Head of Information Security
Chief Information Security Officer
Group CISO
Detective Superintendent
Group Fraud & Investigations Manager
Director of Security Operations, Engineering & Administration
Head of Information Security
Group Global IT Security Manager
CISO and CPO
Head of Information Security
Head of Cyber Resilience
Head of Financial Crime & MLRO
Head of Security Architecture
Head of IT Governance
Global Information Security & PCI Compliance Manager
CISO
Head of IT Finance and Risk Management
Director of Global Security
CISO
Group IT Information Security Manager
Group Information Security Policy, Risk & Vendor Manager
Senior Information Security Manager
CISO
Group Head of IT Infrastructure and Cybersecurity Audit
Senior Technology Risk Manager
Group Head of Security Architecture & Risk
Chief Information Security & Technology Officer
Head of IT Infrastructure Change and Information Security
National eCrime Co-ordinator
Head of I.T. Security Operations
Head of Infrastructure
Group Data Protection Officer/CISO
Head of Information Technology
Head of Information Governance, Data Protection and Information Security
Group Information Security Manager
Head of Cyber Threat Intelligence
UK CISO & DPO
Global Head - Cyber, Information & Technology Risk Office
Head of IT Security
Global Information Security & Compliance Director
Director - Information Security Europe
CISO
Head of Information Security
Global Information Security Programme Manager
Global Information Security Manager
Director, Cyber Security Centre
Head of Technology & Cybersecurity Risk
Head of Fraud Management
CISO
CISO
CIO
Head of Digital Security & Risk
Group Head of Information Security
Head of Strategy and Partnerships, National Cyber Crime Unit
Group Privacy Officer
Group Head of Information Risk and Security
Global Security Manager
Global Head of Information Security
CIO Europe
CTO
VP, Global Security Strategy, Engineering and Architecture
Senior Fraud Manager
UK CISO
Head of Information Security
PCI Compliance & Risk Manager
Senior Special Agent - Global Security
Head of IT
CISO
Global Cyber Security Manager
CISO UK
DPO
Group Information Security Manager
Global Head of Security Architecture, Ops & Eng
Head of Cybercrime Intelligence
Group Head of Information Security
Chief Information Security Officer
Senior Information Security Manager
Head of Information Security
Global Business Continuity Manager
Director Global Information Security
Digital Security Manager
Head Fraud Investigation - Cyber Crime
Head of Information Security Risk Oversight
Head of IT
CISO
Vice President - Global Information Security
CISO
Chief Information Security Officer & Data Protection Officer
Head of Enterprise Risk
Head of Section, Cybercrime Unit
Head of International Information Security
Head of Information Security
Group Information Security Officer
National Information Security Officer
Chief Information Security Officer (CISO)
CIO
CISO/Head of Security Function
Regional Head of Information Security, Europe and UK
Head of Fraud & Special Investigations
CISO
CISO
CISO - EMEA
Head of Information Security Engagement
IT Director
Chief Information Security Officer
Fraud & Investigations Manager
CTO
CIO
Group CISO
Director, Head of I.T. Security & Risk Management Systems
Senior Manager, Cyber Security & Risk
CISO & Head of Cyber Security
Senior Vice President - Global Information Security
CISO
Group Head of Information Security
Global SOC Manager
CISO
Head Of IT Risk
Global Red Team Manager
Joint Cyber Center (JCC) Chief of Intelligence
Group Information Security Manager
Head of Security Monitoring
Head of Payment Security & Governance
IT Security & Compliance Manager
Global Fraud Risk Controller
Head of Cybercrime Department
CISO
Head of Enterprise Architecture & Cyber Security
Head of Information Security - EMEA
Head of Information Security
Head of I.T. Security & Technical Risk
Senior Information Security Risk Management
Head of Technology and Operational Risks
Director of Global Security Operations
Head of Cyber & Architecture Design
Principal Information Security Manager
CISO
CISO
Head of Risk – IT & Cybersecurity
Head of Cyber Security
Head of Information Security & Business Continuity
Head of Financial Crime Prevention Team
Head of Information Governance
Global Security & Investigations
Head of Innovation, Security and Privacy
CTO
Head of Technology and Cybersecurity Risk
Head of Information Security
CISO
CTO
Head of Information Security
Head of IS & DP
Global Director of I.T. Risk & Information Security
Global CISO
Director of Compliance
Head of Information Risk
Director of Information Systems
Head of Information Security
Global PCI Compliance
Head of Group Investigations & Financial Crime Officer
CIO

Companies

UK Home Office
U.S. Secret Service
American Express
Bupa Global
Swiss Federal Police
Linklaters LLP
Clifford Chance LLP
Three
GVC Holdings
Odeon Cinemas
Credit Suisse
Deutsche Bank Group
Zurich Insurance Group
Asda
Philips
Lloyds Banking Group
Hiscox
Financial Conduct Authority
Covéa Insurance
easyJet
M&G Prudential
Police Scotland
Ministry of Interior - Bulgaria
Apple
NEXT
William Hill
Government Digital Service
Royal & Sun Alliance Insurance Group
Airbus Group
Comic Relief
Sony
Transport for London
University of Derby
Metro Bank
Office Depot
Formula 1
Gemfields
National Trust
Direct Line Group
GSK
Natixis
Aviva
Travis Perkins
Ladbrokes Coral Group
MUFG - Mitsubishi UFJ Financial Group
Dutch National High Tech Crime Unit
Citigroup
Halfords
DLA Piper LLP
AmTrust International
TalkTalk
Dixons Carphone
Bank of America Merrill Lynch
Western Union
University of Liverpool
The Bank of Ireland
CBRE
Royal Mail
Charities Aid Foundation
National Crime Agency
NHS
Crown Prosecution Service
FBI
Telegraph Media Group
Australian Federal Police
Capita
InterContinental Hotels Group
Freshfields Bruckhaus Deringer LLP
Shop Direct
Allianz
Rothschild & Co
Matalan
Which?
Peabody Trust
BP
Pentland
National Cyber Security Centre
Swiss Re
Modern Times Group
Santander
PhotoBox
London North Eastern Railway
Maersk
Royal Thai Police - Technology Crime Suppression Division
University College London
DVLA
Cabinet Office
Boden
Ministry of Justice
UK Finance
Ashurst LLP
British Airways
Serious Fraud Office
Clyde & Co LLP
HSBC
JD Sports
Barclays
Heathrow
Barnardo's
Swedbank
Channel 4
HM Revenue & Customs
Waitrose
UK Ministry of Defence
Royal Bank of Scotland
Vodafone
Travelopia
Network Rail
European Commission
Anglo American
Lycamobile
VUE Entertainment
Co-operative Financial Services
American International Group
Metropolitan Police Service
AXA
Euromoney Institutional Investor
John Lewis Partnership
LUSH
Booking.com
U.S. Department of Justice
Selfridges
JP Morgan Chase
Vanquis Bank
Munich Re
Pearson
Old Mutual Wealth
Sparebank 1
United Nations Office on Drugs and Crime
BNP Paribas
Legal & General
Arsenal FC
ITV
Fieldfisher LLP
Société Générale
Sainsbury's
DKB
Mizuho
LV= Liverpool Victoria
University of Cambridge
Post Office
Standard Chartered Bank
DHL
Schroders
DPDgroup
Pinsent Masons LLP
Ocado
Tullow Oil
Man Group
Morgan Stanley
Arriva
Greggs
Liberty Global
Domino's Pizza
UCAS
Department for Digital & Culture & Media & Sport (DCMS)
Whitbread
Hastings Direct
Marks & Spencer
National Security Agency
Carpetright
Travelers Insurance
Bank of England
Virgin Media
Waterstones
DWP
Uber
Allen & Overy LLP
Fidelity International
ticketmaster
UBS
giffgaff
German Federal Criminal Police Office
Dropbox
Canada Life
Cancer Research UK
Carnival
Chubb
State Street Corporation
TSB Bank

Industries

Banking
Industrial Engineering
Industrial Engineering
Oil/Gas
Telecommunications
Banking
Banking
Banking
Media
Retail
Oil/Gas
Retail
National Law Enforcement
Banking
National Law Enforcement
Telecommunications
Retail
Electronic/Electrical Equipment
Insurance
Central Government
Banking
Healthcare
National Law Enforcement
Travel/Leisure/Hospitality
Media
Banking
Aerospace/Defence
Media
Insurance
Banking
Casinos/Gaming
Banking
Mining/Metals
Banking
Retail
Electronic/Electrical Equipment
Banking
Food/Beverage/Tobacco
Banking
Insurance
Banking
Household/Personal Products
Retail
Retail
Retail
Legal
Media
Banking
Charity
Casinos/Gaming
Software
Retail
Media
Retail
Banking
Automobiles/Parts
Banking
Banking
Central Government
Insurance
Central Government
Oil/Gas
Banking
Banking
Banking
Insurance
Banking
Media
Central Government
Retail
Media
Central Government
Healthcare Services
Banking
Food/Beverage/Tobacco
Insurance
Transportation/Shipping
Retail
National CERT
Transportation/Shipping
Legal
Insurance
Banking
Education
Banking
Retail
Transportation/Shipping
Charity
Banking
National Law Enforcement
Industrial Engineering
Industrial Engineering
Regional Law Enforcement
Transportation/Shipping
Transportation/Shipping
Telecommunications
Media
Transportation/Shipping
Banking