Safeguarding the digital citizen, securing the metaverse

20th annual e-Crime & Cybersecurity Congress
2nd & 3rd March 2022 • Park Plaza Victoria, London


20 years ago, e-Crime was new, and cybersecurity embryonic. Today digital threats undermine everything from our hospitals and schools to our democracies. So, how can government, infrastructure providers and solution vendors do better to keep business, society and individuals safe?

 

Twenty years ago, a handful of far-sighted individuals in government, law enforcement and the private sector got together to launch the first e-Crime Congress. That year, Microsoft released Internet Explorer 6.0; Apple introduced macOS X 10.1, the iPod and Apple earbuds; and Bungie released the game Halo for the newly-launched Xbox gaming system.

More significantly for those watching the emerging world of digital threats, a new infection technique appeared: users no longer needed to download files – visiting an infected website was enough as bad actors replaced clean pages with infected ones or ‘hid’ malware on legitimate webpages. Instant messaging services also began to get attacked, and worms designed to propagate via IRC (Internet Chat
Relay) channel also arrived.

Cybersecurity was in its infancy. It was a niche, geeky, IT specialism. Companies, in general, paid it little attention. And not much changed for a number of years. Today, scarcely a day passes without news of a significant attack; single attacks are costing companies tens and even hundreds of million of dollars; politicians are raising cyberespionage at global summits and losses due to cybersecurity are
forecast to hit $10.5 trillion in 2025.

The regulators are on the case. Operational resilience in critical sectors of the economy is now a key focus. Data privacy legislation is well established. And fines for cyber-related misconduct are beginning to be imposed. Just recently, the U.S. Securities and Exchange Commission (SEC) signaled a significant change in how it thinks about what constitutes a threat to companies: It now considers cyber
vulnerabilities to be an existential business risk.

This was evident in fines levied against two companies over inadequate disclosures of cybersecurity issues — British publishing company Pearson PLC and First American Financial Corp. In mid-August, the SEC announced that Pearson had agreed to pay $1 million to settle charges that it misled investors following a 2018 breach and theft of millions of student records.

And in June, the SEC announced another settlement and $500,000 fine against real estate services company First American Financial for lack of disclosure controls following the discovery of a vulnerability in its system that exposed 800 million image files, including Social Security numbers and financial information. 

These fines signal a major shift, and one that could profoundly change the way companies think about cybersecurity threats, communicate internally about these threats, and disclose breaches.
 
And yet … 20 years later, the new head of the National Cyber Security Centre (NCSC), one descendant of those founding entities of the e-Crime Congress, has warned that cybersecurity still isn't taken as seriously as it should be. In her first speech since taking the helm of the UK cybersecurity agency, CEO Lindy Cameron said cybersecurity should be viewed with the same importance to CEOs as finance, legal or any other vital day-to-day part of the enterprise.

"The cybersecurity landscape we see now in the UK reflects huge progress and relative strength – but it is not a position we can be complacent about. Cybersecurity is still not taken as seriously as it should be, and simply is not embedded into the UK's boardroom thinking," said Cameron during a speech at Queen's University, Belfast.

"The pace of change is no excuse – in boardrooms, digital literacy is as nonnegotiable as financial or legal literacy. Our CEOs should be as close to their CISO as their finance director and general counsel.”

Law enforcement resourcing, and indeed the resourcing of cybersecurity in the public health, education and council systems is laughable. It’s time for government to put its money and power where its mouth is – and not just at the glamorous, GCHQ, offensive cyber, end of the spectrum. And the model needs to change elsewhere. With increased dependencies on a handful of large telco and IT providers,  governments need to grasp the nettle of regulating these providers too.

The fragmented and confusing security solutions market needs a shakeout: should a globally significant threat to public health and safety and business viability be left in the hands of hundreds of small start-ups almost all of which are no use to the SMEs who make up most of the economy?

And the NCSC and government need to take responsibility for the slow pace of cybersecurity literacy and effectiveness. The digital portfolio passes from minister to minister like an unwanted relay baton. Initiatives on fraud – the largest single crime area in the UK today – have been little short of farcical.
 
The next 20 years will be an increasingly asymmetric fight between a powerful, sophisticated and well-resourced set of attackers, and the rest of us. We now live in a hybrid metaverse, in which our digital lives, at work and at home, are as significant as the physical, and in which we require as much protection and regulation as in the physical world. Creating a safe digital space in which we can work, transact, and communicate securely, and which delivers critical components of public services, will require a completely different level of commitment to cybersecurity than that shown in the previous 20. And governments may need to take the lead to solve the most intractable problems of nation-state activity and dependency on unregulated BigTech monopolies.
 

The e-Crime & Cybersecurity Congress 20th Anniversary will look at how we all need a new kind of security. Join our real-life case studies and in-depth technical sessions from the security and privacy teams at some of the world’s most admired brands.

View details of the previous physical event here

  • From cybercrime to cyberwar

    • Blurred lines between cyber-spies, cybercriminals and cyber-armies have transformed the (in)security landscape
    • Nation-state exploits are now widely available
    • How can the various elements of government work better with private sector solution providers and endusers to build security that can cope with not-quite-nation-state?

  • From smart machines to smart cities - securing the IoT

    • How long will it be before every significant device and location is part of an ecosystem of sensors connected to public and private networks?
    • Driving apps tell insurers what premiums to charge. Packaging machines report their own breakdowns.
    • But are these devices visible on your network and how are you securing them?

  • Boosting bang for buck in law enforcement

    • Cybercrime, and particularly fraud, have overwhelmed global law enforcement.
    • It will not be possible simply to staff up to beat the hackers, smarter, data-driven, AI-driven solutions are needed.
    • So, what does a modern cyber police force need to keep pace?

  • Embracing risk management

    • Until cybersecurity is truly seen as risk management and not a whack-a-mole IT problem, the hackers will continue to evade outmoded control frameworks
    • Part of this is down to CISOs, part of it to Boards and part of it to solution providers
    • The banks have done it. When will the rest of business catch up?

  • Where’s the government when you need it?

    • Actions speak louder than words – especially if there aren’t many words.
    • Some governments have come late to the realization that they need to provide a much greater degree of protection for public services and citizens than they have done so far.
    • Yet this is easier said than done. What are the next steps?

  • The perimeter is dead - really

    • ZTNA and SASE may be tricky to implement; they may involve hard decisions about legacy tech 
    • But they are also one of the few ways to deal with the death of the perimeter and new challenges like software supply chain attacks
    • What do you need to know about implementation?

  • Reining in BigTech

    • Resilience and security increasingly come down to key dependencies outside the organization.
    • With on prem tech the past and Cloud and external IT the future, how do public and private sector organisations ensure security when they rely on vendors who are vulnerable but aloof and above leverage with even their biggest clients?
    • Time for governments to step in?

  • Getting real about automation, AI and the rest

    • The next 20 years will see an ecosystem of small single-issue vendors slim down to a far less complex set of larger platforms
    • These platforms will be able to invest in continuous development and offer to cover all or large chunks of organisations’ security needs
    • But will the winners in this evolution be those at today’s cutting edge?

  • Developing the next generation of security leaders

    • If cybersecurity is to change to meet the evolution of our digital world, then so must those who implement it.
    • CISOs cannot cling to an IT paradigm and companies must move away from hiring on false pretences (on budget and commitment) and firing at the first breach.
    • What does a next-gen CISO look like and are you one of them?

  • The rise and rise of effective cybersecurity regulation

    • Data privacy is only a small part of the picture.
    • Regulators are looking at operational resilience in key sectors like finance – securing the wholesale payments market is a priority and others will follow.
    • They are looking at disclosure and fining the miscreants. How to comply with new regimes?

  • All aboard the Cloud

    • Applications have become increasingly complex with users demanding more and more
    • They expect rapid responsiveness, innovative features, and zero downtime. Performance problems are no longer
    • acceptable. They'll easily move to your competitor.
    • Should you go Cloud Native?

  • Cyber versus crypto

    • Digital currencies are here to stay. Bitcoin and the rest may remain exotic assets, but central bank digital currencies look a certainty in the next 20 years
    • In any case, digital payments are already consigning cash and cards to the same history book in which cheques live on
    • What are the cyber implications of all this and who secures what?

Who attends

Job titles

CISO
PCI Security Manager
Group Head of IT Security
Detective Chief Superintendent
Global Security Officer
Global Information Security Officer
Head Of Cybersecurity Unit and Deputy Chief for Computer Crime
Head of Security, Risk and Compliance
Chief Privacy Officer / Data Protection Officer
CISO
Director, Compliance & Operational Risk
I.T. Director
DPO
Head of I.S., Projects & PMO
CIO
Head of IT Resilience
Global Security, Senior Special Agent
Head of Cyber Security Unit
Group DPO
Head of Information Security
Chief Information Security Officer
Group CISO
Detective Superintendent
Group Fraud & Investigations Manager
Director of Security Operations, Engineering & Administration
Head of Information Security
Group Global IT Security Manager
CISO and CPO
Head of Information Security
Head of Cyber Resilience
Head of Financial Crime & MLRO
Head of Security Architecture
Head of IT Governance
Global Information Security & PCI Compliance Manager
CISO
Head of IT Finance and Risk Management
Director of Global Security
CISO
Group IT Information Security Manager
Group Information Security Policy, Risk & Vendor Manager
Senior Information Security Manager
CISO
Group Head of IT Infrastructure and Cybersecurity Audit
Senior Technology Risk Manager
Group Head of Security Architecture & Risk
Chief Information Security & Technology Officer
Head of IT Infrastructure Change and Information Security
National eCrime Co-ordinator
Head of I.T. Security Operations
Head of Infrastructure
Group Data Protection Officer/CISO
Head of Information Technology
Head of Information Governance, Data Protection and Information Security
Group Information Security Manager
Head of Cyber Threat Intelligence
UK CISO & DPO
Global Head - Cyber, Information & Technology Risk Office
Head of IT Security
Global Information Security & Compliance Director
Director - Information Security Europe
CISO
Head of Information Security
Global Information Security Programme Manager
Global Information Security Manager
Director, Cyber Security Centre
Head of Technology & Cybersecurity Risk
Head of Fraud Management
CISO
CISO
CIO
Head of Digital Security & Risk
Group Head of Information Security
Head of Strategy and Partnerships, National Cyber Crime Unit
Group Privacy Officer
Group Head of Information Risk and Security
Global Security Manager
Global Head of Information Security
CIO Europe
CTO
VP, Global Security Strategy, Engineering and Architecture
Senior Fraud Manager
UK CISO
Head of Information Security
PCI Compliance & Risk Manager
Senior Special Agent - Global Security
Head of IT
CISO
Global Cyber Security Manager
CISO UK
DPO
Group Information Security Manager
Global Head of Security Architecture, Ops & Eng
Head of Cybercrime Intelligence
Group Head of Information Security
Chief Information Security Officer
Senior Information Security Manager
Head of Information Security
Global Business Continuity Manager
Director Global Information Security
Digital Security Manager
Head Fraud Investigation - Cyber Crime
Head of Information Security Risk Oversight
Head of IT
CISO
Vice President - Global Information Security
CISO
Chief Information Security Officer & Data Protection Officer
Head of Enterprise Risk
Head of Section, Cybercrime Unit
Head of International Information Security
Head of Information Security
Group Information Security Officer
National Information Security Officer
Chief Information Security Officer (CISO)
CIO
CISO/Head of Security Function
Regional Head of Information Security, Europe and UK
Head of Fraud & Special Investigations
CISO
CISO
CISO - EMEA
Head of Information Security Engagement
IT Director
Chief Information Security Officer
Fraud & Investigations Manager
CTO
CIO
Group CISO
Director, Head of I.T. Security & Risk Management Systems
Senior Manager, Cyber Security & Risk
CISO & Head of Cyber Security
Senior Vice President - Global Information Security
CISO
Group Head of Information Security
Global SOC Manager
CISO
Head Of IT Risk
Global Red Team Manager
Joint Cyber Center (JCC) Chief of Intelligence
Group Information Security Manager
Head of Security Monitoring
Head of Payment Security & Governance
IT Security & Compliance Manager
Global Fraud Risk Controller
Head of Cybercrime Department
CISO
Head of Enterprise Architecture & Cyber Security
Head of Information Security - EMEA
Head of Information Security
Head of I.T. Security & Technical Risk
Senior Information Security Risk Management
Head of Technology and Operational Risks
Director of Global Security Operations
Head of Cyber & Architecture Design
Principal Information Security Manager
CISO
CISO
Head of Risk – IT & Cybersecurity
Head of Cyber Security
Head of Information Security & Business Continuity
Head of Financial Crime Prevention Team
Head of Information Governance
Global Security & Investigations
Head of Innovation, Security and Privacy
CTO
Head of Technology and Cybersecurity Risk
Head of Information Security
CISO
CTO
Head of Information Security
Head of IS & DP
Global Director of I.T. Risk & Information Security
Global CISO
Director of Compliance
Head of Information Risk
Director of Information Systems
Head of Information Security
Global PCI Compliance
Head of Group Investigations & Financial Crime Officer
CIO

Companies

UK Home Office
U.S. Secret Service
American Express
Bupa Global
Swiss Federal Police
Linklaters LLP
Clifford Chance LLP
Three
GVC Holdings
Odeon Cinemas
Credit Suisse
Deutsche Bank Group
Zurich Insurance Group
Asda
Philips
Lloyds Banking Group
Hiscox
Financial Conduct Authority
Covéa Insurance
easyJet
M&G Prudential
Police Scotland
Ministry of Interior - Bulgaria
Apple
NEXT
William Hill
Government Digital Service
Royal & Sun Alliance Insurance Group
Airbus Group
Comic Relief
Sony
Transport for London
University of Derby
Metro Bank
Office Depot
Formula 1
Gemfields
National Trust
Direct Line Group
GSK
Natixis
Aviva
Travis Perkins
Ladbrokes Coral Group
MUFG - Mitsubishi UFJ Financial Group
Dutch National High Tech Crime Unit
Citigroup
Halfords
DLA Piper LLP
AmTrust International
TalkTalk
Dixons Carphone
Bank of America Merrill Lynch
Western Union
University of Liverpool
The Bank of Ireland
CBRE
Royal Mail
Charities Aid Foundation
National Crime Agency
NHS
Crown Prosecution Service
FBI
Telegraph Media Group
Australian Federal Police
Capita
InterContinental Hotels Group
Freshfields Bruckhaus Deringer LLP
Shop Direct
Allianz
Rothschild & Co
Matalan
Which?
Peabody Trust
BP
Pentland
National Cyber Security Centre
Swiss Re
Modern Times Group
Santander
PhotoBox
London North Eastern Railway
Maersk
Royal Thai Police - Technology Crime Suppression Division
University College London
DVLA
Cabinet Office
Boden
Ministry of Justice
UK Finance
Ashurst LLP
British Airways
Serious Fraud Office
Clyde & Co LLP
HSBC
JD Sports
Barclays
Heathrow
Barnardo's
Swedbank
Channel 4
HM Revenue & Customs
Waitrose
UK Ministry of Defence
Royal Bank of Scotland
Vodafone
Travelopia
Network Rail
European Commission
Anglo American
Lycamobile
VUE Entertainment
Co-operative Financial Services
American International Group
Metropolitan Police Service
AXA
Euromoney Institutional Investor
John Lewis Partnership
LUSH
Booking.com
U.S. Department of Justice
Selfridges
JP Morgan Chase
Vanquis Bank
Munich Re
Pearson
Old Mutual Wealth
Sparebank 1
United Nations Office on Drugs and Crime
BNP Paribas
Legal & General
Arsenal FC
ITV
Fieldfisher LLP
Société Générale
Sainsbury's
DKB
Mizuho
LV= Liverpool Victoria
University of Cambridge
Post Office
Standard Chartered Bank
DHL
Schroders
DPDgroup
Pinsent Masons LLP
Ocado
Tullow Oil
Man Group
Morgan Stanley
Arriva
Greggs
Liberty Global
Domino's Pizza
UCAS
Department for Digital & Culture & Media & Sport (DCMS)
Whitbread
Hastings Direct
Marks & Spencer
National Security Agency
Carpetright
Travelers Insurance
Bank of England
Virgin Media
Waterstones
DWP
Uber
Allen & Overy LLP
Fidelity International
ticketmaster
UBS
giffgaff
German Federal Criminal Police Office
Dropbox
Canada Life
Cancer Research UK
Carnival
Chubb
State Street Corporation
TSB Bank

Industries

Banking
Industrial Engineering
Industrial Engineering
Oil/Gas
Telecommunications
Banking
Banking
Banking
Media
Retail
Oil/Gas
Retail
National Law Enforcement
Banking
National Law Enforcement
Telecommunications
Retail
Electronic/Electrical Equipment
Insurance
Central Government
Banking
Healthcare
National Law Enforcement
Travel/Leisure/Hospitality
Media
Banking
Aerospace/Defence
Media
Insurance
Banking
Casinos/Gaming
Banking
Mining/Metals
Banking
Retail
Electronic/Electrical Equipment
Banking
Food/Beverage/Tobacco
Banking
Insurance
Banking
Household/Personal Products
Retail
Retail
Retail
Legal
Media
Banking
Charity
Casinos/Gaming
Software
Retail
Media
Retail
Banking
Automobiles/Parts
Banking
Banking
Central Government
Insurance
Central Government
Oil/Gas
Banking
Banking
Banking
Insurance
Banking
Media
Central Government
Retail
Media
Central Government
Healthcare Services
Banking
Food/Beverage/Tobacco
Insurance
Transportation/Shipping
Retail
National CERT
Transportation/Shipping
Legal
Insurance
Banking
Education
Banking
Retail
Transportation/Shipping
Charity
Banking
National Law Enforcement
Industrial Engineering
Industrial Engineering
Regional Law Enforcement
Transportation/Shipping
Transportation/Shipping
Telecommunications
Media
Transportation/Shipping
Banking


Venue

Park Plaza Victoria, London

vpp

Location:
Park Plaza Victoria
239 Vauxhall Bridge Road, London, UK, SW1V 1EQ
Telephone: 0844 415 6752
 

Directions:
Please click here

Attendee Safety:
AKJ Associates takes the safety of its event attendees very seriously. A number of measures and precautions are now in place at our in-person events in response to Covid-19.

Although subject to change, these measures for this event currently include:

  • The venue will be fully cleaned ahead of the event
  • Touch points and bathrooms will be sanitised and cleaned throughout the day
  • Venue staff will wear masks and gloves
  • Sanitiser will be provided throughout the venue
  • Hand washing facilities are available in all conference areas
  • Air circulation and air quality measures will be in place
  • Strict safety measures will be adhered to when serving food
  • The layout of the event will be adapted and spaced out where possible
  • Registration will be open for a full hour to provide flexibility with arrival time.

Guidance for attendees:

  • You will be asked to sanitise your hands upon arrival
  • Masks will be available should attendees wish to wear them
  • Please do not attend if you have Covid-19 symptoms at the time of the event
  • Please do not attend if you have tested positive for Covid-19 at the time of the event
  • Please follow relevant government guidance including for self-isolation and travel
  • Please show your fellow attendees kindness as they might have a different comfort level to you.

If you have any specific questions about Covid-19 safety at this event then please do not hesitate to contact a member of the AKJ Associates team.