From data protection to security – the implications of a new era

21st Annual e-Crime & Cybersecurity Congress

1st & 2nd March 2023 • Park Plaza Victoria, London, UK

 

As cyberspace becomes the arena for a new cold war, does cybersecurity practice need to change?

 

Too much focus on PID protection, not enough on cybersecurity?

Not that long ago cybersecurity was the art and science of stopping economically motivated actors exploiting vulnerabilities in traditional IT networks to commit a fairly narrow range of frauds, disruptions and data thefts. It was the counterpoint to cybercrime, which was seen as being carried out almost exclusively by non-state actors. Yes, some nation-states used cybercrime to make money and yes, governments’ use of cyberattacks for economic and political espionage is not new.

However, it’s become increasingly clear that a new global cyberwar has started that looks very much like the cold war of the 1950s to 1980s. As one commentator puts it, instead of stockpiles of nuclear weapons, “the threat of cyberwar, by contrast, has more to do with a global stockpile of vulnerabilities, amassed by accident as a by-product of continued innovations in connectivity. In the end, the sensation is the same: a foreboding feeling of pervasive, imminent risk. Cyberwar is real.”

So how does a cyber-cold war create a different set of risks for individual organisations? Does the potential for huge rises in the scale and sophistication of attacks, and the likelihood that infrastructure disruption and destruction will become more prevalent, objectively change the security calculus? One answer is that it will force firms to stop focusing narrowly on GDPR and think strategically about real security: as Mario Greco, chief executive at insurer Zurich says, focusing on the privacy risk to individuals is missing the bigger picture: “First off, there must be a perception that this is not just data . . . this is about civilisation. These people can severely disrupt our lives.”

 

The struggle to value cybersecurity

It’s hard to argue that cyberrisk is not rising. And most security professionals seem to agree that in some ill-defined way, it is.
 
  • 51% of CISOs/CIOs, believe that businesses will need a specific strategy in place to protect against cyberwarfare in the next 12-18 months.
  • The C-suite is increasingly concerned about loss of IP and R&D secrets, revenues and operational resilience.
  • Governments are concerned about the potential for attacks on CNI and also for exploitation of poorly-understood linkages in financial systems, energy infrastructure and supply chains.
 
So surely the value of good cybersecurity, and of the professionals who implement it, is rising too? That’s not so easy to prove.
 
For a start, not everyone believes the new threats mean a new strategy is need. One piece of research showed that while 71% of CIOs and CISOs in a sample of almost 7,000 cybersecurity professionals believe cyberwarfare is a threat to their organization, 27% still admit to not having a strategy in place to mitigate this risk.
 
On the other hand, insurance premiums continue to spiral up as insurers get more data on how frequent attacks have become and how much damage they cause. Indeed, Zurich’s Greco says that cyberattacks will become uninsurable, particularly those involving state actors (Lloyds of London just announced an exemption for state attacks too). That struggle to assess the right premium level.
 
But generally, it has not got any easier to properly quantify cyberrisk at the firm level. So, Boards, while they put cyber at the top of their risk priorities, still do not put their money where their poll responses are.
 

This year’s e-Crime & Cybersecurity Congress will look at how we all need a new kind of security. Join our real-life case studies and in-depth technical sessions from the security and privacy teams at some of the world’s most admired brands.

  • Where’s the government when you need it?

    • Actions speak louder than words – especially if there aren’t many words.
    • Some governments have come late to the realization that they need to provide a much greater degree of protection for public services and citizens than they have done so far.
    • Yet this is easier said than done. What are the next steps?

  • Public-private partnership

    • Blurred lines between cyber-spies, cybercriminals and cyber-armies have transformed the (in)security landscape.
    • Nation-state exploits are widely available.
    • How can the various elements of government work better with private sector solution providers and end-users to build security that can cope with not-quite-nation-state?

  • The rise and rise of effective cybersecurity regulation

    • Data privacy is only a small part of the picture.
    • Regulators are looking at operational resilience in key sectors like finance – securing the wholesale payments market is a priority and others will follow.
    • They are looking at disclosure and fining the miscreants. How to comply with new regimes?

  • Reining in BigTech

    • Resilience and security increasingly come down to key dependencies outside the organization.
    • With on prem tech the past and Cloud and external IT the future, how do public and private sector organisations ensure security when they rely on vendors who are vulnerable but above leverage with even their biggest clients?
    • Time for governments to step in?

  • Boosting bang for buck in law enforcement

    • Cybercrime, and particularly fraud, have overwhelmed global law enforcement.
    • It will not be possible simply to staff up to beat the hackers, smarter, data-driven, AI-driven solutions are needed.
    • So, what does a modern cyber police force need to keep pace?

  • Cyber versus crypto

    • Digital currencies are here to stay. Bitcoin and the rest may remain exotic assets, but central bank digital currencies look a certainty in the next 20 years
    • In any case, digital payments are already consigning cash and cards to the same history book in which cheques live on
    • What are the cyber implications of all this and who secures what?

  • Developing the next generation of security leaders

    • If cybersecurity is to change to meet the evolution of our digital world, then so must those who implement it.
    • CISOs cannot cling to an IT paradigm and companies must move away from hiring on false pretences (on budget and commitment) and firing at the first breach.
    • What does a next-gen CISO look like and are you one of them?

  • The perimeter is dead - that is not just hype

    • ZTNA and SASE may be tricky to implement; they may involve hard decisions about legacy tech 
    • But they are also one of the few ways to deal with the death of the perimeter and new challenges like software supply chain attacks
    • What do you need to know about implementation?

  • From smart machines to smart cities - securing the IoT

    • How long will it be before every significant device and location is part of an ecosystem of sensors connected to public and private networks?
    • Driving apps tell insurers what premiums to charge. Packaging machines report their own breakdowns. 
    • But are these devices visible on your network and how are you securing them?

  • Cloud incident response

    • Recent Cloud outtages have not simply disrupted low-level infrastructure, they have disabled cybersecurity solutions and sometimes shut down corporate access to critical network assets.
    • As well as managing Cloud security, CISOs need good Cloud incident response. How are they going about it?

  • Mapping resources and controls to material business risks

    • How can CISOs understand which threats represent real business risks?
    • It’s easy to say ‘talk to the business’ – but how does that conversation work?
    • If it does then CISOs can create a framework for prioritizing security, resilience, incident response and BCP spend. 
    • So, what does this look like in practice?

  • Embracing risk management

    • Until cybersecurity is truly seen as risk management and not a whack-a-mole IT problem, the hackers will continue to evade outmoded control frameworks
    • Part of this is down to CISOs, part of it to Boards and part of it to solution providers
    • The banks have done it. When will the rest of business catch up?

Who attends

Job titles

CISO
PCI Security Manager
Group Head of IT Security
Detective Chief Superintendent
Global Security Officer
Global Information Security Officer
Head Of Cybersecurity Unit and Deputy Chief for Computer Crime
Head of Security, Risk and Compliance
Chief Privacy Officer / Data Protection Officer
CISO
Director, Compliance & Operational Risk
I.T. Director
DPO
Head of I.S., Projects & PMO
CIO
Head of IT Resilience
Global Security, Senior Special Agent
Head of Cyber Security Unit
Group DPO
Head of Information Security
Chief Information Security Officer
Group CISO
Detective Superintendent
Group Fraud & Investigations Manager
Director of Security Operations, Engineering & Administration
Head of Information Security
Group Global IT Security Manager
CISO and CPO
Head of Information Security
Head of Cyber Resilience
Head of Financial Crime & MLRO
Head of Security Architecture
Head of IT Governance
Global Information Security & PCI Compliance Manager
CISO
Head of IT Finance and Risk Management
Director of Global Security
CISO
Group IT Information Security Manager
Group Information Security Policy, Risk & Vendor Manager
Senior Information Security Manager
CISO
Group Head of IT Infrastructure and Cybersecurity Audit
Senior Technology Risk Manager
Group Head of Security Architecture & Risk
Chief Information Security & Technology Officer
Head of IT Infrastructure Change and Information Security
National eCrime Co-ordinator
Head of I.T. Security Operations
Head of Infrastructure
Group Data Protection Officer/CISO
Head of Information Technology
Head of Information Governance, Data Protection and Information Security
Group Information Security Manager
Head of Cyber Threat Intelligence
UK CISO & DPO
Global Head - Cyber, Information & Technology Risk Office
Head of IT Security
Global Information Security & Compliance Director
Director - Information Security Europe
CISO
Head of Information Security
Global Information Security Programme Manager
Global Information Security Manager
Director, Cyber Security Centre
Head of Technology & Cybersecurity Risk
Head of Fraud Management
CISO
CISO
CIO
Head of Digital Security & Risk
Group Head of Information Security
Head of Strategy and Partnerships, National Cyber Crime Unit
Group Privacy Officer
Group Head of Information Risk and Security
Global Security Manager
Global Head of Information Security
CIO Europe
CTO
VP, Global Security Strategy, Engineering and Architecture
Senior Fraud Manager
UK CISO
Head of Information Security
PCI Compliance & Risk Manager
Senior Special Agent - Global Security
Head of IT
CISO
Global Cyber Security Manager
CISO UK
DPO
Group Information Security Manager
Global Head of Security Architecture, Ops & Eng
Head of Cybercrime Intelligence
Group Head of Information Security
Chief Information Security Officer
Senior Information Security Manager
Head of Information Security
Global Business Continuity Manager
Director Global Information Security
Digital Security Manager
Head Fraud Investigation - Cyber Crime
Head of Information Security Risk Oversight
Head of IT
CISO
Vice President - Global Information Security
CISO
Chief Information Security Officer & Data Protection Officer
Head of Enterprise Risk
Head of Section, Cybercrime Unit
Head of International Information Security
Head of Information Security
Group Information Security Officer
National Information Security Officer
Chief Information Security Officer (CISO)
CIO
CISO/Head of Security Function
Regional Head of Information Security, Europe and UK
Head of Fraud & Special Investigations
CISO
CISO
CISO - EMEA
Head of Information Security Engagement
IT Director
Chief Information Security Officer
Fraud & Investigations Manager
CTO
CIO
Group CISO
Director, Head of I.T. Security & Risk Management Systems
Senior Manager, Cyber Security & Risk
CISO & Head of Cyber Security
Senior Vice President - Global Information Security
CISO
Group Head of Information Security
Global SOC Manager
CISO
Head Of IT Risk
Global Red Team Manager
Joint Cyber Center (JCC) Chief of Intelligence
Group Information Security Manager
Head of Security Monitoring
Head of Payment Security & Governance
IT Security & Compliance Manager
Global Fraud Risk Controller
Head of Cybercrime Department
CISO
Head of Enterprise Architecture & Cyber Security
Head of Information Security - EMEA
Head of Information Security
Head of I.T. Security & Technical Risk
Senior Information Security Risk Management
Head of Technology and Operational Risks
Director of Global Security Operations
Head of Cyber & Architecture Design
Principal Information Security Manager
CISO
CISO
Head of Risk – IT & Cybersecurity
Head of Cyber Security
Head of Information Security & Business Continuity
Head of Financial Crime Prevention Team
Head of Information Governance
Global Security & Investigations
Head of Innovation, Security and Privacy
CTO
Head of Technology and Cybersecurity Risk
Head of Information Security
CISO
CTO
Head of Information Security
Head of IS & DP
Global Director of I.T. Risk & Information Security
Global CISO
Director of Compliance
Head of Information Risk
Director of Information Systems
Head of Information Security
Global PCI Compliance
Head of Group Investigations & Financial Crime Officer
CIO

Companies

UK Home Office
U.S. Secret Service
American Express
Bupa Global
Swiss Federal Police
Linklaters LLP
Clifford Chance LLP
Three
GVC Holdings
Odeon Cinemas
Credit Suisse
Deutsche Bank Group
Zurich Insurance Group
Asda
Philips
Lloyds Banking Group
Hiscox
Financial Conduct Authority
Covéa Insurance
easyJet
M&G Prudential
Police Scotland
Ministry of Interior - Bulgaria
Apple
NEXT
William Hill
Government Digital Service
Royal & Sun Alliance Insurance Group
Airbus Group
Comic Relief
Sony
Transport for London
University of Derby
Metro Bank
Office Depot
Formula 1
Gemfields
National Trust
Direct Line Group
GSK
Natixis
Aviva
Travis Perkins
Ladbrokes Coral Group
MUFG - Mitsubishi UFJ Financial Group
Dutch National High Tech Crime Unit
Citigroup
Halfords
DLA Piper LLP
AmTrust International
TalkTalk
Dixons Carphone
Bank of America Merrill Lynch
Western Union
University of Liverpool
The Bank of Ireland
CBRE
Royal Mail
Charities Aid Foundation
National Crime Agency
NHS
Crown Prosecution Service
FBI
Telegraph Media Group
Australian Federal Police
Capita
InterContinental Hotels Group
Freshfields Bruckhaus Deringer LLP
Shop Direct
Allianz
Rothschild & Co
Matalan
Which?
Peabody Trust
BP
Pentland
National Cyber Security Centre
Swiss Re
Modern Times Group
Santander
PhotoBox
London North Eastern Railway
Maersk
Royal Thai Police - Technology Crime Suppression Division
University College London
DVLA
Cabinet Office
Boden
Ministry of Justice
UK Finance
Ashurst LLP
British Airways
Serious Fraud Office
Clyde & Co LLP
HSBC
JD Sports
Barclays
Heathrow
Barnardo's
Swedbank
Channel 4
HM Revenue & Customs
Waitrose
UK Ministry of Defence
Royal Bank of Scotland
Vodafone
Travelopia
Network Rail
European Commission
Anglo American
Lycamobile
VUE Entertainment
Co-operative Financial Services
American International Group
Metropolitan Police Service
AXA
Euromoney Institutional Investor
John Lewis Partnership
LUSH
Booking.com
U.S. Department of Justice
Selfridges
JP Morgan Chase
Vanquis Bank
Munich Re
Pearson
Old Mutual Wealth
Sparebank 1
United Nations Office on Drugs and Crime
BNP Paribas
Legal & General
Arsenal FC
ITV
Fieldfisher LLP
Société Générale
Sainsbury's
DKB
Mizuho
LV= Liverpool Victoria
University of Cambridge
Post Office
Standard Chartered Bank
DHL
Schroders
DPDgroup
Pinsent Masons LLP
Ocado
Tullow Oil
Man Group
Morgan Stanley
Arriva
Greggs
Liberty Global
Domino's Pizza
UCAS
Department for Digital & Culture & Media & Sport (DCMS)
Whitbread
Hastings Direct
Marks & Spencer
National Security Agency
Carpetright
Travelers Insurance
Bank of England
Virgin Media
Waterstones
DWP
Uber
Allen & Overy LLP
Fidelity International
ticketmaster
UBS
giffgaff
German Federal Criminal Police Office
Dropbox
Canada Life
Cancer Research UK
Carnival
Chubb
State Street Corporation
TSB Bank

Industries

Banking
Industrial Engineering
Industrial Engineering
Oil/Gas
Telecommunications
Banking
Banking
Banking
Media
Retail
Oil/Gas
Retail
National Law Enforcement
Banking
National Law Enforcement
Telecommunications
Retail
Electronic/Electrical Equipment
Insurance
Central Government
Banking
Healthcare
National Law Enforcement
Travel/Leisure/Hospitality
Media
Banking
Aerospace/Defence
Media
Insurance
Banking
Casinos/Gaming
Banking
Mining/Metals
Banking
Retail
Electronic/Electrical Equipment
Banking
Food/Beverage/Tobacco
Banking
Insurance
Banking
Household/Personal Products
Retail
Retail
Retail
Legal
Media
Banking
Charity
Casinos/Gaming
Software
Retail
Media
Retail
Banking
Automobiles/Parts
Banking
Banking
Central Government
Insurance
Central Government
Oil/Gas
Banking
Banking
Banking
Insurance
Banking
Media
Central Government
Retail
Media
Central Government
Healthcare Services
Banking
Food/Beverage/Tobacco
Insurance
Transportation/Shipping
Retail
National CERT
Transportation/Shipping
Legal
Insurance
Banking
Education
Banking
Retail
Transportation/Shipping
Charity
Banking
National Law Enforcement
Industrial Engineering
Industrial Engineering
Regional Law Enforcement
Transportation/Shipping
Transportation/Shipping
Telecommunications
Media
Transportation/Shipping
Banking