Laying the foundations of a digital future...or not

17th e-Crime & Cybersecurity DACH: Virtual Edition
16th June 2021

Security for sustainable digital business
Build in haste, regret at leisure: digitalization should encourage top-down security cultures. But does it?


At AKJ’s last DACH event, attendees were asked what had changed most about cybersecurity in the past five years. One of the commonest responses was that while threats have become more frequent and complex, and cybersecurity itself has entered mainstream awareness, neither business heads nor more senior management are operating with a security-first mentality.

And this is creating real problems: responses in our research suggest that organisations are unwilling or unable to make the kind of large-scale operational changes required for a truly mature security culture.

Most obviously, digitalisation has become a matter of business survival. So, the priority has been speed of roll-out, not building-in security or establishing better procedures for including security teams in digital business projects, many of which are outsourced to third-party providers. The business, not security, has the upper hand in this response to the pandemic.

Within digitalisation, that reliance on third-parties for an increasing proportion of business-critical infrastructure is also a security risk. We didn’t need the SolarWinds hack to tell us about third-party risk, but it was a timely reminder of how fundamental it is.

This business-first approach reflects, according to our research, a continued view at senior management levels that security is just ‘a necessary expenditure’, a tax on the business, to be minimised where possible. CISOs still have to work hard to show the Board why security is not unnecessary friction but an enabler.

Even where the Board is on board, the broader problem of security culture remains: if short-term business goals trump security, if tick-box compliance on data privacy gets budget but real security does not, then not only do businesses face increasing risk in new technologies upon which they now depend, they also face an uphill struggle to build the top-down security culture every business needs in the longer term.

And while businesses incur ever more technical debt in solving business and security problems piecemeal, cybercriminals are operating with increased organisation and sophistication.

Left unchanged, this divergence, between what businesses are prepared to commit to cybersecurity and what bad actors are prepared to invest in terms of time and resources, threatens the sustainability of many digitalisation business models.
 

The e-Crime & Cybersecurity Congress DACH will take place online and will look at how cybersecurity teams, risk management functions and boards are tackling the key issues. As digitalisation goes critical, is this finally the moment at which traditional cybersecurity management has to change?

  • Security for the 5G revolution

    • The zero latency of 5G will crystallize the IoT revolution - the ability to question devices in real time (e.g. from mobile apps) is a gamechanger
    • But because connections happen faster, attacks and breaches also happen faster, and potentially with much greater reach
    • How can cybersecurity teams respond? Is automation the answer?
  • Securing the enterprise of sensors

    • Businesses across all sectors are embracing smart technology and connected devices
    • With so much data flowing from sensors and legacy control systems outside normal networks, how does security work?
    • For many firms (energy, healthcare, utilities, manufacturing, logistics, etc) this isn't just about data privacy - an attack could shut down operations, cause physical damage, or even result in death
  • Securing digital currencies

    • The move towards cashless payment methods during the crisis has been extreme, and looks like it may be irreversible
    • Many more governments are now looking at developing their own digital currencies
    • How do we go about securing a world in which most - perhaps all - payments are digital?
  • Securing the citizen

    • The COVID era demands unprecendented levels of citizen engagement
    • The systems required to provide safety create a huge data security and privacy challenge for both governments and employers
    • Are compromises inevitable? How can this critical data best be kept safe?
  • Building-in security: from DevOps to SecDevOps?

    • As companies ramp up digital business models it is crucial that they build security in from the start
    • Given the pace at which change is happening, this is a big ask – even before COVID-19 many companies prioritised speed over security
    • What can cybersecurity teams do to change this? Is this a CIO vs CISO battle?
  • Performing critical security tasks remotely - how can CISOs regain control?

    • Employees for whom long-term, secure remote working processes hadn't been set up in advance will not just be outside centrally controlled endpoint protection processes, they'll be beyond any patching and update processes.
    • Many security tools depend on being on the local network. How can security teams manage the basics remotely?
    • Will remediation and reimaging capabilities work as intended in a remote environment? What updates are needed to incident response playbooks?
    • Most organisations have 'abandoned' their existing office environments - including all the devices within them. These need to be monitored and protected too. Can it be done remotely?
  • Cybersecurity for business resilience

    • Forced, rapid digitalisation has revealed the fragmented nature of many security programmes
    • Protecting the business while enabling innovation and flexibility requires new models and approaches for cyber
    • Are automation and orchestration the answer?
  • Securing the workplace revolution

    • Lockdowns and the extremes of WFH will end, but the cost, productivity, work-life balance and carbon benefits of remote working mean it's here to stay.
    • As flexible working becomes the norm, new hardware, software and processes will need to be implemented across all areas of the business.
    • Many initial measures put in place were intended as a short-term stopgap. What new long-term security measures are required by a permanent change to working patterns?
  • Stuck in the Cloud

    • Most companies have been forced to rely on Cloud-based apps and storage
    • So, they need visibility and controls, they need logs from providers to review for unauthorised access and data exfiltration, and they need to limit unauthorised access and services.
    • And what do their Cloud contracts say about force majeure?

Who Attends

Job Titles

Chief BISO
Chief Information Security Officer
Chief Information Security Officer
Chief Information Security Officer
Chief Security & Privacy Officer
CISO
CISO/CTO
Director
Director Cyber Defense & CERT
Director Data Privacy
Director Security Risk & Compliance
Director Global Security Investigations
Director Information Security
Director, CRISC
Head of Security & Governance
Head of Compliance
Head of Corporate Data Protection
Head of Cyber
Head of Cyber Security
Head of Cyber Threat Response
Manager Information Security
Head of I.T.
Head of I.T. Security
Head of Information Security
Head of Information Security
Head of Internal Audit
Head of IT / Operations
Head of IT Security
Head of IT-Security
Head of Legal Data Privacy
Head of Penetration Testing
Head of I.T. Security
Head of Security
Head of Security Management
Head PCI Compliance
VP Cyber Security & Defence
Vice President, Threat Intelligence
VP Credit & Fraud
VP Crisis & Emergency Management
ASIC Operations
BISO
Cards Security Manager
CERT
COO Data Protection Programme
Corporate Audit
Head of Methods, Projects, IT
Corporate Security Awareness Manager
Counsel, Privacy & Information Law
Country Security Officer
CTO Security & Risk
CTSO
Fraud & Risk Manager
GAMA Business Task Force
Global Head of Data Protection
Global IT - Information Security
Global IT Manager
Group Data Protection Commissioner
Group Information Security Officer
Group Lead Active Defense Center
Information Security Manager
Information Security Manager
Information Security Manager
Information Security Manager
Information Security Manager
IT Security Manager
IT Security Manager
IT Security Research Engineer
Global IT Security & Compliance
Global IT Security & Compliance
IT Spezialist, WAN und Zugang
ITM Global Information Security
Lawyer
Lawyer
Leiter Informationssicherheit CISO
Leiter Unternehmenssicherheit
Local Data Security Officer
Manager Compliance
Manager Fraud Prevention
Operational Security Officer
Partner
Partner
IT Infrastructure Vice President
Security Fraud Manager
Security Manager
Security Manager, CISSP
Senior Alliance & BD Manager
Senior Manager Internal Audit
Senior Enterprise Security Manager
Senior I.T. Auditor
Senior Information Security Manager
Senior Information Security Manager
Senior Internal Auditor
Senior IT Auditor
Senior Manager
Senior Manager, Products & Innovation
Senior Project Manager (Infocontrol)
Senior Ref NGN
Senior Researcher
Senior Risk Manager
Senior Security Consultant
Senior Security Expert
Senior Security Product Manager
Senior Security Professional
Senior Security Specialist
Senior Security Specialist
Cyber Crime Investigations
Service & Contract Manager
Software Development Engineer
Specialist Security
SR IT Security Consultant
I.T. Security & Compliance Manager
System Analyst
Systemadministrator / CISO
GAMA Business Task Force
Team manager IT Security Operations
Teamleader I.T. Infrastructure
TORM & Financial Crime

Companies

Deutsche Bank Group
Deutsche Post
GE Capital
NYSE Euronext
Vodafone
Merck & Co
Audi
Deutsche Bank Group
Deutsche Telekom
First Data Merchant Solutions
First Data Merchant Solutions
American Express
Tech Data
SAP
BT
Allianz
Otto Group
Marsh
Airbus
Deutsche Bank Group
Daimler
Hengeler Mueller
Commerzbank
Eurostar
Quipu
Nintendo
Triodos Bank
Wirecard Bank
Lanxess AG
Siemens
Deutsche Telekom
Federal Office for Information Security
Commerzbank
Bank Verlag
Six-Group
Atos
Citigroup
Elavon Merchant Services
Deutsche Telekom
Allianz
Citigroup
BP
Commerzbank
UBS
MAN SE
BMW
Vodafone
Field Fisher Waterhouse LLP
Vattenfall AB
Deutsche Bank Group
Vodafone
Sofort
Deutsche Bank Group
Allianz
Adidas
Adidas
Deutsche Lufthansa
Citigroup
Commerzbank
KfW Bankengruppe
DZ Bank
Oce
Teradata
AXA
Deutsche Bundesbank
KfW Bankengruppe
Airbus
Adidas
E.ON
BMW
Daimler
Postbank P.O.S. Transact
Osborne Clarke
RWE Group
DZ Bank
Robert Bosch
Adidas
DZ Bank
E.ON
Osborne Clarke
Baker & McKenzie LLP
Deutsche Bank Group
Q8 Kuwait Petroleum
Siemens
Vodafone
Research in Motion
Nintendo
Adidas
Commerzbank
Deutsche Post
DHL
Mondi
DHL
ThyssenKrupp AG
Deutsche Telekom
BP
Deutsche Telekom
UBS
Postbank P.O.S. Transact
BT
Deutsche Telekom
Research in Motion
Triodos Bank
Deutsche Post
Tech Data
American Express
COLT Technology Services
Nintendo
COLT Technology Services
Deutsche Bank Group
Deutsche Post
Citigroup
BNP Paribas
Deutsche Bank Group
Deutsche Bundesbank
SCOR
Santander

Industries

Banking
Communications
Electronics
Finance
Telecoms
Other
Automotive
Banking
Telecommunications
Technology
Technology
Finance
Technology
Technology
Communications
Life Insurance
Retail
Insurance
Manufacturing
Banking
Auto Manufacturing
Law Firm
Banking
Transportation
Finance
Entertainment
Banking
Banking
Real Estate
Technology
Telecommunications
Government
Banking
Banking
Finance
Technology
Finance
Finance
Telecommunications
Life Insurance
Finance
Energy
Banking
Finance
Transportation
Manufacturing
Telecoms
Law Firm
Energy
Banking
Telecoms
Other
Banking
Life Insurance
consumer products
Consumer Products
Transportation
Finance
Banking
Banking
Banking
Electronics
Technology
Life Insurance
Banking
Banking
Manufacturing
consumer products
Energy
Manufacturing
Auto Manufacturing
Banking
Law Firm
Energy
Banking
Manufacturing
consumer products
Banking
Energy
Law Firm
Law Firm
Banking
Energy
Technology
Telecoms
Technology
Entertainment
consumer products
Banking
Communications
Transportation
Other
Transportation
Law Firm
Telecommunications
Energy
Telecommunications
Finance
Banking
Communications
Telecommunications
Technology
Banking
Communications
Technology
Finance
Telecommunications
Entertainment
Telecommunications
Banking
Communications
Finance
Finance
Banking
Banking
Insurance
Banking