18th e-Crime & Cybersecurity Germany

18th e-Crime & Cybersecurity Germany
20th January 2022, Frankfurt

CISOs in the crossfire: the rise of cyberwarfare and how to beat it
The link between nation-states and cybercriminals is proven. So how can the private sector stay safe?

“It's not cyber-war, but cyberterrorism." Howard Schmidt, former Cyber Security Coordinator of the Obama Administration, has said that "there is no cyberwar... ...Although they are non-violent, and thus not acts of war, their damaging effects on the economy and society may be greater than even some armed attacks.”

Whatever the definition, the problem for private-sector companies is clear: while most firms today can detect and deflect unsophisticated attacks from traditional small-scale hackers, the real threat lies with organised groups overtly or covertly supported by governments.

These groups are not only protected, but they are also nurtured with training, financing and, often, access to exploits that would be difficult or impossible for non-state supported actors to have developed.

The most obvious manifestation of this evolution has been the development of ever more sophisticated ransomware, and the link between ransomware and nation states was nowhere more obvious than when, after a meeting between Presidents Biden and Putin, the REvil hacking group disappeared and decryption keys to its ransomware appeared online. Exactly why is unknown, but the link with nation state activity looks strong.

For private-sector CISOs, cyberwarfare, cyber espionage, cyberterrorism and the rest are continuing to raise the game.

Ransomware has shown that so-called ‘basic cyber hygiene’ may be basic to describe but is very difficult to achieve in practice. Core issues around passwords, MFA, RDP, asset visibility, joiners/movers/leavers, patching and so on continue to let hackers into organisations to do damage.

Combine the increased volume and sophistication of adversaries with the expansion of the attack surface caused by hybrid working, OT/IoT and digital transformation in general and the challenge becomes clear. Without an increase in budgets that is unlikely to materialise, CISOs will fall further behind the curve.

It's time for governments, vendors and Big Tech to step up to the plate.

First, vendors need to step-up with more comprehensive, less single-point, solutions; second, the Cloud monopolists and telcos must do a better job of stopping threats before they reach end-users; and third, it’s time for governments to do a great deal more to protect all of us. But will any of this actually happen? What can CISOs do in the meantime?
 

The e-Crime & Cybersecurity Congress Germany will look at how we all need a new kind of security. Join our real-life case studies and in-depth technical sessions from the security and privacy teams at some of the world’s most admired brands.

  • Moving to Cloud Native?

    • Applications have become increasingly complex, with users demanding more and more.
    • They expect rapid responsiveness, innovative features, and zero downtime.
    • Performance problems are no longer acceptable - they'll easily move to your competitor.
    • Should you go Cloud Native?
  • Closing the cybersecurity skills gap

    • Increased regulation and a sharp rise in attacks and incidents mean security budgets are on the increase.
    • However, CISOs may find themselves struggling to buy the resource they need most: skilled cybersecurity staff
    • So, how are companies hiring and retaining talent? And which technologies can bridge the gaps?
  • Building-in security: from DevOps to SecDevOps?

    • As companies ramp up digital business models it is crucial that they build security in from the start.
    • But that is a big ask. And even before the crisis, security teams found it hard to gain leverage over the business.
    • How can cybersecurity teams help? Is this a CIO vs CISO battle?
  • Securing the citizen

    • The COVID era demands unprecendented levels of citizen engagement.
    • The systems required to provide safety create a huge data security and privacy challenge for both governments and employers.
    • Are compromises inevitable? Can solution providers help?
  • Can zero trust be done?

    • Zero Trust/ZTNA/SASE - they promise solutions to the key problems CISOs face today.
    • But how realistic are they? Do they take into account existing legacy technology, and the ways in which real companies actually do business day-to-day?
    • Can you explain how a real-world implementation works?
  • Re-engineering the SOC: from logs to automated XDR

    • Does anybody really look at all their logs?
    • Data and alert overload have been the Achilles Heel of the SOC team and they constitute a broader failing in many security architectures.
    • What companies need is systems that can process this data into actionable insights. Can XDR help?
  • Cybersecurity for business resilience

    • Forced, rapid digitalisation has revealed the fragmented nature of many security programmes
    • Protecting the business while enabling innovation and flexibility requires new models and approaches for cyber
    • Are automation and orchestration the answer?
  • Building better Cloud governance

    • Migrating to the Cloud is a priority
    • But, if not properly managed, cloud migrations result in extra complexity and risk
    • How can firms efficiently assess cloud readiness, plan and execute migrations, and establish comprehensive cloud governance?
  • Securing digital currencies

    • The move towards cashless payment methods during the crisis has been extreme, and looks irreversible.
    • Many more governments are now looking at developing their own digital currencies.
    • How do we go about securing a world in which most - perhaps all - payments are digital?
  • Are criminals winning the ransomware war?

    • Ransomware tests every part of your infrastructure, from awareness to endpoint protection to patching to phishing defences
    • Some attacks are sophisticated, but most rely on traditional methods and vectors
    • So why is it so hard to beat them? Is AI or zero trust or something else the answer?
  • From smart machines to smart cities - securing the IoT

    • How long will it be before every significant device and location is part of an ecosystem of sensors connected to public and private networks?
    • Driving apps tell insurers what premiums to charge. Packaging machines report their own breakdowns.
    • But are these devices visible on your network and how are you securing them?
  • Too little time for implementation?

    • As cyber threats have multiplied, the time CISOs have to choose, buy and implement security solutions has fallen sharply
    • But it has never been more critical to make the right choice
    • So how can cybersecurity professionals change their RFP and POC processes while maintaining quality?

Who attends

Job titles

Chief BISO
Chief Information Security Officer
Chief Information Security Officer
Chief Information Security Officer
Chief Security & Privacy Officer
CISO
CISO/CTO
Director
Director Cyber Defense & CERT
Director Data Privacy
Director Security Risk & Compliance
Director Global Security Investigations
Director Information Security
Director, CRISC
Head of Security & Governance
Head of Compliance
Head of Corporate Data Protection
Head of Cyber
Head of Cyber Security
Head of Cyber Threat Response
Manager Information Security
Head of I.T.
Head of I.T. Security
Head of Information Security
Head of Information Security
Head of Internal Audit
Head of IT / Operations
Head of IT Security
Head of IT-Security
Head of Legal Data Privacy
Head of Penetration Testing
Head of I.T. Security
Head of Security
Head of Security Management
Head PCI Compliance
VP Cyber Security & Defence
Vice President, Threat Intelligence
VP Credit & Fraud
VP Crisis & Emergency Management
ASIC Operations
BISO
Cards Security Manager
CERT
COO Data Protection Programme
Corporate Audit
Head of Methods, Projects, IT
Corporate Security Awareness Manager
Counsel, Privacy & Information Law
Country Security Officer
CTO Security & Risk
CTSO
Fraud & Risk Manager
GAMA Business Task Force
Global Head of Data Protection
Global IT - Information Security
Global IT Manager
Group Data Protection Commissioner
Group Information Security Officer
Group Lead Active Defense Center
Information Security Manager
Information Security Manager
Information Security Manager
Information Security Manager
Information Security Manager
IT Security Manager
IT Security Manager
IT Security Research Engineer
Global IT Security & Compliance
Global IT Security & Compliance
IT Spezialist, WAN und Zugang
ITM Global Information Security
Lawyer
Lawyer
Leiter Informationssicherheit CISO
Leiter Unternehmenssicherheit
Local Data Security Officer
Manager Compliance
Manager Fraud Prevention
Operational Security Officer
Partner
Partner
IT Infrastructure Vice President
Security Fraud Manager
Security Manager
Security Manager, CISSP
Senior Alliance & BD Manager
Senior Manager Internal Audit
Senior Enterprise Security Manager
Senior I.T. Auditor
Senior Information Security Manager
Senior Information Security Manager
Senior Internal Auditor
Senior IT Auditor
Senior Manager
Senior Manager, Products & Innovation
Senior Project Manager (Infocontrol)
Senior Ref NGN
Senior Researcher
Senior Risk Manager
Senior Security Consultant
Senior Security Expert
Senior Security Product Manager
Senior Security Professional
Senior Security Specialist
Senior Security Specialist
Cyber Crime Investigations
Service & Contract Manager
Software Development Engineer
Specialist Security
SR IT Security Consultant
I.T. Security & Compliance Manager
System Analyst
Systemadministrator / CISO
GAMA Business Task Force
Team manager IT Security Operations
Teamleader I.T. Infrastructure
TORM & Financial Crime

Companies

Deutsche Bank Group
Deutsche Post
GE Capital
NYSE Euronext
Vodafone
Merck & Co
Audi
Deutsche Bank Group
Deutsche Telekom
First Data Merchant Solutions
First Data Merchant Solutions
American Express
Tech Data
SAP
BT
Allianz
Otto Group
Marsh
Airbus
Deutsche Bank Group
Daimler
Hengeler Mueller
Commerzbank
Eurostar
Quipu
Nintendo
Triodos Bank
Wirecard Bank
Lanxess AG
Siemens
Deutsche Telekom
Federal Office for Information Security
Commerzbank
Bank Verlag
Six-Group
Atos
Citigroup
Elavon Merchant Services
Deutsche Telekom
Allianz
Citigroup
BP
Commerzbank
UBS
MAN SE
BMW
Vodafone
Field Fisher Waterhouse LLP
Vattenfall AB
Deutsche Bank Group
Vodafone
Sofort
Deutsche Bank Group
Allianz
Adidas
Adidas
Deutsche Lufthansa
Citigroup
Commerzbank
KfW Bankengruppe
DZ Bank
Oce
Teradata
AXA
Deutsche Bundesbank
KfW Bankengruppe
Airbus
Adidas
E.ON
BMW
Daimler
Postbank P.O.S. Transact
Osborne Clarke
RWE Group
DZ Bank
Robert Bosch
Adidas
DZ Bank
E.ON
Osborne Clarke
Baker & McKenzie LLP
Deutsche Bank Group
Q8 Kuwait Petroleum
Siemens
Vodafone
Research in Motion
Nintendo
Adidas
Commerzbank
Deutsche Post
DHL
Mondi
DHL
ThyssenKrupp AG
Deutsche Telekom
BP
Deutsche Telekom
UBS
Postbank P.O.S. Transact
BT
Deutsche Telekom
Research in Motion
Triodos Bank
Deutsche Post
Tech Data
American Express
COLT Technology Services
Nintendo
COLT Technology Services
Deutsche Bank Group
Deutsche Post
Citigroup
BNP Paribas
Deutsche Bank Group
Deutsche Bundesbank
SCOR
Santander

Industries

Banking
Communications
Electronics
Finance
Telecoms
Other
Automotive
Banking
Telecommunications
Technology
Technology
Finance
Technology
Technology
Communications
Life Insurance
Retail
Insurance
Manufacturing
Banking
Auto Manufacturing
Law Firm
Banking
Transportation
Finance
Entertainment
Banking
Banking
Real Estate
Technology
Telecommunications
Government
Banking
Banking
Finance
Technology
Finance
Finance
Telecommunications
Life Insurance
Finance
Energy
Banking
Finance
Transportation
Manufacturing
Telecoms
Law Firm
Energy
Banking
Telecoms
Other
Banking
Life Insurance
consumer products
Consumer Products
Transportation
Finance
Banking
Banking
Banking
Electronics
Technology
Life Insurance
Banking
Banking
Manufacturing
consumer products
Energy
Manufacturing
Auto Manufacturing
Banking
Law Firm
Energy
Banking
Manufacturing
consumer products
Banking
Energy
Law Firm
Law Firm
Banking
Energy
Technology
Telecoms
Technology
Entertainment
consumer products
Banking
Communications
Transportation
Other
Transportation
Law Firm
Telecommunications
Energy
Telecommunications
Finance
Banking
Communications
Telecommunications
Technology
Banking
Communications
Technology
Finance
Telecommunications
Entertainment
Telecommunications
Banking
Communications
Finance
Finance
Banking
Banking
Insurance
Banking