19th Annual e-Crime & Cybersecurity Congress Germany

From threats to risks – the critical cybersecurity journey

2nd June 2022 • Munich Marriott Hotel

CISOs’ focus on threats is obscuring the real issues. Let’s start talking properly about risk.

 

It has been clear for some time that the current model we use to try to keep organisations and individuals safe from cyberattack is flawed – but perhaps not for the obvious reasons. Yes, the traditional perimeter no longer exists. Yes, what is simplistically called ‘basic cyber hygiene’ is almost impossible to guarantee. Yes third-party security, especially third-party software security, is an almost impossible problem. And yes, the attack surface is growing and threat actors are multiplying and becoming more sophisticated and aggressive. 

But the real issue is the constant focus on the latest threat and attack types when what is actually important is risk: ransomware is not a risk. Ransomware is a threat that can cause the corruption of key data. The risk is data loss. DDoS attacks are not risks, They are a threat to the continued operation of a system. The risk is the lost output or functionality of that system. 

By focusing on specific threats, CISOs and vendor condemn themselves to never-ending whack-a-mole strategy in which they are always playing catch-up to attackers who only need to be right once and who are increasingly better equipped than the defenders. This strategy is bound to fail – hence the commonplace ‘assumption of breach’.

Instead, companies and CISOs must focus on risks: what assets, data, applications, and processes are essential to their businesses?  Which of those are susceptible to cyber-attack? What is the actual risk to the business if those elements of business-critical infrastructure are taken out by a cyberattack? And what is the most cost-effective way to mitigate the risk? 

Even today, ask most CISOs about cyber risk and they will start listing threats. So how can we change mindsets and start thinking about security and in terms of risk and resilience? How can vendors help – they too focus on threats and defence against particular threats?

And let’s start talking about costs: it is noticeable how little vendors talk about costs versus how much CISOs talk about resources. It is even more noticeable how few CISOs map potential risk costs to spend. Is it time for a more open discussion about what an affordable security stack looks like, what affordable means for different types of organisations and what level of spend gets you what level of security and data privacy?

 

So how can vendors, governments and CISOs work together to build a better model for cybersecurity? Is zero trust the answer and if so is it possible? These are just some of the topics we will discuss at the e-Crime & Cybersecurity Congress Germany.

  • Closing the cybersecurity skills gap

    • It is critical, as companies ramp up their digital business models, that they build security in from the beginning. But that is a big ask.
    • And even before the crisis, security teams found it hard to gain leverage over the business. 
    • How can cybersecurity teams help? Is this a CIO versus CISO battle?
  • Can zero trust be done?

    • Zero Trust/ZTNA/SASE - they promise solutions to the key problems CISOs face today.
    • But how realistic are they? Do they take into account existing legacy technology, and the ways in which real companies actually do business day-to-day?
    • Can you explain how a real-world implementation works?
  • Is ransomware just going to keep getting worse?

    • Ransomware tests every part of your cybersecurity infrastructure from awareness to endpoint protection to patching to phishing defences.
    • Some attacks are sophisticated, but most rely on traditional methods and vectors.
    • So why is it so hard to beat them? Is AI or zero trust or something else the answer?
  • Are we exaggerating cloud issues?

    • Migrating to the cloud is a priority. But, if not properly managed, cloud migrations result in extra complexity and risk.
    • So how can firms efficiently assess cloud readiness, plan and execute migrations and establish comprehensive cloud governance? 
    • Can you help companies transition smoothly and securely to the cloud?
  • From threat/security to risk/resilience

    • If we start with real business risks, then not only do we get real engagement from the business and the Board, we create a framework for prioritizing cybersecurity, resilience, incident response and BCP spend.
    • We avoid an endless race to build and rebuild solution stacks. 
    • What does resilience really look like?
  • What does DORA mean for you?

    • The EU’s Digital Operational Resilience Act (DORA) is one of the most significant pieces of digital regulation anywhere in the world.
    • It recognizes the issue of third- and fourth-party exposures and the issue of CNI reliance on monopoly cloud providers. 
    • So, what do CISOs need to know?

Who attends

Job titles

Chief BISO
Chief Information Security Officer
Chief Information Security Officer
Chief Information Security Officer
Chief Security & Privacy Officer
CISO
CISO/CTO
Director
Director Cyber Defense & CERT
Director Data Privacy
Director Security Risk & Compliance
Director Global Security Investigations
Director Information Security
Director, CRISC
Head of Security & Governance
Head of Compliance
Head of Corporate Data Protection
Head of Cyber
Head of Cyber Security
Head of Cyber Threat Response
Manager Information Security
Head of I.T.
Head of I.T. Security
Head of Information Security
Head of Information Security
Head of Internal Audit
Head of IT / Operations
Head of IT Security
Head of IT-Security
Head of Legal Data Privacy
Head of Penetration Testing
Head of I.T. Security
Head of Security
Head of Security Management
Head PCI Compliance
VP Cyber Security & Defence
Vice President, Threat Intelligence
VP Credit & Fraud
VP Crisis & Emergency Management
ASIC Operations
BISO
Cards Security Manager
CERT
COO Data Protection Programme
Corporate Audit
Head of Methods, Projects, IT
Corporate Security Awareness Manager
Counsel, Privacy & Information Law
Country Security Officer
CTO Security & Risk
CTSO
Fraud & Risk Manager
GAMA Business Task Force
Global Head of Data Protection
Global IT - Information Security
Global IT Manager
Group Data Protection Commissioner
Group Information Security Officer
Group Lead Active Defense Center
Information Security Manager
Information Security Manager
Information Security Manager
Information Security Manager
Information Security Manager
IT Security Manager
IT Security Manager
IT Security Research Engineer
Global IT Security & Compliance
Global IT Security & Compliance
IT Spezialist, WAN und Zugang
ITM Global Information Security
Lawyer
Lawyer
Leiter Informationssicherheit CISO
Leiter Unternehmenssicherheit
Local Data Security Officer
Manager Compliance
Manager Fraud Prevention
Operational Security Officer
Partner
Partner
IT Infrastructure Vice President
Security Fraud Manager
Security Manager
Security Manager, CISSP
Senior Alliance & BD Manager
Senior Manager Internal Audit
Senior Enterprise Security Manager
Senior I.T. Auditor
Senior Information Security Manager
Senior Information Security Manager
Senior Internal Auditor
Senior IT Auditor
Senior Manager
Senior Manager, Products & Innovation
Senior Project Manager (Infocontrol)
Senior Ref NGN
Senior Researcher
Senior Risk Manager
Senior Security Consultant
Senior Security Expert
Senior Security Product Manager
Senior Security Professional
Senior Security Specialist
Senior Security Specialist
Cyber Crime Investigations
Service & Contract Manager
Software Development Engineer
Specialist Security
SR IT Security Consultant
I.T. Security & Compliance Manager
System Analyst
Systemadministrator / CISO
GAMA Business Task Force
Team manager IT Security Operations
Teamleader I.T. Infrastructure
TORM & Financial Crime

Companies

Deutsche Bank Group
Deutsche Post
GE Capital
NYSE Euronext
Vodafone
Merck & Co
Audi
Deutsche Bank Group
Deutsche Telekom
First Data Merchant Solutions
First Data Merchant Solutions
American Express
Tech Data
SAP
BT
Allianz
Otto Group
Marsh
Airbus
Deutsche Bank Group
Daimler
Hengeler Mueller
Commerzbank
Eurostar
Quipu
Nintendo
Triodos Bank
Wirecard Bank
Lanxess AG
Siemens
Deutsche Telekom
Federal Office for Information Security
Commerzbank
Bank Verlag
Six-Group
Atos
Citigroup
Elavon Merchant Services
Deutsche Telekom
Allianz
Citigroup
BP
Commerzbank
UBS
MAN SE
BMW
Vodafone
Field Fisher Waterhouse LLP
Vattenfall AB
Deutsche Bank Group
Vodafone
Sofort
Deutsche Bank Group
Allianz
Adidas
Adidas
Deutsche Lufthansa
Citigroup
Commerzbank
KfW Bankengruppe
DZ Bank
Oce
Teradata
AXA
Deutsche Bundesbank
KfW Bankengruppe
Airbus
Adidas
E.ON
BMW
Daimler
Postbank P.O.S. Transact
Osborne Clarke
RWE Group
DZ Bank
Robert Bosch
Adidas
DZ Bank
E.ON
Osborne Clarke
Baker & McKenzie LLP
Deutsche Bank Group
Q8 Kuwait Petroleum
Siemens
Vodafone
Research in Motion
Nintendo
Adidas
Commerzbank
Deutsche Post
DHL
Mondi
DHL
ThyssenKrupp AG
Deutsche Telekom
BP
Deutsche Telekom
UBS
Postbank P.O.S. Transact
BT
Deutsche Telekom
Research in Motion
Triodos Bank
Deutsche Post
Tech Data
American Express
COLT Technology Services
Nintendo
COLT Technology Services
Deutsche Bank Group
Deutsche Post
Citigroup
BNP Paribas
Deutsche Bank Group
Deutsche Bundesbank
SCOR
Santander

Industries

Banking
Communications
Electronics
Finance
Telecoms
Other
Automotive
Banking
Telecommunications
Technology
Technology
Finance
Technology
Technology
Communications
Life Insurance
Retail
Insurance
Manufacturing
Banking
Auto Manufacturing
Law Firm
Banking
Transportation
Finance
Entertainment
Banking
Banking
Real Estate
Technology
Telecommunications
Government
Banking
Banking
Finance
Technology
Finance
Finance
Telecommunications
Life Insurance
Finance
Energy
Banking
Finance
Transportation
Manufacturing
Telecoms
Law Firm
Energy
Banking
Telecoms
Other
Banking
Life Insurance
consumer products
Consumer Products
Transportation
Finance
Banking
Banking
Banking
Electronics
Technology
Life Insurance
Banking
Banking
Manufacturing
consumer products
Energy
Manufacturing
Auto Manufacturing
Banking
Law Firm
Energy
Banking
Manufacturing
consumer products
Banking
Energy
Law Firm
Law Firm
Banking
Energy
Technology
Telecoms
Technology
Entertainment
consumer products
Banking
Communications
Transportation
Other
Transportation
Law Firm
Telecommunications
Energy
Telecommunications
Finance
Banking
Communications
Telecommunications
Technology
Banking
Communications
Technology
Finance
Telecommunications
Entertainment
Telecommunications
Banking
Communications
Finance
Finance
Banking
Banking
Insurance
Banking


Venue

Munich Marriott

mm

Location:

Munich Marriott Hotel

Berliner Strasse 93, Munich, Bavaria 80805, Germany

Telephone: +49-89-360020
 

Directions:

Please click here