Securing online dependency (remotely)

5th e-Crime and Cybersecurity Nordics
20th May 2021  Online

Re-structuring enterprise security: new problems, new priorities
Workplace and business model changes now dictate CISOs' plans. How can they regain control?


For years, CISOs have wished that the Board and the business paid more attention to cybersecurity.

In reality, it often took a breach to focus firms on security, and for many it has taken the pandemic, and the sudden need for digital transformation that it creates, to truly reveal the extent of the security threat.

But this sudden push for ‘e-Everything’ may not deliver quite the focus on security cybersecurity professionals want from their companies.

Certainly, security will get tougher: organisations are expanding their attack surfaces, and becoming ever more dependent on digital interfaces and processes for their core business and other activities. They are also more reliant on digitally exposed third-parties, and now must worry about their suppliers of security software.

But just as importantly, the business need to roll out these new digital products, services, support and logistics services, in some ways puts control of the security process outside the CISO’s domain: if it was hard to get the business to build security in before, it will be much harder now.

So, what does this mean in practice and what can CISOs do about it?

Business demands for new functionality immediately mean a sudden jump in Cloud and SaaS applications, not necessarily bought with the CISO’s say-so or even knowledge. New e-Commerce and payment platforms suddenly appear, along with new marketing websites. Mobile apps are bought in from third-parties; or perhaps a small department responsible for some small proprietary coding projects suddenly become the app development team – and now reports to the CIO and the business heads. The ideals of SecDevOps take a back seat to getting products up and running as fast as possible.

And all of this is still being done mostly by remote CISOs running remote teams, by SOCs overloaded with alerts and with the SolarWinds hack reminding them that the enemy could be their own security stack.

So how can CISOs maintain acceptable levels of cybersecurity in this environment? What are the priorities and what is just nice-to-have?
 

The 5th e-Crime & Cybersecurity Congress Nordics will take place online and will look at how cybersecurity teams are tackling the new normal. Join us for real-life case studies and in-depth technical sessions from the security and privacy teams behind some of the world’s most admired brands.

View details of the previous event here

  • Building in security: easier said than done?

    • As businesses ramp up their digital business models, it's critical that they build security in from the beginning
    • But given the speed at which businesses are having to transform, that's a big ask. Even pre-coronavirus, security teams often found it hard to gain leverage over the business
    • How can cybersecurity teams ensure digital transformation and innovation are done securely?
    • Is this a CIO vs CISO battle?

  • Performing critical security tasks remotely - how can CISOs regain control?

    • Employees for whom long-term, secure remote working processes hadn't been set up in advance will not just be outside centrally controlled endpoint protection processes, they'll be beyond any patching and update processes.
    • Many security tools depend on being on the local network. How can security teams manage the basics remotely?
    • Will remediation and reimaging capabilities work as intended in a remote environment? What updates are needed to incident response playbooks?
    • Most organisations have 'abandoned' their existing office environments - including all the devices within them. These need to be monitored and protected too. Can it be done remotely?

  • Securing the customer - are your websites up to it?

    • The immediate need to move to online business channels creates a host of security and monitoring challenges
    • Are existing websites scalable to securely meet additional customer demands?
    • Do you rely too heavily on a single supplier? And what about the recent security changes to browsers such as Chrome which impact existing websites?

  • Protection versus business needs

    • There is a wider strategic challenge: many businesses now face an existential threat and must take rapid and extraordinary actions to survive
    • Their requests for technologies to help them do this will demand near-instant responses and extreme flexibility
    • Never has it been more important that security teams understand and enable the business

  • Rethinking identity and access management

    • Employees need off-site access to apps, data and other network resources - existing IDAM policies will need to be re-written fast
    • How can you restructure IDAM quickly? How can you push MFA to the whole network?
    • Can consumer-grade software be incorporated?

  • Stuck in the Cloud

    • Most companies have been forced to rely on Cloud-based apps and storage
    • So, they need visibility and controls, they need logs from providers to review for unauthorised access and data exfiltration, and they need to limit unauthorised access and services.
    • And what do their Cloud contracts say about force majeure?

  • Cybersecurity for business resilience

    • Forced, rapid digitalisation has revealed the fragmented nature of many security programmes
    • Protecting the business while enabling innovation and flexibility requires new models and approaches for cyber
    • Are automation and orchestration the answer?

  • Securing and protecting remote employees

    • The shift to home-working amplifies the BYOD / remote security issue: unsecured data transmission, use of VPNs, employees using workarounds to achieve tasks under pressure, the security of free video and collaboration tools, and so on.
    • What are the quick fixes and the longer-term solutions?
    • What about CISOs and their teams? They need unfettered remote access to the most sensitive systems and information - are they the weakest link? How can they ensure they're not hacked?

Who attends

Job titles

Police Superintendent
Project Manager Contact Centre
I.T. Security & Compliance Expert
Development Manager
Integration Manager
Senior Cyber Security Specialist
Group Risk Officer
Service Manager
Prosecutor
Chief Information Security Officer
Compliance Manager
Deputy Commissioner
Director
Cloud & Digitalisation Architect
Information Security Lead
Vice President IS/IT
Risk Management & Fraud
Product Manager
Senior Product Manager
Security & Authentication Specialist
Police Chief Inspector
Head of Group Information Security
Senior IT Security
I.T. Compliance Project Manager
Project Manager
Senior Adviser
Chief Security Officer
IT Security Specialist
PM Security/Online Banking
Perimeter Security Manager
Security Manager
Detective Inspector
CISO
Associate IT Operations Analyst
Chief Security Officer
Senior Security Manager
Head of Compliance
Chief Superintendent
IT Security Manager
CISO
Group Security Advisor
IT Technician
Expert IT Security Specialist
Senior Group Security Advisor
CISO
Task Force Counterfeiting
Legal Adviser
IT Operations
CSO / CISO
IT Security Architect
Senior Manager
Security Awareness Manager
Compliance Manager
Senior Malware Analyst
Information Security Officer
IT Manager
Infrastructure Management
Security Analyst
Head of High Tech Crime Division
Police Superintendent, Hi-Tech Crime
Customs Adviser & Product Safety
Product Specialist
Information Security Analyst
National Intelligence Coordinator
Chief Security Officer
Head of Investigation & Intelligence
Head of Security
MD & CEO
I.T.- security
Senior IT Security Specialist
IT Manager
Information Security Manager
Head of Fraud Intelligence & Incidents
I.T. Security Manager
Senior Innovation Manager
I.T. Security Manager
Head of Card Issuing & Retail Banking
Project Manager PCI
Global Service Delivery Manager
CSO
Solution Expert Security
Head of Security
CSO
Security Manager
Specialist
CISO
CM Security & Authorisations
Senior IT Security Specialist
Information Security Manager
Systems Administrator
Vice President
Communication Officer
Security Assistant
Special Adviser (Cards)
Compliance Manager
Service Delivery Manager
Head of Operational Security
IT Security Coordinator
Senior Security Specialist
Head of Computer Forensic Group
Assistant Chief of Police
Associate Director IT Security
Group Head of I.T.
Security Specialist
Information Security Manager
Detective Inspector
Systems Administrator
SW Developer
Computer Crime
Product Manager
Danish High Tech Crime Unit
It-Operations specialist
Security Manager
High Tech Crime
Audit Manager
Global Network Manager
Group Head IT Security Architecture
Mechanical Engineer
Manager, I.T. Division
Executive VP Payment Systems
Detective Inspector, I.T. Crime
Senior Systems Engineer
I.T. Consultant
Incident Response Team
senior relationship manager
Special Consultant
IT Security Specialist
Data Protection Officer
Group Information Security Manager
Information Security Specialist
SW Developer
Project Manager
Risk Assessment Manager
Chief Information Security Officer
Client Manager
ICT Security Manager & Privacy Officer
Product Manager
Global Product & Processes
Global Information Security Manager
Service Delivery Manager
Head of Application Security
Project Manager
Corporate Coordinator MEA
Director
Data Protection Officer
Detective Inspector
Nordic Credit Manager
Senior Strategic Advisor
Head, Financial Crime & Cybersecurity
Head of Card Department
Corporate Information Security Officer
Vice President Information Security
Secure Payments Responsible
CISO
Management Partner
Manager of Payments Systems
Board Member
Head of Operational Risk
Deputy CSO
Director of Internal Security
Strategy and Business Development
Special Adviser, Data Security
Project manager
Group Manager
Credit Card/Security Coordinator
Information Security Specialist
Senior Security Specialist
Director Acquiring
Energy and Health Policy
Director - National Criminal Intelligence
PCI DSS Compliance assistant
Security Analyst
Information Security Analyst
Project Manager
Compliance Manager
Senior Consultant Information Security
Senior Advisor
Enterprise Architecture
Head of Operations
Senior Security Manager
Head of IT, Northern Europe
Compliance Manager
Vice President, Chief Security Officer
CEO and MD
Head of IT Digital Services
Global Store IT Manager
Head of Risk Management
Security Specialist
Information Security Manager
Information security specialist
Card Network Manager
CISO
IRT
Vice President & Controller
Security Officer/Systems Architect
CTO
VP Customer Relations
Specialist Cash Register
IT Security Manager
CISO
Detective Superintendent
Detective Superintendent
Senior Manager Compliance
CISO
Senior IT Infrastructure Architect
Banking Sector
Detective Superintendent
Detective Chief Inspector
Chief Information Security Officer
Acquiring Specialist
Corporate Counsel
CISO
Information Security Officer
IT Security Manager
Service Delivery Manager
Specialist
Chief Information Security Officer
Head of I.T. Security
Senior Product Manager
IT Security Manager
Cardsystem Manager
CISO
IT Security Coordinator
Senior VP - Production Risk & Fraud
NCIS Norway
Strategic Analyst - Cyber
Senior Tech and Cyber under writer
Chief Information Security Officer
Security Manager
Information Security Analyst
Security Specialist
VP Anti Fraud Systems
Security Analyst
IT Security Manager
Creditcard Administrator
Head of PCI & Compliance
Global Product & Process Specialist
Security Advisor
Data Protection Architect
Project Manager PCI DSS
Information Security Manager
Administrator
Security Manager
Security Manager
CISO
Head of Acquiring
Senior Manager, Authentification
Manager Business Development
Head of Unit Card Department
Risk Management Specialist
Service Manager
Manager Merchant Solutions
I.T. Development Manager
Head of Business Architect
Senior SQA Engineer
Compliance Officer
Senior System Developer
Chief Information Security Officer
Security Officer
Detective Inspector, I.T. Crime
Chief Information Security Officer
Senior Product Manager
RND Manager
Information Security Officer
IT Security Specialist
Security Specialist
Information Security

Companies

National Crime Squad
Elkjøp Nordic
Nutreco
Swedbank
Sandvik
Telia Company
Unibet
Novo Nordisk
Northern Sweden
Swedish Transport Agency
Nets
Swedish National Criminal Police
Nordea Bank
Pöyry
Akelius
Atlas Copco
Swedbank
Samlink
Nordea Bank
Nordea Bank
Ministry of Justice - Norway
Skandinaviska Enskilda Banken
Novo Nordisk
Valitor
Skandinaviska Enskilda Banken
National Laboratory of Forensic Science
Point International
Skandia Banken
Swedbank
Volvo
Borgun
Swedish National Criminal Police
H&M
Novo Nordisk
PAF
Telia Company
Evry
Ministry of Justice & Police - Norway
Fora AB
Nets
Ericsson
Novo Nordisk
Nordea Bank
Ericsson
NetEnt
Danish National Tax & Customs
Danish Patent and Trademark Office
Novo Nordisk
Landshypotek Bank
Sveriges Riksdag
Visa
H&M
Nets
Telenor ASA
Sahlgrenska University Hospital
DLA Piper LLP
Novo Nordisk
Telenor ASA
Ministry of Justice & Police - Norway
Ministry of Justice & Police - Norway
Sweden - Customs
Entercard
Nets
Swedish National Criminal Police
Sahlgrenska University Hospital
Swedish Tax Agency
Stockholms läns landsting
Pan-Nordic Card Association
Nets
Nordea Bank
Telia Company
Handelsbanken
Nordea Bank
Sparebank 1
Swedbank
Elkjøp Nordic
Swedbank
Cale Access
Pöyry
Crosskey Banking Solutions
Skandinaviska Enskilda Banken
Nets
Greidsluveitan
Visa
Autotank
Bank of Finland
Nordea Bank
Nordea Bank
Old Mutual Wealth
DLA Piper LLP
Pan-Nordic Card Association
Nordea Bank
Sahlgrenska University Hospital
Federation of Finnish Financial Services
Teller
Nordea Bank
Modern Times Group
Modern Times Group
Saxo Bank
National Laboratory of Forensic Science
Ministry of Justice & Police - Norway
Saxo Bank
Modern Times Group
Svenska Spel
Etera
Swedish National Criminal Police
Sveriges Riksdag
Autotank
Swedish Civil Contingencies Agency
Nordea Bank
Danish National Police
Akelius
Metsä Group
Ministry of Justice & Police - Norway
Old Mutual Wealth
Pöyry
Nordea Bank
Valitor
Greidsluveitan
Samlink
Swedish National Criminal Police
Tag Systems
Gant SE
Sparebank 1
Nordea Bank
Danmarks Nationalbank
Marginalen Bank
StoreBrand
Saab Group
Maersk
Autotank
Skandinaviska Enskilda Banken
Elkjøp Nordic
Nokia
Swedbank
Paroc Group
Swedbank
Nordea Bank
AstraZeneca
Pöyry
Schibsted
Skandinaviska Enskilda Banken
Ericsson
Crosskey Banking Solutions
Sahlgrenska University Hospital
Västerbotten County Police - Sweden
Elkjøp Nordic
Swedish National Criminal Police
Federation of Finnish Financial Services
Swedbank
Sanoma Group
Aker Kvaerner
H&M
Wasa Kredit
Nordea Bank
Swedbank
Finnish Information Security Association
SBAB Bank
Valitor
Ministry of the Interior Finland
Skandinaviska Enskilda Banken
Federation of Finnish Financial Services
Pöyry
Nets
Statoil ASA
Swedish Tax Agency
Nokia
Teller
FIPRA
Swedish National Criminal Police
Nets
Telenor ASA
Nets
Swedbank
Nets
DNB
Ministry of Justice & Police - Norway
DSV - Global Transport and Logistics
Just Eat
Telenor ASA
Pöyry
Evry
Saab Group
Pan-Nordic Card Association
Elkjøp Nordic
H&M
Nordea Bank
Danske Bank A/S
Avaus
Samlink
Skandinaviska Enskilda Banken
Arbetsförmedlingen
Sparebank 1
Pan-Nordic Card Association
Auriga
Towah 42
Towah 42
Stockmann Oyj
H&M
Oy Apotti Ab
Danish National Police
Helsinki Criminal Police
Nets
Ikea Group
Novo Nordisk
Federation of Finnish Financial Services
Helsinki Criminal Police
Danish National Police
Statoil ASA
Swedbank
Ascio Technologies
Suomen Osuuskauppojen Keskuskunta
Eurocard
Pandora
Pöyry
Swedbank
PAF
Novo Nordisk
Nordea Bank
Saxo Bank
Danske Bank A/S
Fujitsu
Viaplay
Nets
Ministry of Justice & Police - Norway
Ministry of Justice & Police - Norway
Allianz
Modern Times Group
DIBS Payment Services
Nets
Ikea Group
Samport Payment Services
Telenor ASA
Nordnet
Cale Access
Danske Bank A/S
Nordea Bank
Ericsson
OP Financial Group
Skandinavisk Data Center
Nokia
Catella Bank
Visa
Valitor
Suomen Osuuskauppojen Keskuskunta
Swedbank
Nordea Bank
Valitor
Swedbank
Nets
Kesko Oyj
Visa
Swedbank
Skandinaviska Enskilda Banken
Swedbank
Euroline
Towah 42
StoreBrand
Auriga
Swedish National Criminal Police
Folksam
Nordea Bank
Autotank
Vattenfall
Tele2 AB
Danske Bank A/S
Sparebank 1

Industries

National Law Enforcement
Retail
Food/Beverage/Tobacco
Banking
Construction
Telecommunications
Casinos/Gaming
Pharmaceuticals
Regional Law Enforcement
Central Government
Banking
National Law Enforcement
Banking
Industrial Engineering
Real Estate
Construction
Banking
Software
Banking
Banking
National Law Enforcement
Banking
Pharmaceuticals
Software
Banking
Central Government
Banking
Banking
Banking
Automobiles/Parts
Banking
National Law Enforcement
Retail
Pharmaceuticals
Casinos/Gaming
Telecommunications
Software
National Law Enforcement
Insurance
Banking
Hardware
Pharmaceuticals
Banking
Hardware
Casinos/Gaming
Central Government
Central Government
Pharmaceuticals
Banking
Regional Government
Banking
Retail
Banking
Telecommunications
Education
Legal
Pharmaceuticals
Telecommunications
National Law Enforcement
National Law Enforcement
Central Government
Banking
Banking
National Law Enforcement
Education
Central Government
Regional Government
Association
Banking
Banking
Telecommunications
Banking
Banking
Banking
Banking
Retail
Banking
Hardware
Industrial Engineering
Banking
Banking
Banking
Software/Hardware
Banking
Machinery
Banking
Banking
Banking
Insurance
Legal
Association
Banking
Education
Association
Banking
Banking
Media
Media
Banking
Central Government
National Law Enforcement
Banking
Media
Casinos/Gaming
Insurance
National Law Enforcement
Regional Government
Machinery
Central Government
Banking
National Law Enforcement
Real Estate
Mining/Metals
National Law Enforcement
Insurance
Industrial Engineering
Banking
Software
Software/Hardware
Software
National Law Enforcement
Banking
Retail
Banking
Banking
Banking
Banking
Banking
Association
Transportation/Shipping
Machinery
Banking
Retail
Electronic/Electrical Equipment
Banking
Construction
Banking
Banking
Pharmaceuticals
Industrial Engineering
Media
Banking
Hardware
Banking
Education
National Law Enforcement
Retail
National Law Enforcement
Association
Banking
Media
Construction
Retail
Banking
Banking
Banking
Association
Banking
Software
Central Government
Banking
Association
Industrial Engineering
Banking
Oil/Gas
Central Government
Electronic/Electrical Equipment
Banking
Association
National Law Enforcement
Banking
Telecommunications
Banking
Banking
Banking
Banking
National Law Enforcement
Transportation/Shipping
Retail
Telecommunications
Industrial Engineering
Software
Association
Association
Retail
Retail
Banking
Banking
Media
Software
Banking
Regional Government
Banking
Association
Banking
Banking
Banking
Retail
Retail
Software/Hardware
National Law Enforcement
Regional Law Enforcement
Banking
Retail
Pharmaceuticals
Association
Regional Law Enforcement
National Law Enforcement
Oil/Gas
Banking
Software
Retail
Banking
Retail
Industrial Engineering
Banking
Casinos/Gaming
Pharmaceuticals
Banking
Banking
Banking
Consultancy
Media
Banking
National Law Enforcement
National Law Enforcement
Insurance
Media
Software
Banking
Retail
Banking
Telecommunications
Telecommunications
Hardware
Banking
Banking
Hardware
Banking
Software
Electronic/Electrical Equipment
Banking
Banking
Software
Retail
Banking
Banking
Software
Banking
Banking
Retail
Banking
Banking
Banking
Banking
Transportation/Shipping
Banking
Banking
Banking
National Law Enforcement
Insurance
Banking
Machinery
Electronic/Electrical Equipment
Telecommunications
Banking
Banking