Agenda

Presentations already confirmed include:


►Hacking Retail: Real-World Attacks and How to Stop Them

Glenn Wilkinson, Ethical hacker and Ambassador for the Hacking Games

  • How attackers target retailers, from ransomware to insider threats
  • A live demo of ransomware detonation and its impact on retail systems
  • Lessons from high-profile retail breaches (including the M&S Parliamentary Inquiry)
  • Practical steps retailers can take to reduce their exposure and respond quickly

►And now the Weather Forecast – Threat Intelligence and SIEMs in the age of Cloud Computing

Klaus Klingner, Information Security Officer, Asambeauty

  • SIEM as radar: Centralise and normalise multi-cloud/SaaS/identity logs; create “watchlists” for weak signals so small anomalies don’t get lost

  • Threat intel as forecast: Map sector-specific actor TTPs to MITRE, define watch-conditions (IOCs + behaviors), and pre-stage responses before storms arrive

  • ATP as severe-weather alerting: Use automated containment (isolate host, revoke tokens, block IPs) to shrink MTTD/MTTR and close the gap from detection to action

  • Cloud = mountain weather: Instrument ephemeral resources (containers, serverless), track config drift, and treat identity and CI/CD as first-class telemetry sources

  • Preparedness kit & ritual: Maintain a 3-day “threat forecast” dashboard, run regular storm-drill tabletops, set clear trigger thresholds, and communicate in plain language to stakeholders

►The Perfect Storm - Navigating AI, Cyber-resilience and Product Security across retail supply chains

Adaora Ezennia, GRC Lead, THG PLC

  • The regulatory convergence crisis: CRA, DORA, and EU AI Act are colliding to create overlapping compliance obligations that require integrated strategies, not isolated responses

  • The AI supply chain blindspot: Retailers scrutinise vendor cybersecurity but ignore embedded AI systems in supplier operations, creating hidden EU AI Act liabilities and operational risks

  • From fragmented audits to unified assurance: A practical framework for third-party monitoring that simultaneously addresses CRA product security, DORA resilience, and EU AI Act transparency

  • Action plan: Immediate GRC actions—revise vendor questionnaires, mandate AI disclosures, launch cross-functional risk committees etc


►Human Factors in Cybersecurity — Debunking the Common Myths

Dr Lee Hadlington, Chartered Psychologist

  • Understanding the Human Role in Cybersecurity

  • Common Myths and Misconceptions

  • Psychological Factors Behind Security Behaviors

  • Strategies for Building a Human-Centric Cybersecurity Culture


►Fireside Chat: Beyond the Store: Securing Third-Party Risk

Simon Brady, Event Chairman, (Moderator) 
Angus Alderman, Information Security Officer, Boden

  • How is the evolving threat landscape—ransomware, credential theft, supply chain attacks—shaping your security priorities in retail?

  • With so much moving to SaaS, cloud, and outsourced IT, how is the off-prem shift changing your security priorities?

  • Retail runs on partners — payments, loyalty apps, delivery, logistics. How do you keep the customer experience smooth without skimping on fraud or identity checks?

  • Third parties are often the weakest link. How do you actually monitor them — contracts, frameworks, continuous monitoring, or something else?

  • Compliance doesn’t stop at your systems. How do you handle PCI, GDPR, and other regulations when data is constantly moving through third parties?

  • How are you preparing for the future of retail cybersecurity with AI, IoT, and emerging technologies like quantum-safe cryptography?


►Threats in Aisle 7: What Rapid7 Labs Sees in Retail Attacks

Christiaan Beek, Senior Director of Threat Intelligence & Analytics, Rapid7

  • The retail industry has become one of the most targeted sectors for modern cybercriminals — from sophisticated social engineering by Scattered Spider to coordinated intrusion campaigns by Crimson Collective
  • Rapid7 Labs unveils fresh insights from its global intelligence capabilities, spotlighting how attackers are exploiting retail ecosystems, supply chains, and identity systems for maximum disruption and financial gain
  • Learn how Labs’ data-driven threat intelligence powers early detection, guides proactive defence, and helps organisations stay one step ahead in the ever-evolving retail threat landscape