Agenda

09:25 - 09:30

Chairman's Welcome
09:30 - 09:50

► Human Risk Management: 3 Steps to Shift From a Compliance to a Behaviour Change Program  

Maxime Cartier, Former Head of Security Culture & Competence, H&M Group 

80% of cybersecurity breaches involve the human element (social engineering, credentials, information mishandling etc.) yet training has failed to meaningfully reduce this risk. So how can retail companies: 

  • Create sustained behaviour change in an organisation 
  • Change perceptions and awaken security consciousness by changing how you talk about security 
  • Choose the right metrics: which metrics can best inform your work and engage senior management? 
  • Sustain long-term behaviour change: how to industrialise a data-driven approach to manage human risk 
09:50 - 10:05

► How to build cyber resilience in the retail sector

Andy Lalaguna, Senior Solutions Architect, eSentire

In today’s threat landscape, security leaders must shift their focus to improving their cyber resilience. The ability to anticipate, withstand, recover from, and adapt to the evolving cyber threats will dictate how well-equipped your cybersecurity program is at defending against these threats. However, given the lack of skilled in-house security resources, it can be challenging to balance the number of incoming security alerts with delivering swift response to eliminate known and unknown threats.

Join eSentire’s Senior Solution Architect, Andy Lalaguna as he share insights on how you can leverage 24/7 threat detection, investigation, and response capabilities to reduce your cyber risk, build resilience and prevent business disruption.

 Key takeaways include:

  • How to assess, understand, and quantify your cyber risks. 
  • Why you should shift your focus to building cyber resilience in addition to managing your cyber risks.
  • How proactive threat hunting, combined with 24/7 threat detection and response, are critical in developing a strong cyber defence strategy.
10:05 - 10:40

► CISO Priorities: is retail different?

Jonathon Concannon, Group Information Security Manager, Boohoo Group PLC;
Darcy Delich-Coull, Head IT Security & Compliance, Footasylum

Retail firms are prime targets for hackers after data and money. Their challenges may look the same as those faced by other organisations but the differences are a real headache for CISOs in the sector. Learn how these leaders deal with 

  • Securing millions of customers and their transactions 
  • Building secure but attractive customer journeys 
  • Secure software / app development / purchase 
10:40 - 11:00

► Data, Risk, and a Fast-moving Target

Chris Jones, Senior Sales Engineer, Forcepoint

  • The real-life challenge of all Data everywhere, all at once
  • Understand the varied channels where data is found, and the many ways data is used and exfiltrated
  • Why might data sensitivity reduce the return you receive on existing assets
  • How do you mitigate risk when the goalposts never stop moving
11:00 - 11:20

► How was I hacked as a security engineer?

Danielle Sudai, Security Operations Lead, Deliveroo

  • How to raise customer security awareness
  • Possible attack flows and the flaws in retail websites
  • How to better protect your customers from security breaches
11:20 - 11:55

► The path to core compliance for the retail sector 

Simon Turner, Senior Manager Security Governance & Compliance, BT Group ;
Jeremy King, VP, Regional Head for Europe, PCI Security Standards Council;
Barry Swick, PCI Compliance Manager, WSH Group

If you are compliant with PCI DSS, and moving towards version 4.0, then you have a strong foundation in both security and privacy in your e-commerce and traditional retail operations. So, are you? Or do you feel lucky?  

  • Why PCI DSS? It’s just for cards and they’re dying, right? 
  • From scratch to initial compliance: the journey 
  • Version 4.0 a paradigm shift and a blueprint for broader resilience  
11:55 - 12:15

► The Retail industry is becoming one of the favourite targets for cyber criminals, what can we collectively do to prevent it?

Miles Hood, UK Territory Manager, Tenable

During this session, we will cover:

  • The current threat landscape and the Retail sector
  • Why Retail is targeted by cyber attacks
  • How attackers are operating, using some examples
  • Why the preventative approach and Exposure Management can help reduce the risk with a unified view of the attack surface
12:15 - 12:35

► It’s not a binary choice: Debunking the myth of compliance vs Threat informed defence

Simon Goldsmith, Director for Information Security, OVO Energy

  • InfoSec's 5 forces: building a security strategy
  • Neither a defensible strategy nor effective defences, it’s both
  • Governance, regulatory compliance, threats and risk reduction for all shapes and sizes 
  • Tactics from boiling frogs to security stories and being practical
12:35 - 12:55

► Securing Retail – The Future & PCI DSS 4.0

James Vale, Senior Business Information Security Officer, Barclays Consumer Banking and Payments

  • Why are Retailers are so targeted by cyber criminals?
  • Data Breach stats
  • Where PCI DSS fits in the equation
  • PCI DSS version 4.0 and what do the changes mean for Retailers?
12:55 - 13:00

Chairman's Closing Remarks