Agenda

08:00 - 08:55

Login and Networking

08:55 - 09:00

Chairman's welcome

09:00 - 09:20

► Legal Cyber Risks: Regulatory Observations and Guidance

David Bish, Head of Research and Analysis, Solicitors Regulation Authority

  • Overview of the current cybercrime landscape: what changed in 2020?
  • Current trends – what are we seeing as the regulator, and what are the impacts on firms?
  • Ongoing COVID-19 and remote working security considerations: practical advice for 2021.
  • Regulatory obligations and resources: SRA guidance and enforcement strategy.
09:20 - 09:40

► Security is important, and it can be done without compromising usability

Max Faun, EMEA Head of Business Consulting, Okta

  • Mobile and cloud proliferation along with the shift to working from home has exposed law organisations to much higher risks for potential hacks and attacks.
  • The traditional perimeter is crumbling under the weight of these threats, making it imperative to re-examine traditional security approaches.
  • Identity & access management must now take centre stage to defend against identity-based security breaches, using modern approaches to do this whilst dramatically improving user experience.​
09:40 - 10:00

► Presentation by Palo Alto Networks

Outline to follow 

10:00 - 10:30

► Developing and Securing next-gen legal technology

Law Firms are adopting technologies such as automated contract review, AI and chatbots which are significantly altering the services provided by firms, helping to automate routine tasks and provide next-gen client services. But cyber security and data protection need to be carefully considered when developing online legal services. So how are law firms transforming their services, securely?

  • Jas Bassi, Head of Solution Delivery, Gateley
  • Martyn Styles, Head of Information Security, Bird & Bird LLP
  • Jonathan Freedman, Chief Information Security & Technology Officer, Howard Kennedy
10:30 - 11:00

 Education Seminar Session 1

Delegates will be able to choose from the following education seminars:

  • Consolidated Cloud Security: The Legal Sector’s ‘Silver Bullet’? Richard Walters, CTO, Censornet

  • Espionage In 2021 And Beyond: It’s Not All About Cyber, Emma Shaw, Founder and Managing Director, Esoteric

11:00 - 11:30

Networking break

11:30 - 11:50

► Is perimeter defence sufficient to protect the “crown jewels”?! Implementing strong access controls to secure the workplace revolution

Razvan Cretu, Director of IT, CMS

  • Today’s distributed business models necessitate the refocus of security towards the user’s identity, what does this mean for your current security controls?
  • What do law firms need to consider when implementing access controls on their services?
  • Should we embrace the “assume breach” strategy? Prevention is still important, but in this environment should the emphasis shift to reactive security?
11:50 - 12:10

► Adversary Infrastructure in 2020: A Defender's View

Nour Fateen, Pre-sales Consultant, Recorded Future

  • Adversary infrastructure has evolved throughout 2020, including the creation and modification of new malicious infrastructure for a multitude of post-exploitation toolkits, custom malware frameworks, and open-source remote access trojans. 
  • 2021 outlook, examining the tools that espionage-oriented actors are using to achieve their goals and the further adoption of open-source tools. 
  • How to implement security controls and mitigations against these malware families, and how to adopt defense-in-depth approaches to detect intrusion activity on the victim host, at the perimeter, and on the wire.
12:10 - 12:30

► Oh no, not another Ransomware presentation​

Zeki Turedi, CTO, Europe, Middle East and Africa, CrowdStrike

  • A discovery of the key trends observed within the attacks of today and dissection of key examples
  • Why ransomware that leverages the fear of uncertainty around the pandemic is on the rise and what can be done to combat it
  • Recommendations on how legal firms can best protect their organisations data and network across both corporate supplied and employee-owned devices, regardless of where they are located
12:30 - 12:50

► Securing the New Normal: Cyber AI for the Inbox 

Mariana Pereira, Director of Email Security Products, Darktrace

  • Today, 94% of cyber-threats still originate in the inbox. 
  • ‘Impersonation attacks’ are on the rise, as artificial intelligence is increasingly being used to automatically generate spear-phishing emails, or ‘digital fakes’, that expertly mimic the writing style of trusted contacts and colleagues.  

  • Humans can no longer distinguish real from fake on their own – businesses are increasingly turning to AI to distinguish friend from foe and fight back with autonomous response.

  • In an era when thousands of documents can be encrypted in minutes, ‘immune system’ technology takes action in seconds – stopping cyber-threats before damage is done.​

12:50 - 13:50

Lunch and networking break

13:50 - 14:10

► Current Cyber Threats to the UK Legal Sector and How to Keep Yourself Safe

Joshua Pool, Detective Sergeant, Metropolitan Police Cyber Crime Unit

  • In the first half of 2020, law firms reported losses of nearly £2.5 million of client funds – find out the common attack vectors and areas of most risk from cyber criminals.
  • How should law firms respond and what steps can be taken to mitigate these risks? Are offline backups and access management enough?
  • Law enforcement and industry collaboration following a breach is encouraged but unfortunately, not always the chosen path. What are the other ways in which we can work together to reduce organisational risk and potential for reputational damage?
14:10 - 14:30

► Responding to client pressure for improved email security, without impacting productivity

Bobbie Darrock, Information Security Specialist, Egress Software Technologies

  • Understand why legacy DLP technologies have failed to mitigate risk and keep data secure
  • See how law firms can dynamically quantify and mitigate breaches through intelligent technology
  • Understand the value this brings to client relationships and firm-wide working practices
14:30 - 14:50

► How mobile devices are leaving the door open to legal cyber risks 

Burak Agca, Mobile Security Advisor UK/I, Lookout UK

Mobile devices are at the intersection of work and personal life. Now more than ever employees are using these devices to access business apps and corporate data. 

  • Where the mobile risk resides - overview of the latest cyber threats.
  • How cyberthreats are affecting the legal sector.
  • How can cyber criminals compromise corporate cloud data.
  • How to secure any mobile device with access to corporate cloud data and protect all employees, no matter where they work from.​
14:50 - 15:10

► Communicating Cyber: Senior Management Engagement in the New reality

When law firms make the cybersecurity headlines it’s generally a high-profile third-party issue. When such incidents make headlines, panicked board members have one question for information security leaders; “How can we be sure this will not happen to us?” So, how can information security leaders effectively communicate cybersecurity strategies across their firm and get the board on side to foster a cyber-secure culture from the top-down?

  • Kat Quinton, Head of Information Security & Data Protection, Clarke Willmott

  • Karl Knowles, Global Head of Cyber, HFW

15:10 - 15:40

Networking break

15:40 - 16:00

► Third-Party Management: The Risk-based Approach 

Third-party breaches underscore the potential risks involved in firms outsourcing services and how such firms can be exposed not only by their own internal systems but by the vulnerabilities of their third-party service providers. Despite this, many firms struggle to assess their level of expose to third-party risks and the impact a third-party issue could have on brand, reputation, and operations. When their security is just as integral as your own, what are the risk-based approaches to managing your third parties? 

  • Steve Byrne, Information Security Officer, DWF

16:00 - 16:30

► Another year of living dangerously?

Simon Brady, Managing Editor, AKJ Associates

  • How secure are your security providers and how would you know?
  • As key third-party suppliers, how can you convince your clients you are secure?
  • Remote working is insecure – but just how insecure?
  • Three key tasks for 2021
16:30 - 17:00

Networking

17:00

Conference Close 

Education seminars


Espionage In 2021 And Beyond: It’s Not All About Cyber


Emma Shaw, Founder and Managing Director, Esoteric

Espionage in the Legal sector is a threat which can have devastating effects on not only an organisation’s performance, reputation and finances, but also on the privacy of its own clients. While cybersecurity is front of mind for most, adversaries are using traditional techniques to facilitate both cyber and other technical eavesdropping attacks. Shifts in ways of working post-Covid-19 are only exacerbating this risk.

  • Espionage in the Legal sector: Is it really still a threat?
  • Trends in espionage driving the need for a strategic shift
  • Layers and crossover: Considerations for effective cyber / physical / technical /insider threat mitigation
  • Ways that technology can help in 2021 and beyond​

Consolidated Cloud Security: The Legal Sector’s ‘Silver Bullet’?


Richard Walters, CTO, Censornet

As we enter a new age of the workplace where ‘anywhere work’ is a necessity, the major shift in work location and jump to adopt new tools has highlighted the risks associated with the cloud and meant that many law firms have, or need to, radically re-evaluate their cyber security posture.

In this session we will explore;

  • The drivers of change and implications for cyber security in a remote landscape
  • Securing data as your Lawtech moves to the cloud - must watch for iManage users
  • Why now is the time to take a holistic view of cyber security - including findings from Censornet’s mid-lockdown survey of 300 cyber security professionals
  • Real examples of Legal sector security challenges solved
  • How to quickly and easily achieve robust seamless protection and efficiencies across core security products​