Agenda

Registration and breakfast networking

Chairman's welcome 

► Of CTO and CISO: how both security and technology are vital to the success of the business

Jonathan Freedman, Chief Information Security and Technology Officer, Howard Kennedy

• The legal industry has ascended the maturity curve when it comes to cyber and information security. What lessons has it learnt?
• Recognition of the Partners of the real business risk and impact of information security
• How do you implement a holistic security strategy across the unique business structure of a law firm?

► Developments since the coming into force of the GDPR on 25 May

Stuart Skelly, Sector Consultancy Manager, IT Governance

• Number of complaints received by ICO
• Number of breach reports received by ICO
• Codes of practice from the ICO
• The DPA 2018
• Brexit related matters

► Access Management Leading the Cloud Transformation Drive

Jon Noble, Regional Sales Manager and Martin Day, Solutions Engineer, OneLogin

• Hear how you can make it simpler, safer and more cost-effective for your users to access the apps and data they need anytime, everywhere.
• Learn how to reduce cloud deployment timescales, increase efficiency and lower costs.
• Build an environment with increased security and an improved end user experience.

► Hunting for Lions & Bulls on the dark web

Etienne Greeff, CTO & Founder, SecureData

• Threat detection at a glance, what works and what doesn’t
• How criminals are finding new ways of monetising hacking 
• The state of the cybersecurity market 
• Pragmatic advice for addressing the new cybersecurity reality where everybody is a target, including legal firms

► Beyond Security: Zero Trust - Making the perimeter less lonely

Richard Archdeacon, Advisory CISO, Duo Security

• Concept of zero trust or the BeyondCorp model
• Why a zero trust model will reduce risk?
• Key elements in implementing a zero trust approach

► Using DNS to Combat Malware Threats

James Dowell, Senior Engineer - EMEA, Verisign

• Using DNS-based solutions to protect your network
• How to stop most DNS-reliant ransomware
• The weakness of C&C based malware
• Why antivirus apps, backups and training are not enough

Morning break and networking 

► Phishing: the number 1 cyber-risk 

Graham Thomson, CISO, Irwin Mitchell 

• What is the threat? How serious is it? And why is it the number one cybersecurity risk faced by law firms?
• Are you doing enough to mitigate the risk? Do you know how vulnerable you are?
• What are the pragmatic and cost effective solutions? From basic to advanced mitigations using people, process and technology
• What is the role of AI and machine learning? For the good guys and the bad

► New Era of Cyber Threats: The Shift to Self-Learning, Self-Defending Networks

Katie Hall, Senior Cyber-Security Manager, Darktrace

• Leveraging machine learning and AI algorithms to defend against advanced, never-seen-before cyber-threats
• How new immune system technologies enable you to pre-empt emerging threats and reduce incident response time
• How to achieve 100% visibility of your entire business including cloud, network and IoT environments
• Why automation and autonomous response are enabling security teams to neutralize in-progress attacks, prioritise resources, and tangibly lower risk
• Real-world examples of subtle, unknown threats that routinely bypass traditional controls

► Controlling the spectrum of Mobile Risk

Burak Agca, Enterprise Sales Engineer, Lookout UK

• Mobile security is a top priority – controlling the spectrum mobile risk
• Mobile phishing – trends, insights and Lookout-exclusive research   
• How to extend your current UEM to protect your company and customer’s data (Blackberry)

► Cloud Adoption Risk Awareness

Paulo Rodrigues, Cloud and Enhanced Technologies Solution Architect, Fortinet

• The current climate of cloud adoption euphoria. What are the potential security risks you might be missing?
• How to raise awareness of Cloud related risk
• Examining the pitfalls and potential ramifications

► Education Seminar 1:

Delegates will be able to choose from a range of topics:

• Protect the client, protect the firm: How cybersecurity risk affects the bottom line, Sam Brooks, Territory Manager, eSentire
• Data security protection for Law Firms in the Cloud, Ian Greenwood, Regional Sales Manager, Thales eSecurity
• Panamanian Behaviours – detecting and preventing the malicious insider, Nick Pollard, Security and Intelligence Director, EMEA, Nuix

Lunch and networking 

► Data risks and responding to a breach

Fergal Cathie, Partner, and Tom White, Partner, Clyde & Co. 

• Top tips for in-house IT teams in a data breach scenario
• Non-GDPR regulatory risks
• Handling data breaches: the cyber liability perspective and SRA issues 

► Staying agile in a world of ever-changing threats, without breaking the bank 

James Barrett, Senior Director, EMEA, Endace

• Incident investigations are taking too long because analysts do not have ready access to the right information and tools
• Business controls and budgets have a great impact on the agility of security teams
• Whilst client data continues to have significant value to criminals, these problems will only get worse
• How can businesses give their security teams the flexibility they need to do their jobs, without bankrupting the business?

► What makes law firms unique? Cross-industry, cross-sector security experiences

Anthony Stables, CIO, Forsters

• Is the business structure of law firms really unique? Cross-industry, cross-sector lessons ​
• Compare and contrast: what can the legal industry learn from others? 
• Building security from the ground up 

► Debunking the myths of A.I.

Carson Leonard, A.I. Product Lead, ZoneFox

• Understand what A.I. technology means for the legal sector
• Learn where the Law Firm can benefit from A.I.
• Discover where the legal sector can expect to see some immediate advantages of A.I. in the future

► A Day in the Life of a Mole: Detecting and Preventing Insider Threat

Jay George, Chief Operating Officer & Head of Consulting, Commissum

• Learn how the behaviour of rogue employees fits into patterns that can be detected – if you know what to look for
• Implementing technical and organisational measures to provide an early warning of malicious activity
• How to reduce the likelihood of malicious insiders being successful, without creating a culture of suspicion

Afternoon break and networking

► Executive Panel Discussion 

Regulations and Revolutions: how corporate structures and the regulatory landscape are changing. And what that means for security 

• Mike Worth, Head of IT, Phillips Solicitors
• Steve Byrne, Lead Information Security Officer, DWF

►The six issues and two elephants in cybersecurity legal services

Mark Jones, CISO, Allen & Overy 

• The six issues 
• The two elephants 
• Addressing those 

► Strong-form spear phishing - protecting against advanced threats 

Henry Trevelyan Thomas, Head of Client Development, Tessian

• Weak-form v strong-form spear phishing 
• Weak-form spear phishing can be prevented using perimeter-based defenses but organisations remain vulnerable to highly-targeted attacks
• Machine intelligence allows us to protect against the most advanced threats by understanding historical relationships 
   

► Balancing security capabilities, culture and clients.  A cry for help!

David Wood, IT Director, Watson Farley & Williams 

• WFW and security capabilities (our posture, resources, challenges around communications on security)
• Culture and clients: challenges we face in terms of kit, tools, people, local requirements
• Client security questionnaires and audits 
• How we manage today / How we are looking ahead

Closing remarks