Session ONE – Defending against Risks and Vulnerabilities, Developing Resilience, Deterring Cyber-attacks
- A review of the risk landscape and emerging vulnerabilities that pose a serious threat to business and government
- Working in Partnership to reduce the attack surface and solve strategic security challenges
- Understanding threat vectors and actors, trends and priorities
- Building skills, capabilities, capacity and responsiveness
The Conference Chair’s Opening Remarks
Keynote Address: The National Cyber Security Strategy (2016-20)
National Cyber Security Centre (invited)
The National Cyber Security Centre provides a hub of expertise for businesses and individuals to build resilience and respond to major incidents. This morning address covers the three key pillars of the latest cyber security strategy: defend, deter and develop. We also explore how the NCSC is developing relationships with new partners to protect key interests, what steps it has taken to address systemic vulnerabilities and providing leadership on key national cyber security issues.
Working in Partnership to Manage Risks
Cyber security is not just an IT issue. It presents a real and potent business risk. We look at:
- The nature of the risks facing businesses
- How companies are creating alliances and partnerships to deal with growing cyber risks
- How businesses can stay ahead of the curve, and how they can outpace attackers
New Tech, New Risks – The Fourth Industrial Wave
Disruptive technologies like the IoT, mobile, cloud, big data and blockchain are expanding the cyber-attack surface. The Dyn attack in 2016 showed how exploiting connected devices can have a colossal impact on the internet. As our personal, professional and social lives become more interconnected – and dependent on cyberspace – we ask what emerging risks lie ahead of us and how we can prepare for them.
Combatting Cybercrime: Trends and Priorities
British businesses have reported a 22 percent increase in cybercrime in the past year, resulting in more than £1bn in losses. We consider what is being done to:
- Develop a clearer picture of patterns and trends in cybercrime
- Disrupt cybercriminal networks
- Build capabilities to mitigate risks
- Mitigate cybercrime through partnerships, aggregation and analysis of reported breaches
How to Respond to a Cyber Breach
This session will cover three considerations:
- The basics of what would constitute a reportable breach, who do you report it to, and when do you report it by, will be considered in the context of national and international legislative requirements
- Examples of what needs to be in place to enable a cyber breach to be reported in an accurate and timely way
- Punitive actions, current levels of fines, versus likely future levels
Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
The Cyber Skills Deficit
The cyber security workforce shortfall presents serious challenges for both businesses and government. A report commissioned by Intel Security and the Centre for Strategic and International Studies (CSIS) found that 3 out of 4 IT experts claim there is a cybersecurity talent shortage across the UK. Those surveyed identified threat analysis as the number one skill that is lacking. We look at how one organisation is rising to the challenge, and opening up new pathways to attract, recruit, train and retain much-sought after talent in the cybersecurity domain.
Why Current Security Techniques are Failing
Traditional security approaches are failing to proactively identify and block adversary activity. Most security tools address part of the cyber kill-chain. This session looks at:
- Continuous breach prevention techniques
- Real-time intelligence and monitoring
- Machine learning and automated security
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session TWO – A New Approach to Cyber Security
Aligning cybersecurity objectives and strategy to the business imperative for growth.
The Conference Chair Opens the Afternoon Session
Building your Security Function
Numerous surveys have shown that executives and corporate boards are focused on emerging risks. This is not surprising given the sophistication and frequency of cyber-attacks. But, as ISACA’s ‘State of Cybersecurity’ report for 2016 shows, while four out of five cybersecurity and InfoSec professionals say their boards are concerned, only one in seven CISOs report to the CEO.
We look at the role of senior board management in developing a cogent corporate cyber security strategy.
- How should senior management assess cyber risks and develop an appropriate strategy and controls?
- What specific responsibilities should be given to Chief Risk Officers, Chief Information Security executives?
- How can security professionals better communicate with business leaders, and align cyber security strategies with enterprise objectives?
The Human Factor in Security
User behaviour remains a critical security pitfall for many organisations. Targeted spear-phishing attacks which use social engineering techniques to maximise the chance of success have been correlated with data loss, stolen user credentials and breaches. What should your organisation be doing to mitigate the risks associated with users?
Cyber Insurance – Why it Matters
There are significant consequences attached to cyber breaches. These include among other things the loss of customer data, financial costs, penalties from regulators, disruption of services and reputational damage. What can be done to mitigate the fallout of any breach? Is cyber insurance worth considering?
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
The Important Role of Cyber Security Research
Thirteen UK universities have been recognised as Academic Centres of Excellence in Cyber Security Research (ACE-CSRs) by the Department for Culture, Media and Sport, along with the Engineering and Physical Sciences Research Council (EPSRC) and GCHQ. These universities are carrying out the best UK cyber security research.
We explore how collaboration between academia and business is helping to drive forward cutting-edge innovations and generating new areas of growth for the cyber security industry.
Preparing your organisation for the European General Data Protection Regulation (EU GDPR)
Organisations now hold more data than ever before. And as the number of security breaches rises, so too do the penalties. One organisation received a fine of £250,000 from the UK regulator in 2013. But, based on its 2014 turnover, that same organisation could be fined up to £198m under the new EU GDPR set to come into force in May 2018.
This session explores best practice around:
- Reviewing vendor contracts
- The full data lifecycle from storage to destruction
- Embedding consent, right to be forgotten in policies and procedures
- Establishing data breach notification procedures
- Appointing a data protection officer
- Training staff to avoid malpractice
- Compliance audits to identify and remedy issues
Keynote Closing Address: Managing Security at the Speed of Business
Our closing session explores:
- What is being done across Europe to build greater collaboration between investigators, industry, government and academia
- How intelligence is being pooled to disrupt rogue actors
- What can be done to keep pace with evolving threats
- New tools and technologies to ward off breaches, manage crises
- Steps taken to build cyber defence capability and capacity
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Close, Delegates Depart
Whitehall Media reserve the right to change the programme without prior notice.