Session ONE – Defending against Risks and Vulnerabilities, Developing Resilience, Deterring Cyber-attacks
- A review of the risk landscape and emerging vulnerabilities that pose a serious threat to business and government
- Working in Partnership to reduce the attack surface and solve strategic security challenges
- Understanding threat vectors and actors, trends and priorities
- Building skills, capabilities, capacity and responsiveness
The Conference Chair’s Opening Remarks
Dan Raywood, Contributing Editor, Infosecurity Magazine
Keynote Address: The National Cyber Security Strategy (2016-2020)
National Cyber Security Centre (invited)
The National Cyber Security Centre provides a hub of expertise for businesses and individuals to build resilience and respond to major incidents. This morning address covers the three key pillars of the latest cyber security strategy: defend, deter and develop. We also explore how the NCSC is developing relationships with new partners to protect key interests, what steps it has taken to address systemic vulnerabilities and providing leadership on key national cyber security issues.
Working in Partnership to Manage Risks
National Cyber Crime Unit (invited)
Cyber security is not just an IT issue. It presents a real and potent business risk. We look at:
- The nature of the risks facing businesses
- How companies are creating alliances and partnerships to deal with growing cyber risks
- How businesses can stay ahead of the curve, and how they can outpace attackers
Cyber Security Imperatives for the Fourth Industrial Wave
Direct Line Group (invited)
Disruptive technologies like the IoT, mobile, cloud, big data and blockchain are expanding the cyber-attack surface. The Dyn attack in 2016 showed how exploiting connected devices can have a colossal impact on the internet. As our personal, professional and social lives become more interconnected – and dependent on cyberspace – we ask what emerging risks lie ahead of us and how we can prepare for them.
Combatting Cybercrime: Trends and Priorities
London Digital Security Centre (LDSC)
British businesses have reported a 22 percent increase in cybercrime in the past year, resulting in more than £1bn in losses. We consider what is being done to:
- Develop a clearer picture of patterns and trends in cybercrime
- Disrupt cybercriminal networks
- Build capabilities to mitigate risks
- Mitigate cybercrime through partnerships, aggregation and analysis of reported breaches
How to Respond to a Cyber Breach
Royal Bank of Scotland (invited)
This session will cover three considerations:
- The basics of what would constitute a reportable breach, who do you report it to, and when do you report it by, will be considered in the context of national and international legislative requirements
- Examples of what needs to be in place to enable a cyber breach to be reported in an accurate and timely way
- Punitive actions, current levels of fines, versus likely future levels
Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
Cyber Insurance – Why it Matters
There are significant consequences attached to cyber breaches. These include among other things the loss of customer data, financial costs, penalties from regulators, disruption of services and reputational damage. What can be done to mitigate the fallout of any breach? Is cyber insurance worth considering?
Transport for London Case Study
Richard Bell, Interim Chief Information Security Officer, Transport for London
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session TWO – A New Approach to Cyber Security
Aligning cybersecurity objectives and strategy to the business imperative for growth.
The Conference Chair Opens the Afternoon Session
Building your Security Function
Head of Information Security, Tesco (invited)
Numerous surveys have shown that executives and corporate boards are focused on emerging risks. This is not surprising given the sophistication and frequency of cyber-attacks. But, as ISACA’s ‘State of Cybersecurity’ report for 2016 shows, while four out of five cybersecurity and InfoSec professionals say their boards are concerned, only one in seven CISOs report to the CEO.
We look at the role of senior board management in developing a cogent corporate cyber security strategy.
- How should senior management assess cyber risks and develop an appropriate strategy and controls?
- What specific responsibilities should be given to Chief Risk Officers, Chief Information Security executives?
- How can security professionals better communicate with business leaders, and align cyber security strategies with enterprise objectives?
The Human Factor in Security
National Health Service (invited)
User behaviour remains a critical security pitfall for many organisations. Targeted spear-phishing attacks which use social engineering techniques to maximise the chance of success have been correlated with data loss, stolen user credentials and breaches. What should your organisation be doing to mitigate the risks associated with users?
Case Study - Banking
Boris Taratine, Chief Cybersecurity Architect, Lloyds Banking Group
Case Study - Insurance
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Cyber-Threat, Risk and Harm
Detective Chief Inspector Vanessa Smith, Yorkshire and Humber Regional Cyber Crime Unit
DCI Smith’s presentation will provide insights into:
- An awareness of cyber crime
- An overview of the types of cybercrimes committed
- Profile types of those who commit cyber crime
- Recommendations of how to protect yourself from becoming a victim of cybercrime
- Cyber-attacks on businesses and the impact caused
- Traditional crime versus cybercrime
- Cost of cybercrime
Cyber Security in the HE Sector
Steve Kennett, Security Director & Senior Information Risk Owner (SIRO), Jisc
Preparing your organisation for the European General Data Protection Regulation (EU GDPR)
Information Commissioner’s Office (invited)
Organisations now hold more data than ever before. And as the number of security breaches rises, so too do the penalties. One organisation received a fine of £250,000 from the UK regulator in 2013. But, based on its 2014 turnover, that same organisation could be fined up to £198m under the new EU GDPR set to come into force in May 2018.
This session explores best practice around:
- Reviewing vendor contracts
- The full data lifecycle from storage to destruction
- Embedding consent, right to be forgotten in policies and procedures
- Establishing data breach notification procedures
- Appointing a data protection officer
- Training staff to avoid malpractice
- Compliance audits to identify and remedy issues
Keynote Closing Address: Managing Security at the Speed of Business
Our closing session explores:
- What is being done across Europe to build greater collaboration between investigators, industry, government and academia
- How intelligence is being pooled to disrupt rogue actors
- What can be done to keep pace with evolving threats
- New tools and technologies to ward off breaches, manage crises
- Steps taken to build cyber defence capability and capacity
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Close, Delegates Depart
Whitehall Media reserve the right to change the programme without prior notice.