Session ONE – Defending against Risks and Vulnerabilities, Developing Resilience, Deterring Cyber-attacks
- A review of the risk landscape and emerging vulnerabilities that pose a serious threat to business and government
- Working in Partnership to reduce the attack surface and solve strategic security challenges
- Understanding threat vectors and actors, trends and priorities
- Building skills, capabilities, capacity and responsiveness
The Conference Chair’s Opening Remarks
Dan Raywood, Contributing Editor, Infosecurity Magazine
Keynote Address: The National Cyber Security Strategy (2016-2020)
National Cyber Security Centre (invited)
The National Cyber Security Centre provides a hub of expertise for businesses and individuals to build resilience and respond to major incidents. This morning address covers the three key pillars of the latest cyber security strategy: defend, deter and develop. We also explore how the NCSC is developing relationships with new partners to protect key interests, what steps it has taken to address systemic vulnerabilities and providing leadership on key national cyber security issues.
Working in Partnership to Manage Risks
National Cyber Crime Unit (invited)
Cyber security is not just an IT issue. It presents a real and potent business risk. We look at:
- The nature of the risks facing businesses
- How companies are creating alliances and partnerships to deal with growing cyber risks
- How businesses can stay ahead of the curve, and how they can outpace attackers
Case Study - Transport for London
Richard Bell, Interim Chief Information Security Officer, Transport for London
Using Network Intelligence to tackle evasive Insider Threats
Director Of Product Management, Corvil
81 percent of hacking-related breaches leveraged stolen and/or weak passwords (DBIR, 2017). Once an attacker gains a foothold within a network, with a compromised user account, tracking their activity such as lateral movement becomes challenging and the damage they can cause is severe. For security teams, network traffic tends to be understood as one of the most valuable sources of insight, but also one of the most difficult to extract those insights from. Based on over 10 years of experience analysing network traffic for the top 20 global banks, learn best practice on how to listen to your network to accelerate the time it takes to investigate and respond to such evasive attacks.
Case Study - Lloyds Banking Group
Boris Taratine, Chief Cybersecurity Architect, Lloyds Banking Group
What does a healthy Insider Threat Programme look like?
Director for Products and Solutions, at Forcepoint EMEA
Insider threat remains a topical and emotive point of discussion, and not just among technology and security professionals but across society in general.
This session aims to share best practices and experiences gained from real world insider threat deployments and incidents.
This presentation will include:
- Insider threat programme best practices
- What constitutes acceptable monitoring of employees’ interaction with employer networks, systems & datalevels
Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
Cyber Insurance – Why it Matters
There are significant consequences attached to cyber breaches. These include among other things the loss of customer data, financial costs, penalties from regulators, disruption of services and reputational damage. What can be done to mitigate the fallout of any breach? Is cyber insurance worth considering?
Case Study - National Crime Agency
Richard Wright , Senior Officer – Security Education, National Crime Agency
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session TWO – A New Approach to Cyber Security
Aligning cybersecurity objectives and strategy to the business imperative for growth.
The Conference Chair Opens the Afternoon Session
How is the relationship between your Records Management and Security experts?
Martin Fletcher, Assurance and Information Management Consultant, The National Archives
The development of technology in data use and storage is faster than it has ever been before. Because of this it is vital that records management and cyber security experts work closely together to ensure that information is handled responsibly and all staff understand what is required of them.
But how often is this close relationship actually the case? What can be done to help facilitate communication of good practice across the business? The National Archives’ Martin Fletcher discusses his experiences talking to organisations across the public and private sector about boosting security through improved communication.
Partly Cloudy with a Chance of Mobile
Senior Security Researcher, SecureWorks Counter Threat Unit
As IT infrastructure and our relationship with computing devices evolves, so does our threat profile. This session explores emerging areas where intrusions are occurring, exploring specific threats that SecureWorks Counter Threat Researchers have identified, as well as those areas where activity is declining. We will cover observed activity in:
- Mobile platforms
- Cloud Infrastructure
- Traditional enterprise system exploitation.
Training your Employees to Be a Last Line of Defence Against Cyber-Attacks
John Hield, Information Security and Compliance Manager, Veolia
John’s role is to ensure that the 5,500 end users in the UK and Ireland that work for Veolia are able to work (cyber) safely and compliantly. After running five different phishing email tests on his employees earlier this year, John was worried to find that over 700 people fell victim to the tests. For this reason, he turned away from traditional methods of cyber security and awareness training, like in-person sessions, videos and blogs, embracing instead an interactive, gamified approach from Wombat Security Technologies.
Since the interactive training modules were launched within the company on June 12th of this year, as of the end of July, over half had completed compulsory modules, including all of the board. A further 2,000 end users completed voluntary training, with modules on mobile device security and the GDPR being the most popular modules to be voluntarily completed.
In this speaking session, John will explain why he thinks that interactive, gamified cyber security awareness has been so popular with Veolia’s end users, as well as the further benefits of such technology, such as rapid ROI and advanced auditing capabilities, which will be vital for the upcoming GDPR and its relevant legislation.
Case Study - Insurance
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Case Study - British Council
Ian Goodwin, Director of Information Governance and Risk Management, British Council
Margaret Wookey, Head of Information Risk, British Council
Case Study - London Digital Security Centre
John Unsworth, Chief Executive, London Digital Security Centre
Cyber-Threat, Risk and Harm
Detective Chief Inspector Vanessa Smith, Yorkshire and Humber Regional Cyber Crime Unit
DCI Smith’s presentation will provide insights into:DCI Smith’s presentation will provide insights into:
- An awareness of cyber crime
- An overview of the types of cybercrimes committed
- Profile types of those who commit cyber crime
- Recommendations of how to protect yourself from becoming a victim of cybercrime
- Cyber-attacks on businesses and the impact caused
- Traditional crime versus cybercrime
- Cost of cybercrime
Case Study - JISC
Steve Kennett, Security Director & Senior Information Risk Owner (SIRO), Jisc
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Close, Delegates Depart
Whitehall Media reserve the right to change the programme without prior notice.