We’re kicking off our 2017 series of Fraud & Breach Prevention summits in January, with our fifth North American event taking place in August in New York. New York will focus on technology-driven problems and solutions of interest to a wide range of industries, including financial services. From IoT and the emerging use of deception technology, to the ever-persistent and ongoing business email compromise trend, DDoS for extortion and ransomware attacks, 2017 promises to have more than enough for all of us to talk about and learn from each other. We have intentionally designed our sessions to address the needs of CISOs, fraud and risk teams, security and IT professionals, and many others by providing hands-on tools and real-world problems and solutions that attendees can take back to their offices long after the summits end.
WELCOME / Letter from the Content Director
FEATURED SPEAKERS / Featured Speakers For Our New York City Summit
Meet Our Speakers
Creating New Efficiencies in Vendor Risk Management
Stephen Boyer of BitSight Technologies on Rethinking Strategies
The Need for Next-Generation Endpoint Protection
Dan Schiappa of Sophos on Strategies for Advanced Threat Response
The Emergence of Analytics and Machine Learning
CA Technologies' Mordecai Rosen on How to Reduce Friction in Security
The Power of Cognitive Security
Denis Kennelly of IBM Security Describes a Cognitive Security Operations Center
Behavioral Analytics: The Defender’s New Edge
Cybereason's Sam Curry on the Promise of New Technology Solutions
Phishing: Inside the New Attacks
Agari's Markus Jakobsson on How the Attackers are Getting Stealthier
The Evolution of Vendor Risk Management
Jasson Casey of SecurityScorecard on Giving Enterprises New Tools, New Views
Integrated Security Platform: How to Get There
Skybox Security's Kevin Flynn and Ravid Circus on the Business, Security Benefits
Schedule / Session Date & Times
Kimberly Sutherland, Senior Director of Fraud and Identity Management Strategy, Lexis Nexis
Data breaches feed the market for fraudsters to steal identities, which challenges traditional approaches to identifying the genuine from the fraudster. We hear that knowledge-based authentication is dead. But trust in any single defense is flawed. No single route to "trust" should be applied. We should never lose sight that consumers need reassurance that their data and identity is being managed properly during the onboarding. So, maybe KBA is not really dead. As part of a multilayered system that uses data insights, shared fraud reports, device-level data, document verification and biometrics, KBA can be used safely. Organizations need to adapt and change their approaches dynamically, reacting to risk by product, channel or data intelligence.
Kevin Flynn, Director of Products, Skybox
Monetarily motivated attacks are by far the most prevalent cyberthreats to organizations worldwide, yet vulnerability management techniques have largely failed to adapt to a threat landscape dominated by distributed crimeware. By understanding the commercialization of attack tools and services - particularly the vulnerabilities they use, re-use and share - vulnerability management can focus on the small subset of vulnerabilities that are exploited in the wild and packaged in distributed crimeware. This threat-centric approach improves vulnerability prioritization and focuses remediation on the relatively small number of exploitable vulnerabilities, greatly reducing risk through efficient, intelligent processes. This session will cover what's been driving the shift to distributed cybercrime, how to align vulnerability management with real-world threat behavior, and what intelligence and tools are needed
Scott Ramsey, Managing Director of Cybersecurity and Resiliency Consulting, FIS
The Internet-of-Things poses tremendous cybercrime challenges with crafting a meaningful risk-based financial crime management strategy. In this session, we'll cover the meaning of cybersecurity in the context of fraud and customer trust, an understanding on the meaning and purpose of a cyber threat intelligence program, when, where, and how to use anomalous behavior analytics, assessing the technical risks vendors pose and emerging endpoint protection products requirements.
Exhibiting & Networking Break
Andy Chandler, former SVP, General Manager - InTELL & DetACT, Fox-ITDavid Pollino, Deputy Chief Security Officer, Bank of the WestDenyette DePierro, VP & Senior Counsel - Center for Payments & Cybersecurity, American Bankers Association
Moderator: Howard Anderson
In the wake of recent of recent ransomware attacks, such as WannaCry, which have plagued healthcare organizations, in particular, for the last year, what lessons do we have yet to learn? Ransomware attacks are nothing new, and while WannaCry was widespread, it was not sophisticated or stealthy, necessarily. So why did it have such an impact?
In this session, our panelists will discuss why the "wartime mindset" has yet to be embraced, and why CISOs need to take charge and lead the way toward developing more effective security action plans.
Experienced healthcare CISOs and legal experts will:
- Provide real-world insights into how to create an effective cybersecurity action plan;
- Spell out the core elements of breach prevention, detection and response strategies; and
- Identify security technologies that can play an effective role in supporting a so-called "wartime" strategy
Speed Networking with Presenters and Peers
One of the most valuable ways to learn is through interaction with your peers. Our “Speed Networking” session will provide an opportunity to meet practitioners who have similar challenges in the areas of fraud and breach prevention, and discuss solutions to potential obstacles. Mingle, share and learn in this unique, rapid-fire and interactive environment.
Ed Cabrera, Chief Cybersecurity Officer, Trend Micro
In this session, Trend Micro will review its own research into Pawn Storm (a.k.a., APT28, Fancy Bear, Strontium, etc.), which exposes the scope and scale of the cyber-espionage attacks the cyber tradecraft of those who wage these attacks. Trend Micro's researchers have observed activity dating back to 2004, with attacks that have been targeting government, military, media and political organizations around the world. This session will review how the groups that wage cyber-espionage attacks have shifted their focus toward cyber-propaganda over the past two years, with a 400 percent increase in targeting activity in 2016 alone. Additionally, this session will cover the extensive threat vectors that are used to target victims and how organizations can understand these threats and come up with ways to combat them.
Ben Smith, Field CIO, RSA
How is it that, while cybersecurity spending is approaching $100 billion annually, attacks such as ransomware, distributed-denial-of-service and data theft remain so prevalent? Congressional reports about recent breaches such as the OPM breach read like Keystone Cops scripts. IT and security leaders are exhausted, if not defeated. And while many business executives remain bewildered by "The Cyber," some of the answers may ultimately be found in applying relevant business context to cybersecurity operations - translating the language of IT security to that of business risk, ultimately arriving at better strategy and decision-making. In this session, Peter Beardmore of RSA will explore the challenges and practical on-ramps for getting started on the journey of improving risk mitigation and cybersecurity maturity.
Alex Mosher, Vice President of Security Strategy, CA Technologies
Many organizations are undergoing a transformation to support digital platforms and stay competitive; but in order to maintain security, they have to ensure that access to these platforms is limited and that security remains a priority. New vulnerabilities to cybercrime are being introduced through hybrid environments, ones that often include remote access to systems and servers, automation of processes, and concentration of administrative power. Limiting administrative power through privileged access management is increasingly critical, but so is authentication, as more legitimate users' credentials are being compromised and access to systems is being fooled by the coders. According to the 2017 Verizon Data Breach Investigations Report, today's breaches involve a "combination of human factors, hardware devices, exploited configurations or malicious software." How can these risks be mitigated while still keeping a competitive edge? This session will explore how taking a proactive stance can help mitigate risks, while still enabling the business to use tools that are necessary in today's digitally charged economy.
Paul Bowen, Principal Security Technologist, Arbor Networks
The pressure is on for all industries to upgrade their cyber-protection policies. New York is the first state to initiate a 180-day grace period for all financial services companies to upgrade both cyber policies and protection. As New York's new cyber mandates roll out, other states and industries will likely follow. During this session, Arbor Networks' Principal Security Technologist Paul Bowen will outline the impact of these new regulations, and provide an incident response framework that helps with compliance and preventing an inevitable compromise from turning into a breach.
Exhibiting & Networking Break
Robert Villanueva, Executive Vice President, Q6 Cyber and Founder of the Cyber Threat Intelligence Division of the US Secret Service
Robert Villanueva, assistant special agent in charge (retired), and the founder of the United States Secret Service's Cyber Intelligence Section, in this session will the current rise in the U.S. of data breaches, ransomware, business email compromises, phishing and computer network intrusions. The majority of these cybercrime incidents target U.S. merchants and the financial sector are perpetrated by educated malware writers and highly skilled hackers from Eastern Europe. Right now, many of these miscreants are actually living amongst us in major metropolitan areas in the United States. Villanueva will offer a unique and real-world perspective on financial cybercrime by illustrating specific case examples, local past arrests and highlighting some of their latest tactics/techniques. Additionally, Villanueva will be providing a "live demo" exposing some of these malicious criminal websites that are trafficking in enormous amounts of stolen data from both U.S. and international people and entities.
Mike Spanbauer, Vice President of Research and Strategy, NSS Labs
The concept of "What is an endpoint?" has rapidly evolved and expanded since the first BYOD policies. The industry is now full of endpoint security products touting new features; but with so many choices, what features matter? How do you know which endpoint security features best meet the organization's needs, use-cases and governance? Do you even know what your organization's use-cases are? Learn how security and general IT teams can work together to create an endpoint security strategy that helps your organization face threats and embrace opportunities for the future. Get a tour through the endpoint-protection technology "feature soup" and what testing has shown about these tools. Learn how security architects can adapt protections to suit different use-cases, regulatory requirements and risk tolerance.
Lisa Sotto, Managing Partner, Chair of Global Privacy and Cybersecurity Practice, Hunton & WilliamsRichard T. Jacobs, Assistant Special Agent in-Charge, Cyber Branch, FBI-NYRobert Villanueva, Executive Vice President, Q6 Cyber and Founder of the Cyber Threat Intelligence Division of the US Secret Service
Closing Remarks / Look Ahead to Day 2
Cocktails & Networking
Registration, Breakfast, & Networking
Randy Trzeciak, Insider Threat Research Team Technical Lead, CERT
What are the biggest threats to your organization's data? Recent media attention to high-profile cyberattacks would lead an organization to think external threats are its only concern. Unfortunately, this misconception allows another significant threat to your organization's critical assets to stay completely under the radar - the threat of malicious and non-malicious insiders. With so much of an organization's valuable information digitized today, it may be possible that an insider can steal your information or expose it unintentionally without you knowing it.
In this session, we will explore:
Exhibiting & Networking Break
Mitch Zahler, CISO, Proactive Cyber Security; former SVP - Cybersecurity, HSBC
Benjamin Dean, President, Iconoclast Tech; Fmr Fellow for Cyber Security and Internet Governance, Columbia SIPATim Francis, Vice President and Enterprise Lead for Cyber Insurance, Travelers' Business Insurance
Moderator: Tracy Kitten, Director of Global Content, ISMG
The financial risks to organizations from data breaches come from a variety of angles, from share price hits to class-action lawsuits to fines from regulators to reputational damage. As such, the insurance industry has jumped full steam into cyber. Larger insurers are already helping companies spot and mitigate weaknesses as part of their coverage, as well as helping post-incident with response and remediation. But how often are CISOs involved in the cyber-insurance decision-making process? Not often enough. In this engaging panel discussion about the role cyber-insurance plays today in every line of business, Tim Francis, vice president and enterprise lead for cyber insurance at Travelers, will kick us off with a 10-minute overview of the current state of affairs, highlighting why it's so critical to get CISOs involved in cyber-insurance decisions from Day 1. CISOs have historically not been too keen to see money invested in risk-transfer protections; instead, they'd rather see that money spent on security. So, how and should their perspectives about cyber-insurance change? After Tim's presentation, we will move to into a panel discussion to further explore questions and views on cyber insurance.
Christopher Pierson, Chief Security Officer and General Counsel, ViewpostRichard Parry, Principal, Parry Advisory; former Risk Management Executive, JPMorgan ChaseTom Kellermann, Chief Executive Officer/Partner, Strategic Cyber Ventures