Speaker:
Bobby Ford, CSO, Hewlett Packard Enterprise & former Global CISO, Unilever

As global CISO of one of the world's oldest and largest consumer goods enterprises, Bobby Ford sees not only the accelerated journey cybersecurity leaders have experienced in 2020, but also where the trip may be headed in 2021. In this exclusive keynote interview, Ford discusses the challenges of the current year and the promise of the new one, with emphasis on:

• The CISO's shift from security to business risk management
• The challenge of prioritizing multiple needs with limited resources
• How to rationalize the technology stack

Speaker:
Jeremy King, International Director, PCI Security Standards Council

Referencing a classic science fiction film, Jeremy King of the PCI Security Standards Council calls 2020 "The year the Earth stood still." And in this session, he details exactly what that means, with a look at:

• The payment card security challenges created by quarantine;
• New PCI SSC guidance for connectivity, malware and device security
• Updates of two important PCI SSC standards - the Software security framework and the PCI DSS V4.0.

Speaker:
Chris Goettl, Director of Product Management, Ivanti

Ransomware is a prevalent cybersecurity threat. Threat actors are constantly changing tactics looking for new ways to force ransom payments. With each new emerging ransomware threat family, the size and scope of threats are more aggressive too. This has led to incredible increases in the average ransoms paid over the past eighteen months. In this session, we will look at recent ransomware trends, the critical changes to threat actor behaviors, and discuss the strategies and technologies organizations need to defend themselves against this evolving threat.

Speakers:
Andrew McGuigan, Security Engineer Manager, Global Accounts, Check Point Software Technologies
Becky Pinkard, Head of Global Cyber Defence, Vodafone & former CISO, Aldermore Bank
Nic Miller, Virtual CISO, Aedile Consulting

2020 saw major challenges for the world, not least for the cybersecurity industry. So as organizations and societies recover from pandemic-battling postures, what strategic adjustments and controls must CISOs employ as we enter 2021, particularly at a time when resources may be limited and uncertainty looms? Join this exclusive panel for unique insight into:

• Lessons learnt in 2020 and how these will impact 2021;
• Challenges for 2021 and how to prepare for them;
• Strategizing and budgeting for the year ahead.

Speakers:
Ed Lewis, Partner, Weightmans
Kadir Levent, Chief Operating Officer, CyberClan
Mark Singer, Claims Focus Group Leader - London Market & Wholesale Cyber & Tech, Beazley Group
Winston Krone, Global Managing Director, Kivu

A panel of IT forensic, legal and insurance experts will speak to the ever-present theme of data exfiltration threats in ransomware scenarios, how to protect against it, how to deal with it when it happens and the ensuing challenges.

Speaker:
Chris Thomas, Managing Director EMEA, Emailage

This session will explore the results of our unique 500+ consumer survey on why attitudes to fraud have changed since the pandemic, how that's adding new operational risk, and the long-term impact on the eCommerce and Payments industry. Changing consumer behavior in eCommerce shows the pressing need for retailers to enhance the customer experience while reducing online payment fraud amidst COVID-19.

You will learn:

• How changing consumer behavior has placed greater reliance on online payments since March 2020
• Why consumers are more concerned about fraud
• How eCommerce retailers can strike a delicate balance between risk appropriate friction and improve customer experience
• Where complex checkout processes dramatically impact user acquisition and loyalty

Speaker:
Ameya Talwalkar, Co-Founder and Chief Product Officer, Cequence Security

With APIs pervasive across your organization, powering apps, and enabling digital transformation, you need to consider whether your existing infrastructure and security tools can identify security gaps before they become incidents and if they can withstand an industrialized attack. API coding errors and malicious bots are a significant cause of fraud and theft-related revenue losses, infrastructure overspending, poor customer experience, and brand damage.

In this talk, we'll explore several case studies of API attacks and techniques and discuss what's needed to protect your applications and your business from suffering damages.

Key takeaways

How attackers are evolving to bypass detection

How cybercriminals beat traditional approaches

How Machine Learning and AI can provide help detect and defend against malicious bots

Why an end-to-end API security strategy is imperative to making your apps less attractive to criminals

Speaker:
Scott McAvoy, Cloud Security Competency Lead, IBM

The global pandemic has accelerated digital transformation and cloud adoption for all organisations. This journey to cloud has created some challenges for the security teams, who already are overwhelmed with volumes of security events and suffering with the security data spread across multiple tools, clouds and IT environments. However, the journey to Cloud also represents an opportunity to get Security right. Join this session to hear the lessons on how to get Security right with an open and integrated Security approach.

Speaker:
Tom Smith, Senior Solutions Architect, Veracode

Veracode recently released its first State of Software Security: Open Source edition report to analyse data on open source libraries that could expose companies to data breach risk. We found that 71% of all applications contain flawed open source libraries, and that the majority of those flaws come from downstream dependencies that might escape the notice of developers. A single flaw in one library can cascade to all applications that leverage that code. Open source software has a surprising variety of flaws. An application's attack surface is not limited to its own code and the code of explicitly included libraries, because those libraries have their own dependencies. In reality, developers are introducing much more code, but if they are aware and apply fixes appropriately, they can reduce risk exposure.

What you will come away with:

• The prevalence of open source libraries in applications
• The types of vulnerabilities most common in open source libraries
• The best practices for addressing the security vulnerabilities in open source code

Speaker:
Simon Jackson, Director Systems Engineering, A10 Networks Inc

Modern cyberattacks are not limited to network intrusions from outside by hackers. "Internal threat actors" can often be found at the center of a complex mix of simple social engineering attacks and sophisticated, multi-staged infections and data breaches.

The Zero Trust model, based on the simple principle of "trust nobody", defines rules which enhance the security of networks against modern cyberattacks, whether they are initiated from the outside or within. However, with most of the internet traffic being encrypted, it is becoming increasingly difficult to implement the Zero Trust model in an effective way.

The session will cover:

• The role of "internal threat actors" and TLS encryption in modern cyberattacks
• How the Zero Trust model defines the future of cybersecurity
• Why effective decryption is essential for a fool proof Zero Trust strategy

Speaker:
Lee Harris, MSSP & Cloud Pak for Security Sales Leader, IBM EMEA

Join this session to learn about IBM Cloud Pak for Security, an open platform that helps you uncover hidden threats, make more informed risk-based decisions and prioritise your team's time. With IBM Cloud Pak for Security you can:

• Gain Security insights: connect to your existing data sources to generate deeper insights; securely access IBM and third-party tools to search for threats across any cloud or on-premises location.
• Respond faster to threats: quickly orchestrate actions and responses to those threats - all while leaving your data where it is.
• Run it anywhere: Install and run the platform in any environment

Speaker:
Andy Bates, Executive Director, Global Cyber Alliance

Andy Bates, executive director of the Global Cyber Alliance, shares his insights on key cybersecurity and fraud challenges facing UK organizations in the year ahead, with an emphasis on:

• Emerging threats
• IoT vulnerabilities
• How defenders and defenses must adapt

Speakers:
Andrew Rose, Resident CISO - EMEA, Proofpoint
Mark Walmsley, CISO, Freshfields Law Firm

Business Email Compromise (BEC) attacks are increasingly used by attackers as a way of targeting organizations. According to Gartner, through to 2023, BEC attacks will continue to double each year to over $5 billion and lead to large financial losses for enterprises. How can CISOs respond to this ever increasing threat? Join this exclusive panel for unique insight into:

• What a successful compromise of an organization's email system looks like
• Strategies to detect and respond to BEC attacks
• Why education and awareness training is still crucial and how to deliver it in a way that works.

Speaker:
Fredrik Forslund, Vice President, Enterprise & Cloud Erasure Solutions, Blancco

According to EY, consumers, regulations, and business concerns are driving UK public and private sector industries to re-examine their data disposition processes, particularly for sensitive and personal information. We'll show how UK enterprises can ensure data security at data end-of-life, comply with data protection laws, and align data disposal policies with both the National Data Strategy and environmental goals.

Speaker:
Andrew Barnard, Senior Sales Engineer, Shape Security

Web and mobile apps now represent the single most lucrative set of targets for cybercriminals - which means that application security has never been more important. Together, our combined F5 and Shape Security solutions deliver a comprehensive application security stack that marries best-in-class defences with the simplicity and ease of a single vendor.

Attend this session to learn how F5 and Shape Security can help you achieve:

• Detection and mitigation from vulnerability exploits to denial-of-service attacks
• Better application performance and uptime
• Measurable cost savings for hosting and bandwidth costs
• Slashed losses due to fraud and abuse

Speakers:
Jeff Kilford, UK Client Compute Group Director, Intel
Marika Dziuba, Technical Solution Specialist - EMEA, Intel

Many businesses are implementing software security solutions. But as hackers get more sophisticated, threats are attacking the hardware layer. Hardware-based security features built-in to the hardware provide an important layer of protection for business devices, applications, and data. The Intel vPro® platform includes groundbreaking technologies that accelerate and scale security beyond software or human based approaches alone. It delivers hardware-enhanced security features designed to help protect the other layers of the computing stack. Intel® Hardware Shield

Speaker:
Sam Humphries, Head of Security Strategy, EMEA, Exabeam

Security orchestration, automation, and response (a.k.a. SOAR) is the cool kid on the block in security right now. Implementing SOAR requires a both a strategic and a tactical approach, in order to avoid pitfalls and ensure ongoing success. The benefits of SOAR are many-fold - such as improving operational efficiency and accuracy, reducing risk, and deriving more value from your current security stack. Considering why, when, and how your organisation should embark on a SOAR initiative requires careful planning. Choosing the right tools and technologies, selecting the right processes, and implementing the right measurements are key to the success of many an initiative, and in the case of SOAR are absolutely vital. During this session you will learn:

The fundamentals of SOAR

How SOAR can help your organisation, in more ways than you might think

How to approach your SOAR initiative

What you should and shouldn't automate

How to measure SOAR success

Speakers:
Jonathan Armstrong, Partner, Cordery
Shelton Newsham, Cyber Protect Lead and Cyber Prevent Lead Regional Cyber Crime Unit

The pandemic triggered a rise in cybersecurity incidents this year; many organizations were unprepared to securely support a mass remote workforce. As some offices are reopening and companies adopt a hybrid workplace model, what previously unidentified incidents will organizations find upon their return to the office and how can organizations improve their security postures in this landscape? Join this exclusive panel for unique insight into:

• The unique security and privacy risks associated with the return to the office;
• The need to revisit, review, and revise incident response plans;
• Legal and compliance issues "to watch" in 2021.

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

A remote workforce. Economic stress. Pandemic fatigue. These ingredients create a "perfect storm" for insider risk, whether through malicious acts or accident. What can you do to improve monitoring and mitigation of insider risk in these unique conditions?

Randy Trzeciak, director of the CERT Insider Threat Center at Carnegie Mellon University, is one of the world's leading authorities on preventing, detecting, and responding to insider incidents. In this exclusive session, he details:

• The latest research on insider incidents
• Unique risks created within today's remote workforce
• How to mitigate the risks posed by malicious and unintentional insider threats

Speaker:
Jasbir Singh Solanki, CEO - Homeland & Cyber Security, Mahindra Defence Systems Limited

Jasbir Solanki, CEO of the Homeland and Cyber Security division of Mahindra Defense System Limited, likes to call his group "The special services of cybersecurity." In this exclusive session, Solanki shares his unique perspective on what to expect in 2021, including:

• Lasting impacts of COVID-19
• Evolving threats to individuals and organizations
• How CISOs should approach the second year of remote work, multi-cloud environments and defending an exponentially larger attack surface.