Fraud & Breach Prevention Summit: Atlanta

April 25-26, 2017

Watch Past Sessions Online

Keynote Speaker

Christopher Carr, Attorney General, State of Georgia

WELCOME / Letter from the Content Director

Tom Field

Tom Field

Vice President - Editorial, ISMG

Join us in Atlanta and hear from industry leaders such as keynote Christopher Carr, Attorney General State of Georgia, David Lott, Federal Reserve Bank of Atlanta and Nathan Kitchens, Department of Justice.  From IoT and the emerging use of deception technology, to the ever-persistent and ongoing business email compromise trend, DDoS for extortion and ransomware attacks, 2017 promises to have more than enough for all of us to talk about and learn from each other. We have intentionally designed our sessions to address the needs of CISOs, fraud and risk teams, security and IT professionals, and many others by providing hands-on tools and real-world problems and solutions that attendees can take back to their offices long after the summits end.

Details

W Atlanta Midtown

188 14th St NE
Atlanta, GA 30361

April 25th & 26th, 2017

 $795

View Sessions

Registering For a Group?
Call +1 (609)-356-1499

Tracy Kitten

Executive Editor, BankInfoSecurity & CUInfoSecurity

Randy Sabett

Vice Chair, Privacy & Data Protection Practice Group, Cooley LLP

Chris Carr

Attorney General, State of Georgia

Michelle Cobb

Chief Marketing Officer, Skybox

Randy Trzeciak

Insider Threat Research Team Technical Lead, CERT

David Lott

Payments Risk Expert, Federal Reserve Bank of Atlanta

Alex Mosher

Vice President of Security Strategy, CA Technologies

Christopher Pierson

Chief Security Officer and General Counsel, Viewpost

SPEAKERS / Featured Speakers For Our Atlanta Summit

Christopher Carr

Attorney General, State of Georgia

David Lott

Payments Risk Expert, Retail Payments Risk Forum, Federal Reserve Bank of Atlanta

Nathan Kitchens

Assistant United States Attorney - Computer Hacking and Intellectual Property Unit, Department of Justice

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Dr. Christopher Pierson

Founder & CEO, BLACKCLOAK

Robert Villanueva

Executive Vice President, Q6 Cyber and Founder of the Cyber Threat Intelligence Division of the US Secret Service

Chad Hunt

Supervisory Special Agent - Computer Intrusion Squad, FBI, Atlanta Division

Mark Gelhardt

AVP, Cyber Risk Remediation at US Bank/Elavon

Tom Field

Senior Vice President, Editorial, ISMG

Randy Sabett

Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP

Jim Harvey

Technology and Privacy Group, co-chairs the firm's Privacy & Security Task Force, Alston & Bird

Benjamin Dean

President, Iconoclast Tech; Fmr Fellow for Cyber Security and Internet Governance, Columbia SIPA

Jimmy Lummis

Associate Director of Cyber Security, Georgia Institute of Technology

Alex Mosher

Vice President of Security Strategy, CA Technologies

Randy Trzeciak

Director, CERT Insider Threat Center, CMU

John Buzzard

Fraud Subject Matter Expert, NICE Actimize

Seth Walters

Senior Research Scientist, Georgia Tech Research Institute

Denyette DePierro

VP & Senior Counsel - Center for Payments & Cybersecurity, American Bankers Association

Mike Spanbauer

Vice President of Research and Strategy, NSS Labs

Michelle Cobb

Chief Marketing Officer, Skybox Security

Allen O'Rourke

Cybersecurity Attorney, Womble Carlyle Sandridge & Rice, LLP

Bryce Austin

fmr Sr Group Manager and Retail Technology Program Lead at Target during the 2013 breach, TCE Strategy

Meet Our Speakers /

ISMG Global Events: 2020 and Beyond

ISMG's SVP of Editorial, VP of Global Events, and Group Director of Custom Events discuss the state of events.

The Critical Importance of Data Integrity

Microsoft's Diana Kelley on How to Keep Data Untampered

Steve Katz on Cybersecurity’s State of the Union

World's First CISO Weighs in on the Technologies and Trends Shaping 2019

The Challenge of Fighting Identity Fraud

IBM's Shaked Vax on Emerging Technologies to Assure Digital IDs

A Common Sense Guide to Mitigating Insider Threats

Randy Trzeciak of CERT Reviews the Latest Research

Schedule / Session Date & Times



8:00 am - 8:45 am

Registration, Breakfast & Exhibit Browsing

8:45 am - 9:00 am

Opening Remarks

9:00 am - 9:45 am

Protecting Georgians in the Era of Innovation

Speaker:
Christopher Carr, Attorney General, State of Georgia

As home to many high-profile enterprises, including Coca-Cola, Home Depot and UPS, the state of Georgia is sensitive to cybersecurity threats. And, in fact, the new US Army Cyber Command headquarters is currently under construction at Fort Gordon in Georgia. As the state's AG, Carr is committed to protecting consumers and enterprises from data breaches and fraud. In his opening keynote, Carr will discuss the types of schemes and attacks his office reviews, as well as how state entities are responding to improve cyber education and defenses.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

9:50 am - 10:20 am Fraud Track

Cyber Metrics: Recognizing Contingent Liabilities from Cyber Incidents

Speaker:
Benjamin Dean, President, Iconoclast Tech; Fmr Fellow for Cyber Security and Internet Governance, Columbia SIPA

Publicly listed companies are meant to recognize contingent liabilities, which are liabilities that may be incurred depending on the outcome of an uncertain future event, on their balance sheets. Cyber incidents are increasingly probable and known to impose costs and losses on businesses. Boards, regulators, insurers and investors are increasingly asking what these contingent liabilities might amount to following a series of high-profile cyber incidents in recent years (e.g., the Yahoo!/Verizon merger). Yet many companies still do not make contingent liability provisions for cyber incidents. This session will examine methods to estimate the financial impact of various classes of security incidents and introduce attendees to a framework for estimating the contingent liabilities that their companies might face in the future.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

9:50 am - 10:20 am Data Breach Track

Incident Response Planning and Your Organization, v. 2.0

Speaker:
Jim Harvey, Technology and Privacy Group, co-chairs the firm's Privacy & Security Task Force, Alston & Bird

Most sophisticated organizations have had their incident response plans in place for several years. But the landscape has changed, and incident response plans and planning that remain static are at risk of being counter-productive in today's environment. If you haven't dusted off your plan in even a couple of years, this session will provide an overview of changes in the landscape and what you need to do to be ready for them. We will discuss the evolving role of officers and directors, legal, the information security function, and risk management. We also will address the shifting perception of security incidents from the public and regulators, new laws across the globe, and how continuing evolution within the space impacts today's planning for security-related incidents.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

10:20 am - 10:50 am

Exhibiting & Networking Break

10:50 am - 11:20 am Fraud Track

Updating Your Endpoint Security Strategy: Is the Endpoint a New Breed, Unicorn or Endangered Species?

Speaker:
Mike Spanbauer, Vice President of Research and Strategy, NSS Labs

The concept of "What is an endpoint?" has rapidly evolved and expanded since the first BYOD policies. The industry is now full of endpoint security products touting new features; but with so many choices, what features matter? How do you know which endpoint security features best meet the organization's needs, use-cases and governance? Do you even know what your organization's use-cases are? Learn how security and general IT teams can work together to create an endpoint security strategy that helps your organization face threats and embrace opportunities for the future. Get a tour through the endpoint-protection technology "feature soup" and what testing has shown about these tools. Learn how security architects can adapt protections to suit different use-cases, regulatory requirements and risk tolerance.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

10:50 am - 11:20 am Data Breach Track

Privileged Access Management and Secure Code: Gaining an Inside and Outside View of Applications

Speaker:
Alex Mosher, Vice President of Security Strategy, CA Technologies

Many organizations are undergoing a transformation to support digital platforms and stay competitive; but in order to maintain security, they have to ensure that access to these platforms is limited and that security remains a priority. New vulnerabilities to cybercrime are being introduced through hybrid environments, ones that often include remote access to systems and servers, automation of processes, and concentration of administrative power. Limiting administrative power through privileged access management is increasingly critical, but so is authentication, as more legitimate users' credentials are being compromised and access to systems is being fooled by the coders. According to the 2017 Verizon Data Breach Investigations Report, today's breaches involve a "combination of human factors, hardware devices, exploited configurations or malicious software." How can these risks be mitigated while still keeping a competitive edge? This session will explore how taking a proactive stance can help mitigate risks, while still enabling the business to use tools that are necessary in today's digitally charged economy.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

11:25 am - 12:00 pm

Insider Threat Detection: How to Develop a Successful Program

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

What are the biggest threats to your organization's data? Recent media attention to high-profile cyberattacks would lead an organization to think external threats are its only concern. Unfortunately, this misconception allows another significant threat to your organization's critical assets to stay completely under the radar - the threat of malicious and non-malicious insiders. With so much of an organization's valuable information digitized today, it may be possible that an insider can steal your information or expose it unintentionally without you knowing it.

In this session, we will explore:

  • Some of the startling results of meticulous analysis of hundreds of real-life insider attacks;
  • Some potential technical and behavioral insider threat risk indicators;
  • Which new technologies enable the detection of anomalous behavior patterns often before an insider incident occurs; and
  • The five steps companies need to take in order to develop an effective Insider Threat Detection Program.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

12:00 pm - 12:45 pm

Speed Networking With Your Peers

One of the most valuable ways to learn often is through interaction with your peers. Our “Speed Networking” session will provide an opportunity to meet practitioners who have similar challenges in the arena of fraud and breach prevention and discuss solutions to those potential obstacles. Mingle, share and learn in this unique, rapid fire and interactive environment.

12:45 pm - 1:45 pm

Lunch

1:45 pm - 2:25 pm

Current Trends on Eurasian Cybercrime

Presenter: Robert Villanueva, Executive Vice President of Q6 Cyber and Founder of the Cyber Intelligence Section of the U.S. Secret Service in Washington, D.C.

Robert Villanueva, assistant special agent in charge (retired), and the founder of the United States Secret Service’s Cyber Intelligence Section, in this session will the current rise in the U.S. of data breaches, ransomware, business email compromises, phishing and computer network intrusions. The majority of these cybercrime incidents target U.S. merchants and the financial sector are perpetrated by educated malware writers and highly skilled hackers from Eastern Europe. Right now, many of these miscreants are actually living amongst us in major metropolitan areas in the United States. Villanueva will offer a unique and real-world perspective on financial cybercrime by illustrating specific case examples, local past arrests and highlighting some of their latest tactics/techniques. Additionally, Villanueva will be providing a “live demo” exposing some of these malicious criminal websites that are trafficking in enormous amounts of stolen data from both U.S. and international people and entities.

2:30 pm - 2:55 pm

The Rise of Cybercrime as a Service: Which Threats Should We Address First?

Speaker:
Michelle Cobb, Chief Marketing Officer, Skybox Security

Monetarily motivated attacks are by far the most prevalent cyberthreats to organizations worldwide, yet vulnerability management techniques have largely failed to adapt to a threat landscape dominated by distributed crimeware. By understanding the commercialization of attack tools and services - particularly the vulnerabilities they use, re-use and share - vulnerability management can focus on the small subset of vulnerabilities that are exploited in the wild and packaged in distributed crimeware. This threat-centric approach improves vulnerability prioritization and focuses remediation on the relatively small number of exploitable vulnerabilities, greatly reducing risk through efficient, intelligent processes. This session will cover what's been driving the shift to distributed cybercrime, how to align vulnerability management with real-world threat behavior, and what intelligence and tools are needed.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

3:00 pm - 3:15 pm

Exhbiting & Networking Break

3:15 pm - 3:45 pm

Fighting the Next Generation of Targeted BEC Attacks

Speaker:
Denyette DePierro, VP & Senior Counsel - Center for Payments & Cybersecurity, American Bankers Association

Business email compromise (BEC) attacks that impersonate executives and business partners to trick employees comprise the biggest cyberthreat organizations face today. This is not news. But what may come as a surprise is that the vast majority of BEC attacks are preventable. This session will review why email spoofing works, the role social media plays in social engineering, current BEC trends and attack methods, and advances in technology that are being used to identify and block BEC attacks before they hit the inbox.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

3:50 pm - 4:30 pm

Panel: We’ve Been Breached: Now What? How to Effectively Work with Law Enforcement and Regulators

Moderator: Tracy Kitten, Events Content Director and Executive Editor, BankInfoSecurity

Panelists: Robert Villanueva, Executive Vice President of Q6 Cyber and founder of the Cyber Intelligence Section of the U.S. Secret Service in Washington, D.C.; Nathan Kitchens, Assistant U.S. Attorney, Computer Hacking and Intellectual Property Unit, Northern District of Georgia; Jim Harvey, Cybersecurity Attorney, Technology and Privacy Group and co-chair of the Privacy and Security Task Force, Alston and Bird; and Chad Hunt, Supervisory Special Agent, FBI, Atlanta Division, Computer Intrusion Squad

Too many organizations continue to address breach response from a reactive mode – having a crude disaster-recovery plan in place in case something “does” happen, rather than accepting that something “will” happen and proactively preparing for it. In this session, a panel of legal, technical and law-enforcement experts will discuss what well prepared organizations are doing right, when it comes to proactive interaction with law enforcement, information sharing and breach investigation and response.

4:30 pm - 4:45 pm

Closing Remarks/Look Ahead to Day 2

4:45 pm - 6:00 pm

Cocktails & Networking

View Schedule
8:00 am - 8:45 am

Registration, Breakfast, & Networking

8:45 am - 9:00 am

Opening Remarks

9:00 am - 10:00 am

Perspective from Inside a Major Retail Breach

Speaker:
Bryce Austin, fmr Sr Group Manager and Retail Technology Program Lead at Target during the 2013 breach

Bryce Austin is a certified chief information security manager who weathered the storm as a senior group manager at Target during the retailer's November 2013 breach - a breach that resulted in the exposure of 40 million payment cards and personally identifiable information linked to an additional 70 million customers. Ultimately, the compromise of a third-party vendor was to blame for the initial breach, as was the case in many other recent cybersecurity incidents. But Target was not let off the hook. The Target breach went on to set a new standard for how the C-suite, the United States Congress and the public respond to breaches. In this session, Austin, who in his spare time doubles as a car-racing enthusiast and driver, will draw parallels between automobile racing and today's data breaches, noting how both can quickly turn from "smooth sailing" to "out of control" in the blink of an eye. What could have been done beforehand to prevent these retail breaches from ever taking place? Here, Austin will review how budgetary constraints can make the necessary focus on technology security elusive, while the user experience is often in opposition to security "best practices."

During this session, Austin will review and explore:

  • Real-world lessons learned from major cybersecurity breaches of late and how they could have been prevented;
  • How to respond to a cybersecurity incident from a non-technical standpoint: public relations, law enforcement involvement, and contract negotiation with vendors;
  • How to develop an emotional connection with teams in times of crisis;
  • How to make new regulations a competitive advantage for your company; and
  • New technologies that can combine an improved user experience with tightened security

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

10:05 am - 10:45 am

Cyber Attack Trends 2017 and Beyond: Protecting Your Business in Cyberspace

Speaker:
Steve Durbin, Managing Director, Information Security Forum

As the scale and sophistication of cyber-attacks increases, coupled with new legislation and the complexity of technology, businesses need to manage risk in ways beyond those traditionally handled by the information security function. In this session, Steve Durbin, managing director of the Information Security Forum, an independent, not-for-profit organization dedicated to investigating, clarifying and resolving key issues in information security and risk management, will discuss the top global security threats for 2017 and beyond. Durbin also will share insights into how security and business teams across an organization can work together to minimize the impact of cyber-attacks on shareholder value and business reputation.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

10:45 am - 11:05 am

Exhibiting & Networking Break

11:05 am - 11:45 am

The Evolution of Payments Fraud and the Emerging Threat Landscape

Speakers:
Dr. Christopher Pierson, Founder & CEO, BLACKCLOAK
David Lott, Payments Risk Expert, Retail Payments Risk Forum, Federal Reserve Bank of Atlanta
John Buzzard, Fraud Subject Matter Expert, NICE Actimize
Mark Gelhardt, AVP, Cyber Risk Remediation at US Bank/Elavon

As information-security threats intensify, organizations risk becoming disoriented - focused more on grappling with complex technology, an explosion of data, increased regulation and a debilitating skills shortage. The rollout of EMV technology is just one piece of that, as it has changed the face of payments fraud. Here, our panel of experts will review how the face of payments fraud has changed in the wake of the EMV rollout, and explore what is next on the horizon. Payment fraud spans more than just cards; and as more digital channels are used for funds transfers and payments, the channels impacted by payments fraud are expanding. By preparing for the unknown, organizations can ensure they have the flexibility to withstand unexpected, high-impact security attacks and events. This session will review the top global security threats for 2017 and how organizations can prepare for them.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

11:50 am - 12:20 pm

Blockchain Tech: We Could Learn a Cybersecurity Thing or Two from Bitcoin

Speaker:
Seth Walters, Senior Research Scientist, Georgia Tech Research Institute

Although developed as a core technology underlying the infamous bitcoin, the blockchain ledger mechanism is proving to have a multitude of potential use-cases, from IoT micropayments to capital market trading, retail banking and even voting. The bitcoin blockchain is, in effect, a distributed ledger, shared with hundreds of thousands of automated machine auditors all running the bitcoin open-source code; they verify the authenticity of every transaction, drastically reducing, if not completely eliminating, fraudulent entries. But contrary to popular belief, bitcoin does not guarantee bulletproof anonymity. Emerging forms of cryptocurrency are privacy-preserving. This brings new complexity to both business transactions and justice in the wake of cybercrime. In this session, we'll walk through the potential impact of broader blockchain deployment, and review cybersecurity lessons blockchain technology provides for other deployments.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

12:20 pm - 1:05 pm

Lunch

1:05 pm - 1:35 pm

Mobile Wallets and Emerging Fraud

Speaker:
David Lott, Payments Risk Expert, Retail Payments Risk Forum, Federal Reserve Bank of Atlanta

By 2019, nearly 90 million mobile wallet users will be providing a valuable stream of interchange revenue and transaction data for wallet providers. Offering a mobile wallet is a competitive move that financial institutions and issuers simply cannot ignore. But attackers have interest in mobile wallets as well, and the mobile wallet is a key target for fraudsters attracted by the allure of credit cards and weaker fraud mitigation. A clear path through the mobile wallet landscape has not been revealed for avoiding major fraud pitfalls. New approaches and technologies hold promise for a path forward

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

1:40 pm - 2:10 pm Fraud Track

Artificial Intelligence and Machine Learning: How They Both Intersect with Cybersecurity

Speaker:
Randy Sabett, Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP

Artificial intelligence has been called a future technology that will drive the Fourth Industrial Revolution. Its impact on the job force is one leading reason. But within the technology industry, AI's impact is best seen in the realm of cybersecurity, where machine learning is helping organizations more readily react and respond to emerging cyberthreats. Machine learning can help organizations identify risks and classify them sooner, which enables incident response teams to implement preventive actions before security threats manifest. But machine learning will inevitably be used by attackers to improve their own skills and tactics. So what can and should the industry be doing now to prepare for the advantages and disadvantages AI and machine learning offer? In this session, cybersecurity attorney Randy Sabett,a former National Security Agency crypto-engineer, will explore the impact AI and machine learning are having on cybersecurity, and the risks companies need to be considering.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

1:40 pm - 2:10 pm Data Breach Track

The Retail Cybersecurity Threat Landscape - Attacks on All Fronts

Speaker:
Mark Gelhardt, AVP, Cyber Risk Remediation at US Bank/Elavon

Consumer serving industries are under continual attack, as cybercriminals find that the interface between the customer and the retail outlet is where the money is. The assault is occurring on all fronts, be it through the physical point-of-sale or ecommerce gateway, the enterprise and its supply chain, or the customer endpoint. The retail industry is seeing rampant increases in the complexity of fraud campaigns, which are creating a convergence of cybersecurity and fraud-prevention strategies. The assault on all fronts has created new approaches to prevention, detection and response. What lessons can other industries learn from the data security advances and mistakes the payment industry has made over the years? This session will review the various tools and solutions at use within the payment card space to fight against fraud, and why ongoing work to devalue data, regardless of what type of data it is, has become increasingly critical. What are the most prominent threats facing the retail and consumer products/goods/services industries? And how have the cybersecurity practices we use today evolved over the last 20 years?

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

2:15 pm - 2:55 pm

Deception Technology: When It Works, It Works. But What about When It Goes Wrong?

Speakers:
Allen O'Rourke, Cybersecurity Attorney, Womble Carlyle Sandridge & Rice, LLP
Dr. Christopher Pierson, Founder & CEO, BLACKCLOAK
Jimmy Lummis, Associate Director of Cyber Security, Georgia Institute of Technology

Deception is the most successful strategy in military history. Just as armies used deceit to conquer continents, cyber-deception is being used by more and more organizations to exploit a hacker's greatest weakness - being a human, after all, behind a keyboard. Deception techniques such as honeypots are not a new. But new techniques and capabilities are delivering new approaches to how cyberthreats are dealt with, proactively. During this session, we will deconstruct recent attacks from a hacker's perspective and show how you can use deception technology to detect stealthy attacks, illuminate network blind spots and minimize breach detection time - highlighting the benefits of deception defenses. But what about when these techniques don't work as planned? Can deception technology actually create more problems long-term? We will explore the positives and negatives of deception technology.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

2:55 pm - 3:15 pm

Closing Remarks

View Schedule

SPONSORS / Supporting Organizations

CA Technologies
NSS Labs
Skybox

LOCATION / Venue & Address

W Midtown Atlanta
188 14th St NE
Atlanta, GA 30361

Visit Venue Website

W Midtown Atlanta

40 Bank St,
Canary Wharf, London
E14 5NR, UK

Register Now

WATCH SESSIONS ONLINE

For our premium members, we offer online webinars from all of our past events. Become a member now to get access to keynotes and important sessions from previous events.

Become a Member

Registering For a Group?
Call + 1 (609)-356-1499  or email at events@ismg.io