WELCOME / Summit Overview

ISMG’s annual Fraud & Breach Summit will address topics ranging from Authentication, New Account Fraud, Biometrics, Payments Fraud, Investigations, Phishing and Email Fraud, Employee Access, Blockchain Applications, Insider Fraud, Analytics Applications and much more.

All content will be driven by our global editorial team including executive editors from publications like DataBreachtoday, BankInfoSecurity, GovInfoSecurity and HealthcareInfoSecurity. These events will provide the opportunity to learn from industry influencers, earn CPE credits, and meet with leading technology providers.

Details

Dallas, TX

April 16th, 2019

$595

Registering For a Group?
Call + 1 (609)-356-1499

Event Gallery

Asif Effendi

Director of Security, GE Oil & Gas - Digital

Andy Ulrich

Head of Security, Americas, Ericsson

Ian Schneller

Senior Vice President, Global Information Security, Bank of America

Jay Johnson

Partner, Jones Day

Tom Field

SVP Editorial, ISMG Corp.

Shawn Tuma

Partner, Scheef & Stone LLP

David Houlding

Principal Healthcare Program Manager, Microsoft

Randy Trzeciak

Director, CERT Insider Threat Center, CMU

SPEAKERS / Featured Speakers

Asif Effendi

Director of Security, GE Oil & Gas - Digital

Ian Schneller

SVP, Global Information Security, Bank of America

Andy Ulrich

Head of Security, Americas, Ericsson

Tom Field

Senior Vice President, Editorial, ISMG

Jay Johnson

Partner, Jones Day

Ronald Raether

Partner, Partner at Troutman Pepper

Randy Trzeciak

Director, CERT Insider Threat Center, CMU

Art Ehuan

Managing Director, Alvarez & Marsal Disputes and Investigations, LLC

Brett Leatherman

Supervisory Special Agent, FBI

Kristin Judge

CEO, Cybercrime Support Network

Carl Gustas

Solutions Engineer, Cequence Security

Call for Speakers is Now Open!

Interested in addressing ISMG’s global audience of cybersecurity, information security, fraud, risk and compliance professionals?

Click here to learn more!

Schedule / Session Date & Times

Tuesday, April 16^th

Hall A
Hall B
Hall C
Hall D

8:00 am - 8:45 am

Registration, Breakfast & Exhibit Browsing

8:45 am - 9:00 am

Opening Remarks

9:00 am - 9:45 am

Industrial Control Systems: How to Mitigate Espionage, Breach and Other Risks

Businesses that use industrial control systems, such as the oil & gas industry, have the same cybersecurity exposures that are found in non-industrial businesses: theft of intellectual property, exposure of customer and employee information, exposure of financial information, etc. However, these businesses have the added exposures associated with the industrial control systems used in the manufacturing or production processes. These include safety and health of the company’s workers, safety and health of the public near the industrial installations, impact on the environment, regulatory compliance, and more. As a result, cyber-attacks and other IT security issues have become a top industry concern.

The presentation will focus on discussing:

The unique risks;
Associated impacts on organizations, employees and customers;
High-level solutions for protection.

9:50 am - 10:20 am

Cyber Metrics: Recognizing Contingent Liabilities from Cyber Incidents

Publicly listed companies are meant to recognize contingent liabilities, which are liabilities that may be incurred depending on the outcome of an uncertain future event, on their balance sheets. Cyber incidents are increasingly probable and known to impose costs and losses on businesses. Boards, regulators, insurers and investors are increasingly asking what these contingent liabilities might amount to following a series of high-profile cyber incidents in recent years (e.g., the Yahoo!/Verizon merger). Yet many companies still do not make contingent liability provisions for cyber incidents. This session will examine methods to estimate the financial impact of various classes of security incidents and introduce attendees to a framework for estimating the contingent liabilities that their companies might face in the future.

10:20 am - 10:50 am

Exhibiting & Networking Break

10:50 am - 11:20 am

Incident Response Plans: Avoiding Common Mistakes through a Table Top Exercise

Speaker:
Ronald Raether, Partner, Partner at Troutman Pepper

During this workshop, Troutman Sanders partner Ron Raether will discuss the benefits of table top exercises. He then will explain how to conduct an effective exercise walking through mock incidents and explaining the process. Participants will:

Walk through several common incident scenarios and observe lessons to be learned when discussed by an incident response team;
Learn key features in an incident response plan and how the table top exercise works to improves each component;
Hear of common mistakes made by companies when executing an incident response plan.

11:20 am - 11:30 am

Tech Spotlight

Sponsored by Sonatype

11:30 am - 12:00 pm

Lunch

12:00 pm - 1:00 pm

Post-EMV: The Present and Future of Retail Fraud

Speakers:
Jon Phillips, VP Loss Prevention, Neiman Marcus Group
Shamoun Siddiqui, CISO, Neiman Marcus

With the adoption of the EMV standard for payment cards, the associated card fraud has increasingly gone down. This has resulted in cyber criminals shifting focus to other forms of fraud such as gift card fraud and fraud related to online retail purchases which are processed as Card Not Present (CNP) transactions. This has opened up new avenues for cyber defense and mitigation techniques. This presentation takes a look at:

The evolving state of fraud in the retail industry
New cyber defense techniques being utilized, including bot protection, device fingerprinting and advanced machine learning to detect fraudulent transactions.

1:00 pm - 1:45 pm

The Legal Case for Cyber Risk Management Programs and What They Should Include

“Cyber” has been treated as “just an IT issue” for far too long. It is not “just an IT issue”-cyber is an overall business risk issue that must be properly managed to comply with many laws and regulations, meaning it is also a legal issue. In this session we will examine:

The most impactful recent legal and regulatory developments including case updates, FTC enforcement actions, the New York Cybersecurity Regulations, and the GDPR;
How the application of these rules requires companies to have a robust and continuously maturing cyber risk management program;
Key elements the program must include.

1:50 pm - 2:30 pm

Applying Ecosystem Risk Management to Reduce Fraud

Most organizations today have a complex and huge supplier/partner eco-system. There are third parties, fourth parties – lots of different vendors supplying many different products and services. And yet most enterprise third-party security programs still rely on manual, point-in-time, largely subjective assessments to evaluate and manage the security risk of their third parties.

At a time when regulators are shining a bright light on third party programs – how do you prove you are doing enough?

In this session, our security expert will share:

Data on the state of cybersecurity in the financial industry;
How the IoT landscape has made risk management even more complex;
Insights on how shifting to an ecosystem risk model can enable more proactive risk management approach.

2:35 pm - 3:05 pm

Exhbiting & Networking Break

3:05 pm - 3:25 pm

Finding Fraud Using Machine Data

Speaker:
Jim Apger, Sr Security Architect, Splunk

Security hygiene can be poor, and criminals know it. Fraudulent activity costs are in the billions worldwide across industries, and over 16 million consumers in the US were victims of identity theft or fraud in the past year. Learning to onboard new data at the speed of the business will ensure your fraud team can detect and investigate data to quickly find anomalies and reduce loss of money, reputation and organizational efficiencies.

In this session you will learn:

How to recognize examples of fraudulent activities in your environment;
How to more quickly find anomalies of transactions or behaviors of accounts that are fraudulent, acting fraudulently or being taken over;
Recommendations and best practices on how to get started detecting fraudulent patterns and activities by using machine data and an analytics-driven security platform.

3:25 pm - 3:55 pm

Fighting the Next Generation of Targeted BEC Attacks

Business email compromise (BEC) attacks that impersonate executives and business partners to trick employees comprise the biggest cyberthreat organizations face today. This is not news. But what may come as a surprise is that the vast majority of BEC attacks are preventable. This session will review why email spoofing works, the role social media plays in social engineering, current BEC trends and attack methods, and advances in technology that are being used to identify and block BEC attacks before they hit the inbox.

4:00 pm - 4:45 pm

How Fraudsters have Monetized the Dark Web

We often hear about the Dark Web and how criminals use it to commit criminal activity. This session will dive deeper into how the Dark Web operates and how fraudsters hide their identify and buy/sell illicit good and services with anonymity. The following topics will be covered:

See how the Dark Web works
Understand how fraudsters operate on the Dark Web
What organizations can do to protect their data from being bought/sold on the Dark Web