In 2010, a computer security firm in Belarus stumbled upon Stuxnet, a mysterious virus of unparalleled complexity that was attacking systems in Iran. Unlike any other virus or worm built before, this one didn’t just simply hijack the targeted computers or steal information from them, it escaped the digital realm to wreak actual physical destruction on an Iranian nuclear facility. The first digital weapon discovered in the wild, Stuxnet shone a light on the potential for such attacks in the U.S., and what could happen if nation-state adversaries, terrorists or anonymous hacktivists were to launch destructive digital attacks against U.S. critical infrastructure. The hack of the Ukrainian power grid last year further showed how vulnerable critical systems are. In this session, Author Kim Zetter will talk about Stuxnet and the security issues around the digital systems that control our critical infrastructure – trains, planes, water treatment plants and the power grid – as well as the products of our daily lives, including cars and medical equipment. The Internet of Things is more than just your mother’s toaster.

Data protection legislation and regulatory enforcement actions are rapidly changing throughout the world, and are having an immediate impact on how organizations globally approach cybersecurity, privacy, breach notification and data storage and protection. From the General Data Protection Regulation in Europe, which takes effect in May 2018, the proposed dismantlement of Dodd-Frank and its impact on the Consumer Financial Protection Bureau’s enforcement power, to the new proposed cybersecurity regulations for New York banking institutions and discussions at the federal banking level for similar security mandates for some of the world’s largest U.S.-based banks, cybersecurity and regulatory reform will be top-of-mind for every business and organization across every sector.  What are the implications for the rise or demise of a legal “standard of care”?

One of the most valuable ways to learn is through interaction with your peers. Our “Speed Networking” session will provide an opportunity to meet practitioners who have similar challenges in the arena of fraud and breach prevention and discuss solutions to those potential obstacles. Mingle, share and learn in this unique, rapid fire and interactive environment.

Why do we continue to see so many cyber breaches? If we look at why most cyber breaches of the past year occurred, we see that it comes down to three major factors – the human factor, identities and credentials, and vulnerabilities. Living in a digital social society, we share more information, ultimately exposing ourselves to social-engineering and targeted spear-phishing attacks waged to compromise our systems for financial fraud or steal our identities to access trusted corporate information.  The perimeter has moved and we need to move with it. Learn about how identity and access management are evolving and becoming the new security perimeter.

During this session, our speaker will review:

• Why the traditional perimeter is no longer effective;
• What hacker techniques are being used to compromise organizations;
• What some governments are doing to protect their citizens; and
• What technologies can help create the new cyber security perimeter.

Monetarily motivated attacks are by far the most prevalent cyberthreats to organizations worldwide, yet vulnerability management techniques have largely failed to adapt to a threat landscape dominated by distributed crimeware. By understanding the commercialization of attack tools and services – particularly the vulnerabilities they use, re-use and share – vulnerability management can focus on the small subset of vulnerabilities that are exploited in the wild and packaged in distributed crimeware. This threat-centric approach improves vulnerability prioritization and focuses remediation on the relatively small number of exploitable vulnerabilities, greatly reducing risk through efficient, intelligent processes. This session will cover what’s been driving the shift to distributed cybercrime, how to align vulnerability management with real-world threat behavior, and what intelligence and tools are needed.

What are the biggest threats to your organization’s data? Recent high-profile cyberattacks would lead an organization to believe that its external threats are the most concerning. Unfortunately, this misconception allows another significant threat to your organization’s critical assets to remain completely under the radar – the threat of malicious and non-malicious insiders. While some insiders intend to do harm – malicious – many do not – non-malicious. Today, with so much of an organization’s valuable information digitized, it’s possible for an insider to steal or expose information unintentionally, without you knowing it. Which new technologies enable the detection of anomalous behavior patterns before an insider incident even occur? And what are the key five steps companies should take to develop an effective Insider Threat Detection Program? This session will explore some of the startling results of meticulous analysis of hundreds of real-life insider attacks from the CERT Insider Threat Center, part of the Software Engineering Institute at Carnegie Mellon University, and review some of the technical and behavioral risk indicators that could help organizations more readily identify an insider threat.