The biggest companies (the Fortune 500 Types) are more often than not taking matters into their own hands when it comes to breach prevention, eschewing long-term relationships with vendors and charting their own courses with a dizzying array of technologies. Meanwhile, the “unfortunate” 5,000 and beyond fall further behind, struggling to find talent and budget, while security industry vendors produce evermore granular point products that leave everyone unsatisfied and exhausted. Does this sound like the prospects are good for reducing breaches and fraud? The short answer: No.

During this session, our speaker will review possible paths forward for practitioners, as well as what they should be looking for from vendors, service providers and their own management.

Many organizations are undergoing a transformation to support digital platforms and stay competitive; but in order to maintain security, they have to ensure that access to these platforms is limited and that security remains a priority. New vulnerabilities to cybercrime are being introduced through hybrid environments, ones that often include remote access to systems and servers, automation of processes, and concentration of administrative power. Limiting administrative power through privileged access management is increasingly critical, but so is authentication, as more legitimate users’ credentials are being compromised and access to systems is being fooled by the coders. How can these risks be mitigated while still keeping a competitive edge?

Monetarily motivated attacks are by far the most prevalent cyberthreats to organizations worldwide, yet vulnerability management techniques have largely failed to adapt to a threat landscape dominated by distributed crimeware. By understanding the commercialization of attack tools and services – particularly the vulnerabilities they use, re-use and share – vulnerability management can focus on the small subset of vulnerabilities that are exploited in the wild and packaged in distributed crimeware. This threat-centric approach improves vulnerability prioritization and focuses remediation on the relatively small number of exploitable vulnerabilities, greatly reducing risk through efficient, intelligent processes. This session will cover what’s been driving the shift to distributed cybercrime, how to align vulnerability management with real-world threat behavior, and what intelligence and tools are needed.

E-commerce sites face an ongoing fraud battle: Their login forms are constantly hit by bots using stolen credentials to try to take over accounts. And as security as the physical point-of-sale strengthens, namely because of EMV, attackers will turn their focus to ecommerce, waging more account takeover schemes like those we saw plaguing online banking years ago. In this session, we will review how and why phishing attacks, used to steal online credentials, are plaguing e-commerce and spurring account takeover.

The pressure is on for all industries to upgrade their cyber-protection policies. New York is the first state to initiate a 180-day grace period for all financial services companies to upgrade both cyber policies and protection. As New York’s new cyber mandates roll out, other states and industries will likely follow. During this session, our expert will outline the impact of these new regulations, and provide an incident response framework that helps with compliance and preventing an inevitable compromise from turning into a breach.

Too many organizations continue to address breach response from a reactive mode – having a crude disaster-recovery plan in place in case something “does” happen, rather than accepting that something “will” happen and proactively preparing for it. In this session, a panel of legal, technical and law-enforcement experts will discuss what well prepared organizations are doing right, when it comes to proactive interaction with law enforcement, information sharing and breach investigation and response.