ISMG Events
  • Summits
  • Roundtables
  • Faculty
  • About ISMG Events
  • Contact us

Fraud & Breach Prevention Summit: Toronto

September 11-12, 2018 - Omni King Edward Hotel

View Sessions

WELCOME / Letter from the Editor

Tom Field

Tom Field

SVP, Editorial, ISMG

Our 2018 series of Fraud & Breach Prevention summits continues with our sixth North American event taking place in September in Toronto. This event will focus on technology-driven problems and solutions of interest to a wide range of industries. From ransomware attacks to IoT risks, GDPR compliance to insider threat mitigation, 2018 promises to have more than enough for all of us to talk about and learn from each other. We have designed our sessions to address the needs of CISOs, fraud and risk teams, security and IT professionals, and many others by providing hands-on tools and real-world solutions that attendees can take back to their offices and put to use.

Details

Omni King Edward Hotel

$1,195 CAD

View Sessions

Registering For a Group?
Call + 1 (609)-356-1499

  • Event Gallery

Brett Johnson

Former Most Wanted and "The Original Internet Godfather"

Imran Ahmad

Partner - Blake, Cassels & Graydon LLP

Matthew Maglieri

CISO, Ashley Madison's parent company Ruby Life Inc.

Kenrick Bagnall

Detective Constable - Computer Cyber Crime (C3) Intelligence Services, Toronto Police Service

Ruth Promislow

Partner, Commercial Litigation, Fraud and Cybersecurity Practice, Bennett Jones LLP, Toronto

Gord Jamieson

Head of Visa Canada Risk Services

Randy Trzeciak

Director, CERT Insider Threat Center, CMU

Tom Field

SVP - Editorial, ISMG

SPEAKERS / Featured Speakers

Brett Johnson

Former Most Wanted and "The Original Internet Godfather"

Gord Jamieson

Senior Director of Canada Risk Services, Visa

Matthew Maglieri

CISO, Ruby, parent company of Ashley Madison

Imran Ahmad

Partner - Blake, Cassels & Graydon LLP

Ruth Promislow

Partner, Commercial Litigation, Fraud and Cybersecurity Practice, Bennett Jones LLP, Toronto

Tom Field

Senior Vice President, Editorial, ISMG

Kenrick Bagnall

Detective Constable - Computer Cyber Crime (C3) Intelligence Services, Toronto Police Service

Richard Henderson

Head of Global Threat Intelligence, Lastline

Randy Trzeciak

Director, CERT Insider Threat Center, CMU

Jade Catalano

Sr. Product Manager, Splunk

Ryan Duquette

Partner, Security and Privacy Risk Consulting, RSM Canada

Chris Eng

Vice President of Research, Veracode

Robert Falzon

Director, Americas International Engineering, Check Point Software

Dan Larson

Vice President of Product Marketing, CrowdStrike

Michael Lynch

Chief Strategy Officer, InAuth

Saba Shariff

Head, New Product Development & Innovation, Symcor

Gary Sockrider

Principal Security Technologist, NETSCOUT Arbor

Nick Holland

Director, Banking and Payments, ISMG

Shawn Taylor

Customer Evangelist, Systems Engineer, ForeScout Technologies

Denis Ryan

Senior Director, Field Sales-Email Fraud, Proofpoint

Dr. Matt Kraning

CTO & Co-Founder, Expanse

Allan Stojanovic

Security Architect and Analyst, University of Toronto

Ted Trush

Enterprise Fraud Prevention Specialist, RSA

Meet Our Speakers

ISMG Global Events: 2020 and Beyond

ISMG's SVP of Editorial, VP of Global Events, and Group Director of Custom Events discuss the state of events.

The Critical Importance of Data Integrity

Microsoft's Diana Kelley on How to Keep Data Untampered

Steve Katz on Cybersecurity’s State of the Union

World's First CISO Weighs in on the Technologies and Trends Shaping 2019

The Challenge of Fighting Identity Fraud

IBM's Shaked Vax on Emerging Technologies to Assure Digital IDs

A Common Sense Guide to Mitigating Insider Threats

Randy Trzeciak of CERT Reviews the Latest Research

Schedule / Session Date & Times



  • Tuesday, September 11th

  • Wednesday, September 12th

  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:00 am -
8:45 am
8:00 am - 8:45 am

Registration, Breakfast & Exhibit Browsing

8:45 am -
9:00 am
8:45 am - 9:00 am

Opening Remarks

9:00 am -
9:50 am
9:00 am - 9:50 am

Cybercrime Exposed: Insights from a Former US Most Wanted Cybercriminal

Speakers:
Brett Johnson, Former Most Wanted and "The Original Internet Godfather"
Imran Ahmad, Partner - Blake, Cassels & Graydon LLP
Ryan Duquette, Partner, Security and Privacy Risk Consulting, RSM Canada

Brett Johnson, referred to by the United States Secret Service as "The Original Internet Godfather" has been a central figure in the cybercrime world for almost 20 years. He founded and was the leader of Counterfeitlibrary.com and Shadowcrew.com. Working alongside the top cyber criminals of our time, he helped design, implement, and refine modern Identity Theft, ATO fraud, Card Not Present fraud, IRS Tax Fraud and countless other social engineering attacks, breaches and hacking operations.

Join Johnson and an expert panel to discuss:

  • His involvement in online crime;
  • The current state of cybercrime, the crooks and the crimes they commit;
  • How to avoid being a cybercrime victim.
9:55 am -
10:40 am
9:55 am - 10:40 am

Visa on: Securing the Future of Digital Payments

Speaker:
Gord Jamieson, Senior Director of Canada Risk Services, Visa

The scale of connectedness we're experiencing is unprecedented. The pace of change and technology advancement in recent years could be compared to another industrial revolution. But the connectedness that allowed us to bring the power and security of the Visa network to each transaction in real time, also created the potential for criminals to reach into the payment system from anywhere in the world. This presentation will examine how Visa is securing the future of digital payments.

10:45 am -
10:50 am
10:45 am - 10:50 am

Tech Spotlight - "The Criminals Don’t Operate in Silos and Neither Should We"

5-minute Tech Spotlight session featuring:
Saba Shariff, Head of New Product Development & Innovation, Symcor

10:50 am -
11:10 am
10:50 am - 11:10 am

Exhibit & Networking Break

11:10 am -
11:40 am
11:10 am - 11:40 am Track A

How Open Source Components Increase Speed - and Risk of Breach

Speaker:
Chris Eng, Vice President of Research, Veracode

Open source and third-party components help developers build and deploy applications faster. But with increased speed comes greater risk. Vulnerabilities in components are a hidden cost of free software. And their widespread use creates opportunities for attackers looking to exploit the most possible victims by breaching a single vulnerability, which could lead to later incidents of breach. To reduce these risks, development and security teams need strategies to tackle the challenge of securing their applications from vulnerabilities in third-party and open source components.

What you will learn:

  • Why development teams use components and how components ultimately create greater risk of breach
  • How to reduce risk through strategies including component inventories and developer education
  • How software composition analysis technologies can help you keep track of your component use and be ready when a vulnerability hits the news
11:10 am - 11:40 am Track B

The Evolution of Cyber Warfare: Defending Against Persistent & Ever-Evolving Threats

Speaker:
Shawn Taylor, Customer Evangelist, Systems Engineer, ForeScout Technologies

The concept of deploying multiple layers of security controls throughout IT systems was just the first step in the evolution of cyber warfare. Now organizations are equipped with a broad portfolio of tool sets providing a false sense of security.

View this session, which explores:

  • The current dynamics of the marketplace
  • The challenges of layered security;
  • How an in-depth defense strategy can create overconfidence that paves the way for cybercriminals.
11:50 am -
12:30 pm
11:50 am - 12:30 pm

GDPR and You: We're a Quarter Year In, What's Actually Changed?

Speaker:
Richard Henderson, Head of Global Threat Intelligence, Lastline

We've spent countless hours and dollars getting ready for the arrival of the EU'S GDPR. In the months since, what's actually changed? How have companies reacted? What should we expect going forward in the EU, and in North America? Has it been all bark and no bite? This session will outline how companies dealt with GDPR's arrival, and how other jurisdictions around the world have put the wheels in motion to create their own sharp-toothed legislations in the wake of the EU's changes.

12:30 pm -
1:30 pm
12:30 pm - 1:30 pm

Lunch

1:30 pm -
2:00 pm
1:30 pm - 2:00 pm Track A

Internet of Things: Is Winter Coming?

Speaker:
Robert Falzon, Director, Americas International Engineering, Check Point Software

The concept of the Internet of Things (IoT) truly represents a radical shift in how companies will operate, governments will govern and individuals will live their lives.

Microcomputetechnologies and autonomous systems will permeate our day-to-day activities. They will introduce opportunities for simplification, optimization and accuracy, and they will threaten to distribute cyber threats into the deepest levels of our shared experience. This session will provide a view into what an IoT future will look like, a summary of the cyber risks that such a future could see and present practical security considerations that enterprises can consider when planning their moves towards wide-spread IoT implementation.

1:30 pm - 2:00 pm Track B

Learning from High-Profile Breaches --and Stopping the Next

Speaker:
Dan Larson, Vice President of Product Marketing, CrowdStrike

This exclusive session delves into details of some of CrowdStrike's most eye-opening breach investigations of the past year, and their implications for organizations of all sizes, regardless of their industry or country of origin. Also: New research on "breakout time" -the time from initial intrusion to the first signs of lateral movement that precede a breach -and what defenders must do to respond before adversaries can press their attack.

2:15 pm -
2:45 pm
2:15 pm - 2:45 pm Track A

Fighting Fraudulent Digital Account Opening with Digital Intelligence

Speaker:
Michael Lynch, Chief Strategy Officer, InAuth

Due to the volume of personally-identifiable information (PII) available on the black market as a result of high profile breaches, fraudsters can open an account with a real identity using a few key pieces of compromised information. Fraudsters have also begun creating synthetic identities by piecing together different data elements from multiple sources to create a new identity. The US alone saw a113% increase in incidence of new account fraud since the EMV shift, which now accounts for 20% of all fraud losses.

Financial services companies must take more stringent measures to combat the rise of fraud in the digital channel, yet doing so can cause more friction and inconvenience for customers. On the other hand, customers are looking for enhanced services on the digital channel with a full 70% of checking and 80% of credit card applicants preferring to apply via the digital channel rather than in person. Given this, how can businesses improve risk decisions when little information is known about the end user as with new digital account opening?

This session will discuss how advanced digital intelligence technologies, leveraging device and user data, can help companies offer account opening as a seamless, yet secure experience for consumers in the digital channel.

2:15 pm - 2:45 pm Track B

Stop Attacks Before They Reach the Inbox

Speaker:
Denis Ryan, Senior Director, Field Sales-Email Fraud, Proofpoint

As you know, impostor email continues to be a challenge for most security professionals. We are going to discuss the tactics and targets of impostor email via this Email Fraud Workshop breakout. Denis Ryan, Sr. Director of Email Fraud at Proofpoint, will discuss:

  • The email threat landscape;
  • How to identify potential exposure and how to leverage authentication methods such as DMARC to protect your employees, brand and customers;
  • How to secure the perimeter by applying policy to defensively registered domains and identifying open vulnerabilities from look-alike domains.
2:45 pm -
3:05 pm
2:45 pm - 3:05 pm

Exhibiting & Networking Break

3:05 pm -
3:35 pm
3:05 pm - 3:35 pm Track A

Surviving the Zombie Apocalypse - Network Resilience to Botnet Armies

Speaker:
Gary Sockrider, Principal Security Technologist, NETSCOUT Arbor

Explore the state of DDoS attacks as observed by network and security professionals directly responsible for operating and securing global networks. This session covers a range of issues from threat detection and IR to managed services and staffing . Hear about the daily operational challenges, as well as strategies adopted to address and mitigate them, including the latest attack techniques and current best practices for defense.

  • Gain insight on how IoT botnets are built and weaponized;
  • Understand the newest threat to enterprise networks;
  • Learn how to defend your network from these attacks.
3:05 pm - 3:35 pm Track B

Global Volatility Risk on the World's Largest Financial Networks

Speaker:
Dr. Matt Kraning, CTO & Co-Founder, Expanse

An in-depth look at the frequency, magnitude, and manner in which modern enterprise networks change and the risks these changes pose, across all F100 FSI organizations. We highlight different technological and organization processes, such as M&A events, cloud migration, IoT deployment, and network misconfigurations that result in unexpected, large, and rapid changes in modern enterprise networks, and how these types of unexpected changes create exposures that have led to large, well publicized breaches. All insights are sourced from data gathered independently of all organizations.

3:45 pm -
4:30 pm
3:45 pm - 4:30 pm

Preparing for Canada's Breach Notification Law

Speakers:
Imran Ahmad, Partner - Blake, Cassels & Graydon LLP
Ruth Promislow, Partner, Commercial Litigation, Fraud and Cybersecurity Practice, Bennett Jones LLP, Toronto

2018 has been an important year in Canada from a cybersecurity and privacy standpoint. The introduction of Canada's new National Cybersecurity Strategy in June of this year along with the upcoming mandatory breach notification requirements effective November 1, 2018 are just the tip of the iceberg. In a complex world where data protection and privacy laws from multiple jurisdictions collide, it's important for organization to have a clear grasp of what's happening in in Canada. This session will provide an overview of recent key developments from a policy, legal and caselaw standpoint.

4:30 pm -
4:45 pm
4:30 pm - 4:45 pm

Look Ahead to Day 2

4:45 pm -
5:45 pm
4:45 pm - 5:45 pm

Cocktails & Networking

View Schedule
  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:00 am -
8:45 am
8:00 am - 8:45 am

Registration, Breakfast, & Networking

8:45 am -
9:00 am
8:45 am - 9:00 am

Opening Remarks

9:00 am -
9:50 am
9:00 am - 9:50 am

Ashley Madison: Cybersecurity in a World of Discretion

Speaker:
Matthew Maglieri, CISO, Ruby, parent company of Ashley Madison

What does a targeted attack really look like? How can you effectively defend your organization? What does it take to recover from a headline-grabbing breach and rebuild trust with your customers?

Join Matthew Maglieri, CISO of Ashley Madison's parent company Ruby Life Inc. and ex-Mandiant consultant, as he presents this unique look at what is really required to defend against an advanced targeted attack and prevent the scenario that keeps us all up at night. He will discuss:

  • Anatomy of a targeted attack;
  • How to recover from a high-profile breach;
  • "Offensive-driven" risk management and how to best ensure breach resilience.
9:55 am -
10:25 am
9:55 am - 10:25 am

Finding Fingerprints of Fraud with Machine Data

Speaker:
Jade Catalano, Sr. Product Manager, Splunk

Organizations and people's security hygiene can be poor, and criminals know it. Fraudulent activity costs are in the billions worldwide across industries, and over 16 million consumers in the US were victims of identity theft or fraud in 2016. Learning to analyze data at the speed of the business will ensure your fraud and security teams can detect and investigate data to quickly find anomalies and reduce loss of resources, reputation and organizational efficiencies.

In this session we will discuss:

  • How to recognize and approach fraudulent activities in your environment;
  • How to get started detecting fraudulent patterns and securing your infrastructure;
  • How to use machine data, machine learning and analytics-driven security platform to help you onboard new data at the speed of the business to ensure that your fraud and security teams can detect and investigate quickly.
10:25 am -
10:45 am
10:25 am - 10:45 am

Exhibiting & Networking Break

10:45 am -
11:15 am
10:45 am - 11:15 am

Digital Risk Management: Overcoming The Cumulative Challenges of Modernization, Malice, and Mandates

Speaker:
Ted Trush, Enterprise Fraud Prevention Specialist, RSA

Digital Risk is the greatest facet of risk most organizations now face, driven by global acceleration of digitization. It's an issue that has risen well-above the security group, and is forcing executives and boards to think beyond the core competency of their organization; because in many cases, they've transformed into a digital business.

Meanwhile, the security functions in most organizations are struggling just to keep up, while they're incapable of answering broader, business-level questions such as "How is this effecting our overall exposure?" or simply "Are we doing enough?"

To manage digital risk, organizations need a unified, structured and phased approach to align all stakeholders. And they need visibility, insight, and response capabilities that stretch across the organization, enabling each function to participate fully in transforming digital risk into reward.

11:20 am -
12:10 pm
11:20 am - 12:10 pm

Stand up an Insider Threat Program to Stop Malicious and Accidental Insiders

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

When it comes to fraud prevention, many organizations overlook the insider threat - both the malicious actor who intends to commit fraud, as well as the accidental insider who makes a mistake or is taken advantage of by an external entity? The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud, and in this session the center's director will offer:

  • The latest research on insider fraud
  • The growing role of the accidental insider in fraud schemes
  • How to stand up an insider fraud detection program within your organization
12:10 pm -
1:00 pm
12:10 pm - 1:00 pm

Lunch

1:00 pm -
1:45 pm
1:00 pm - 1:45 pm

Know Your Attacker: Lessons Learned from Cybercrime Investigations

Speakers:
Kenrick Bagnall, Detective Constable - Computer Cyber Crime (C3) Intelligence Services, Toronto Police Service
Ryan Duquette, Partner, Security and Privacy Risk Consulting, RSM Canada

"Know your customer" is a familiar refrain in business circles. But as threat actors grow in number, sophistication and cross-channel schemes, it is increasingly important for organizations to also have a clear picture of their potential attackers - whether they are nation states, cybercrime gangs or lone actors. Join this panel of law enforcement officials and internal investigators for their insights on:

  • Today's most prevalent cybercrime schemes - and why they are successful
  • Traits of the threat actors most commonly perpetrating these schemes
  • Lessons learned from actual crime investigations - and how you can put these to work to improve your own defenses.
1:50 pm -
2:30 pm
1:50 pm - 2:30 pm

Case Study: Look-a-Like Domains, Phishing and Procurement Fraud

Speaker:
Allan Stojanovic, Security Architect and Analyst, University of Toronto

The University of Toronto has been impersonated over a dozen times in the past two and a half years in a somewhat sophisticated scam designed to steal goods to order. This presentation will detail how the scam works (with examples!), talk about some of the mitigating actions that have been performed, as well as some of the reactions the University has seen from various groups involved. Finally, the presenter will open the floor to discussion of possible solutions to this ongoing fraud scheme.

2:30 pm -
2:45 pm
2:30 pm - 2:45 pm

Closing Remarks

View Schedule

SPONSORS / Supporting Organizations

Arbor Networks
Check Point
CrowdStrike
ForeScout
InAuth
Proofpoint
RSA
Splunk
Symcor
Veracode
Qadium
Zscaler

LOCATION / Venue & Address

Omni King Edward Hotel
37 King St E
Toronto, ON M5C 1E9

Register Today

To earn CPE credits, hear from industry influencers, join ISMG’s global community and meet with leaders of technology register today.

Register Now

Registering For a Group?
Call + 1 (609)-356-1499  or email at events@ismg.io

Contact Us

Reach us: Reserve your attendance today to ensure you don’t miss the opportunity to meet, network and learn from the foremost experts in information security and risk management in this interactive environment.

+1 (609) 356-1499
events@ismg.io

Join the Community

Subscribe to get the latest happenings on our Roundtables, Summits, and other Events!

    • BankInfoSecurity
    • CUInfoSecurity
    • GovInfoSecurity
    • HealthcareInfoSecurity
    • InfoRiskToday
    • CareersInfoSecurity
    • DataBreachToday
    • CyberEd
    Home | Summits | Press Releases | Sponsorship
    © 2021 Information Security Media Group, Corp. |
    Privacy & GDPR Statement | CCPA: Do Not Sell My Personal Data