WELCOME / Summit Overview

ISMG’s Global Summit Series will take place across four continents focusing on global security topics such as fraud and breach prevention and on many key industry verticals such as finance, government, retail, energy and healthcare.

All content will be driven by our global editorial team including executive editors from publications like DataBreachtoday, BankInfoSecurity, GovInfoSecurity and HealthcareInfoSecurity. These events will provide the opportunity to learn from industry influencers, earn CPE credits, meet with leading technology providers and be a part of the ISMG community of over 700,000 subscribers.

Details

New York, NY

June 25th, 2019

$895

Registering For a Group?
Call + 1 (609)-356-1499

Event Gallery

Mitch Parker

CISO, Indiana University Health System

Howard Anderson

News Editor, ISMG

Cris Ewell

CISO, Seattle Children's Hospital

Richard Jacobs

Assistant Special Agent in Charge, Cyber Branch, FBI New York Division

Phil Reitinger

President & CEO, Global Cyber Alliance; former Deputy Undersecretary for Cybersecurity, Department of Homeland Security; former CISO, Sony

Jennings Aske

CISO, New York Presbyterian

Jay Kramer

former Supervisory Special Agent, Cyber Division, Federal Bureau of Investigation

Jim Cunha

Senior Vice President of Bank Administration, Federal Reserve Bank of Boston

PAST SPEAKERS / Featured Speakers

Suzanne Schwartz, MD

Associate Director for Science and Strategic Partnerships, FDA Center for Devices and Radiological Health

Vikrant Arora

CISO, Hospital for Special Surgery

Anahi Santiago

CISO, Christiana Care Health System

Stephen R. Katz

Former CISO, Merrill Lynch and Citi

Phil Curran

CISO, Cooper University Health Care

Mark Eggleston

VP, CISO and CPO, Health Partners Plans

Connie Barrera

Director of Information Assurance and CISO, Jackson Health System

Nicholas Heesters

OCR Health Information Privacy & Security Specialist, HHS

David Houlding

Principal Healthcare Program Manager, Microsoft

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

Mitch Parker

CISO, Indiana University Health System

Vito Sardanopoli

Member of HHS Cyber Task Force

Randy Trzeciak

Director, CERT Insider Threat Center, CMU

Brian Lancaster

VP of IT and CIO, University of Nebraska Medical Center

Kevin McDonald

Director, Clinical Information Security, Mayo Clinic

Richard Conti

Information Security Specialist, The Children's Hospital of Philadelphia

Greg Garcia

Executive Director for Cybersecurity Healthcare and Public Health Sector Coordinating Council

Mark Jarrett

SVP & Chief Quality Officer and Associate Chief Medical Officer, Northwell Health

Mary Kavaney

Chief Operating Officer, Global Cyber Alliance

Dale Nordenberg, MD

Executive Director, Medical Device Innovation, Safety and Security Consortium

Steven Teppler

Attorney; Bitcoin/Blockchain Expert, Mandelbaum Salsburg P.C.

Sonia Arista

National Healthcare Practice Director, Fortinet

Paul Singleton

Systems Engineer Cloud Security, Cisco

Ryan Witt

Managing Director, Healthcare Industry Practice, Proofpoint

Laurence Pitt

Security Strategy Director, Juniper Networks

Chris Bowen

Chief Privacy & Security Officer, Founder, ClearDATA

Tom Bienkowski

Director, Product Marketing, Arbor Networks

Monique Kunkel

Client Executive - Security Services, Healthcare and Life Sciences, NTT DATA Services

Frank Negro

Advisory Consulting, Global Healthcare and Life Sciences, NTT DATA Services

Bruce Snell

Director Emerging Threats and Disruptive Technologies, NTT Security

Gretel Egan

Security Awareness and Training Strategist, Wombat Security, a division of Proofpoint

Call for Speakers is Now Open!

Interested in addressing ISMG’s global audience of cybersecurity, information security, fraud, risk and compliance professionals?

Click here to learn more!

Past Schedule / Session Date & Times

Tuesday, June 25^th

Hall A
Hall B
Hall C
Hall D

8:00 am - 8:45 am

Registration, Breakfast & Exhibit Browsing

8:45 am - 9:00 am

Opening Remarks

9:00 am - 9:45 am

Keynote: Threat Hunting, From a Model-Driven Cyber Security Approach

Hear from our industry expert, who was hired as a CISO and immediately charged with taking multiple sources of log files from newly deployed controls and determine how best to allocate scarce resources for cyber hunting. Soon, while the project was underway, six other implementations of machine-learning-driven point solutions catapulted his company’s Global Security into a model-driven security deployment using data analytics. In this keynote address, which will set the tone for our cybersecurity discussions at this two-day event, our speaker will discuss what his organization learned from this experience, and the implications for security talent management and information sharing going forward.

9:55 am - 10:25 am Track A

DDoS and the Era of Cyber Extortion

Cyber-extortion has reached new proportions, with a wide variety of methods, such as distributed-denial-of-service attacks and ransomware variants being used to extort individuals and organizations. Recently uncovered ransomware-DDoS hybrid attacks, like Cerber, showcased how attackers have added DDoS capabilities to ransomware. Cybersecurity experts predict these attacks will only increase. And as events, such as the takedown of Brian Krebs’ website, prove, DDoS attacks continue grow, posing big concerns for all businesses and organizations. The biggest question now is: Who’s next?

This session presents real cases of cyber-extortion waged against corporate and high net-worth individuals, including hacking techniques for full network compromise and deployment of ransomware kits. Attendees will walk away from this session with knowledge about the tools and strategies needed to elevate cyber-resilience.

9:55 am - 10:25 am Track B

Why is the Healthcare Industry So Far Behind on Cyber Security?

The health care industry has a firm responsibility to defend the security of its clients’ data. With most health care data stored online, that means hospitals and other health care facilities need to have top-tier cyber security standards in place. Right now, that’s not happening – and that’s a real problem.

10:25 am - 10:40 am

Exhibit & Networking Break

10:40 am - 11:10 am Track A

Credential Theft as a Primary Attack Vector - Detect and Respond to Privileged and Service Account Attacks

Privileged accounts have been at the center of each recent high-profile attack. Moreover, attackers are leveraging Privileged credentials as their entry point to high value systems within the network. This session will explain how hackers that successfully exploit these credentials are able to gain a privileged foothold, allowing them unfettered access to elevate privileges and move about the network freely without detection. With a solid understanding of this well-used method of attack, attendees will learn how to properly secure and manage these powerful credentials. During this session CyberArk will discuss growing trends in regards to attacks and what Security Leaders are doing to protect their organizations from these advanced attacks. CyberArk will also walk through a typical attack that utilizes privileged accounts and how passwords can be exploited to break down the front door. The session will touch on the growth and prevalence of privileged credentials. We will discuss how to securely store and manage credentials and how to reduces the attack surface, specifically attack surfaces favored by insiders and outsiders with insider credentials. We will also discuss detecting credential harvesting and blocking future attempts. All while maintaining governance and compliance standards.

10:40 am - 11:10 am Track B

Automation as a Force Multiplier in Cyber Incident Response

It’s rare to read a headline concerning a data breach and not think about how it relates to the shortage of skilled cyber-incident and fraud responders. Without an adequate workforce, fraud and security teams are overwhelmed by the current volume of alerts they receive on a daily basis. What’s more, the shortage of skilled labor means existing teams are overworked and subject to what the industry calls “Alert Fatigue,” due, in part, to an estimated 52 percent false-positive rate. An automated alert response capability with integrated, trackable workﬂows designed around recognized standards and best practices is now a necessary part of a SOC/CSIRT/fraud department toolbox, and is an integral part of any cyber-response plan. The skilled-labor shortage cannot simply be solved through the use of traditional security-incident-response platforms (SIRP) or security orchestration and automated response (SOAR) solutions; the answer lies in a coalescence of these technologies to provide a synergetic solution that addresses automation, knowledge transfer and intelligent workﬂow.

11:20 am - 11:50 am

Panel: Lack of Cybersecurity at Healthcare Organizations: Personnel, Budgets, Buy-in, Technology - Dare to Name the Culprit?

11:50 am - 12:35 pm

Speed Networking with Presenters and Peers

One of the most valuable ways to learn is through interaction with your peers. Our “Speed Networking” session will provide an opportunity to meet practitioners who have similar challenges in the areas of fraud and breach prevention, and discuss solutions to potential obstacles. Mingle, share and learn in this unique, rapid-fire and interactive environment.

12:35 pm - 1:25 pm

Lunch

1:25 pm - 2:05 pm

We're at War: Cyberattacks a Wake-Up Call for the Healthcare Sector

The hack of health insurer Anthem exposed data on 80 million Americans. A breach of an electronic health records vendor affected dozens of clinics. A California hospital paid a ransom to get data decrypted by hackers. These and other headline-grabbing breaches are getting the attention of CEOs and boards of directors. And these senior leaders are coming to an important conclusion: In the current threat environment, healthcare organizations must adopt a “wartime” mindset against their sophisticated, persistent attackers. An organization with a wartime mindset is focused on just one thing: Stop the enemy.

In this keynote address, a senior federal official at the agency that investigates health data breaches and enforces HIPAA will address these and other critical questions:

Why is healthcare such an attractive target?
What are the main vulnerabilities in today’s environment?
Which important risk mitigation steps are being overlooked?
What are the essential elements of a successful wartime defense strategy?

2:10 pm - 2:45 pm

Ransomware: Healthcare is Fighting Back

Ransomware attacks on healthcare organizations have dominated the headlines lately. But what can organizations do to proactively improve their ransomware defenses? Our speaker will offer proven strategies for building stronger phishing defenses.

2:55 pm - 3:25 pm

Panel: Medical Devices: Worry About Vulnerabilities or Manage Risk?

3:25 pm - 3:40 pm

Exhibit & Networking Break

3:40 pm - 4:20 pm

Security Vulnerabilities in BA's Environments: Low-Hanging Fruits or Your Biggest Challenges

The healthcare industry is at an information security crossroads, ill-prepared for the cyberattacks increasingly targeting healthcare organizations. This session will review how the reliance on third-party vendors have hindered the healthcare industry’s ability to prevent, detect and respond to the current cyberthreat landscape. This session also will review how the healthcare industry must embrace security frameworks, such as the NIST Common Security Framework and ISO 27001, along with practices used by other industry verticals to address cyberthreats, thereby facilitating regulatory compliance.

4:25 pm - 5:00 pm

Panel: We've Been Breached, Now What? How to Effectively Work with Law Enforcement and Regulators

Too many organizations continue to address breach response from a reactive mode – having a crude disaster-recovery plan in place in case something “does” happen, rather than accepting that something “will” happen and proactively preparing for it. In this session, a panel of legal, technical and law-enforcement experts will discuss what well-prepared organizations are doing right when it comes to proactive interaction with law enforcement, information sharing and breach investigation/response.

5:00 pm - 5:15 pm