Speaker:
Jim Routh, Chief Information Security Officer, Aetna

Four years ago, Aetna Global Security hired a chief data scientist for security - a former NSA data scientist who did an outstanding job building over 100 models and a big data infrastructure dedicated to security. The purpose of hiring this data scientist: to take multiple sources of log files from newly deployed controls and determine how best to allocate scarce resources for threat hunting. Soon, while the project was underway, six other implementations of machine learning-driven point solutions catapulted Aetna Global Security into a model-driven security deployment using data analytics. In this session, Jim Routh, CISO at Aetna, discusses what his organization learned from this experience, the implications for security talent management and information sharing going forward, as well as the company's planned move away from passwords to continuous behavioral authentication.

Speaker:
Andy Givens, Regional Director, Engineering, CyberArk

Privileged accounts have been at the center of many recent high-profile attacks. Moreover, attackers are leveraging privileged credentials as their entry point to high-value systems within the network. This session explains how hackers who successfully exploit these credentials are able to gain a privileged foothold, allowing them unfettered access to elevate privileges and move about the network freely without detection. With a solid understanding of this well-used method of attack, attendees will learn how to properly secure and manage these powerful credentials. During this session, CyberArk discusses attack trends and what security leaders are doing to protect their organizations from these advanced attacks and walks through a typical attack that uses privileged accounts, showing how passwords can be exploited to break down the front door.

Speaker:
Sam Elliott, Director of Security Product Management, Bomgar

Many organizations trying to secure privileged access for employees or vendors focus solely on the privileged credentials or identities. But that's only half the battle. Securing the access pathways is just as critical to protecting your critical systems and data from cyber threats. This session outlines the six steps companies need to take to secure privileged access while simultaneously improving business productivity.

Speaker:
Elie Nasrallah, Director, Cybersecurity Strategy, HITRUST in cooperation with Trend Micro

The HITRUST Cyber Threat XChange (CTX) is sharing bi-directional indicators with the Department of Homeland Security. HITRUST's Cyber Lab, in partnership with Trend Micro, identified malicious indicators of compromise several weeks in advance of the WannaCry outbreak. CTX members were able to automatically receive indicators, update defenses and stop the WannaCry threats before systems were compromised. This program has helped U.S. healthcare organizations become leaders in sharing threat indicators of malicious threats from many attack vectors. This session explores how sharing IOCs has helped healthcare providers protect the valuable data, PHI and medical systems sought after by cybercriminals and targeted attacks.

Speaker:
Ariel Shuper, Cloud and Network Security Product Manager, Check Point

Ransomware attacks against healthcare organizations threaten vulnerable systems that are part of a larger ecosystem. The fast propagation of ransomware attacks creates significant damage spanning beyond the infected systems, often resulting in the shutting down of healthcare operations. While cybersecurity ecosystems manage to minimize the risk of additional ransomware attacks against the IT systems, the future of IoT and connected medical devices poses significant potential for a new attack surface that isn't covered with current tools and systems. This session examines ransomware attacks, the potential for new and connected medical devices to be affected by these attacks and steps that can be taken to prevent these attacks from occurring.

Speaker:
Sam Kassoumeh, COO and Co-Founder, SecurityScorecard

How can organizations adequately assess their risks, exposure and compliance? During this session, Sam Kassoumeh of Security Scorecard walks through how businesses of any size can effectively identify and classify their risks and compare how their current cybersecurity solutions are measuring up.

Speaker:
Paul Bowen, Principal Security Technologist, Arbor Networks

The attack landscape has fundamentally changed; the threat today is human-orchestrated campaigns against specific targets. These attackers are more skillful; they use any combination of overwhelming force or carefully crafted entry points to disguise their tracks until it's too late. Defenders must fundamentally change their approaches to protect themselves. In this session, Paul Bowen of Arbor Networks addresses how organizations can improve their "people" skills to ensure their endpoints are secure.

Speaker:
Iliana Peters, Acting Deputy Director of Health Information Privacy at the Department of Health and Human Services' Office for Civil Rights

The healthcare industry is at an information security crossroads, ill-prepared for the cyberattacks increasingly targeting it. This session reviews how the focus on security regulatory compliance has hindered the sectors' ability to prevent, detect and respond to the current cyberthreat landscape. It also reviews how the healthcare industry must embrace security frameworks, such as the NIST Common Security Framework and ISO 27001, along with practices used by other industry verticals to address cyberthreats, thereby facilitating regulatory compliance.

Speakers:
Anahi Santiago, Chief Information Security Officer, Christiana Care Health System
Iliana Peters, Acting Deputy Director of Health Information Privacy at the Department of Health and Human Services' Office for Civil Rights
Marianne Kolbasuk McGee, Executive Editor, HealthcareInfoSecurity
Mitch Parker, CISO, Indiana University Health System
Vikrant Arora, CISO, Hospital for Special Surgery

Data protection legislation and regulatory enforcement actions are rapidly changing throughout the world, having an immediate impact on how organizations globally approach cybersecurity, privacy, breach notification and data storage and protection. Too frequently, however, U.S. healthcare organizations have built their security programs by focusing on the compliance requirements of only the HIPAA security, privacy and breach notification rules. But is that preoccupation with HIPAA compliance leaving the healthcare sector even more vulnerable? This panel reviews how online medical records are impacting privacy and regulation and are setting the tone for other emerging data-protection regulations.

Speaker:
Michael Theis, Chief Counterintelligence Expert, Carnegie Mellon University CERT Insider Threat Center

This session shares the empirical findings of the CERT Insider Threat Center's more than 15 years of research into both malicious and unintentional insider threats. The presentation shows how the insider threat is pervasive in all sectors, both private and public, and how most organizations have been forced to deal with these threats. CERT also shares what types of threats are most likely to occur (intellectual property theft, fraud, IT sabotage, industrial espionage, etc.) and which trusted insiders are most likely to be engaged in these attacks. This session explores mitigation strategies and includes references to numerous free resources that can aid organizations in the detection and prevention of, and response to, insider threat attacks.

Speaker:
Rohyt Belani, Co-Founder and CEO, PhishMe

Even prairie dogs can recognize and report potential threats and attacks. So why, after years and billions of dollars, do people still struggle with this basic concept? In this presentation, PhishMe's CEO explores how to harness the common detection techniques used by these critters and lessons we can all learn from prairie dogs in the domain of cybersecurity. This session reviews cases of real attacks that bypassed silver-bullet, next-generation technologies but were recognized, reported and responded to quickly and successfully by conditioned humans, thus saving their organizations from being victims of ransomware and data theft.

Speaker:
Gleb Evfarestov, Solutions Engineer, BitGlass

What do a Fortune 100 pharmaceutical company, one of the largest hospital systems in the U.S. and a bank with several trillion in assets have in common? All three have successfully used CASBs to mitigate security and compliance risk while enabling the public cloud applications their businesses need - apps such as Office 365, AWS and Salesforce. This session offers actionable advice that you can immediately bring to your organization.

Speaker:
Carolyn Crandall, Chief Deception Officer, Attivo

Healthcare providers have improved patient care, enhanced safety and increased PHI protection by adopting deception technology. Hear why deception is being adopted for its effectiveness and efficiency in detecting targeted stolen-credential, Active Directory and ransomware attacks. In this session, three healthcare use cases will demonstrate the customer benefits and investment ROI of deception platforms based on: early detection, automated attack analysis and forensics, and medical device protection.

Speakers:
Dave Summitt, CISO, Director, Cyber Security Operations, HIPAA Security Officer, H. Lee Moffitt Cancer Center and Research Institute
Jennings Aske, CISO, New York-Presbyterian
Joshua Corman, Chief Security Officer at PTC and Fellow at the Atlantic Council
Marianne Kolbasuk McGee, Executive Editor, HealthcareInfoSecurity
Mark Eggelston, VP, CISO and CPO, Health Partners Plans
Steve Chabinsky, Global Chair of Data, Privacy and Cybersecurity, White & Case

How do you balance privacy with data exchange among clinicians, access for patients and medical breakthroughs for researchers? This session examines whether there's a "right balance" for protecting patients' confidentiality, bolstering cybersecurity and providing individuals with access to their own health data, while also optimizing the potential for new research discoveries and improved clinical care. Steve Chabinsky of the President's Commission on Enhancing National Cybersecurity kicks off our panel discussion with some examples and key themes related to patient privacy. The healthcare industry includes thousands of small clinics and laboratories that hold highly sensitive information yet are potentially the weak links for breaches that can impact larger entities and millions of individuals. How can these organizations protect data from cyberattacks, when many more sophisticated organizations and even government agencies haven't mastered cybersecurity?

Speakers:
Jay Kramer, Partner, Data Privacy and Cyber Security Practice Group, Lewis Brisbois Bisgaard & Smith; former Supervisory Special Agent, FBI - NY Cyber Division
Kirk Nahra, Privacy Attorney, Wiley Rein
Lisa Sotto, Managing Partner, Chair of Global Privacy and Cybersecurity Practice, Hunton & Williams
Richard T. Jacobs, Assistant Special Agent in Charge, Cyber Branch, FBI New York Division
Tracy Kitten, Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Too many organizations continue to address breach response from a reactive mode - having a crude disaster-recovery plan in place in case something "does" happen, rather than accepting that something "will" happen and proactively preparing for it. In this session, a panel of legal, technical and law-enforcement experts discusses what well-prepared organizations are doing right on proactive interaction with law enforcement, information sharing and breach investigation and response.