Speaker:
Lt. Gen (Retd) Rajesh Pant, National Cybersecurity Coordinator-PMO

COVID-19 has resulted in increased digitization across sectors, with the enterprise cybersecurity leaders suddenly finding themselves tasked with securing a new hybrid workforce and defending their largest-ever attack surface. The trend has led to data proliferation, and organizations struggle to handle the sheer volume of data in this new regime. What are the threats to watch and technologies to embrace during the pandemic and beyond, particularly when the abundance of valuable information has captured subversive elements' attention? At the same time, cybercriminals have breached networks and compromised millions of records, not only causing revenue losses but impacting brand reputation?

Enterprises consider 2020 to be the decade of digital trust as the country's top leadership emphasizes cybersecurity to have a tremendous impact on the nation's society and economics.

This exclusive keynote session describes:

• Changing threat landscape and lessons from the pandemic;
• Key priorities for 2021

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

A remote workforce. Economic stress. Pandemic fatigue. These ingredients create a "perfect storm" for insider risk, whether through malicious acts or accident. What can you do to improve monitoring and mitigation of insider risk in these unique conditions?

The exclusive session details:

• The latest research on insider incidents
• Unique risks created within today's remote workforce
• How to mitigate the risks posed by malicious and unintentional insider threats

Speaker:
Justice B.N. Srikrishna, Former Judge, Supreme Court of India, and Chairman of the Data Protection Committee

COVID-19 poses various data protection and privacy challenges in the region, for instance, regarding cost-related issues of ensuring personal data security and the hiring privacy professionals during the economic crisis. It's time to discuss how enterprises are impacted by the proposed personal data protection and privacy regulations in the current distributed era.

There is a need for enterprises to understand the country's specific operating requirements, with the enactment of data protection law in the region, whether there are established data protection laws and what standards of data protection should be applied.

The session discusses:

• Different aspects of data protection laws that impact businesses;
• Accountability for enterprises in hiring data protection officers;
• Data breach notification - challenges and implications.

Speakers:
Nick Itta, VP APAC, Efficient IP
Vernon Co, Senior PreSales Consultant APAC, EfficientIP

For 'zero trust' to be effective, controlling which devices can access which apps and domains is vital. However, applying an authentication mechanism or blacklisting domains for all devices leaves the door open to malware.

Intelligent control requires filtering at the client level (microsegmentation), which is complex to set up and manage using firewalls but can be simpler using DNS services.

This session will discuss:

• How DNS offers real-time analytics on client behavior due to it having near 100% application traffic visibility;
• Why allowing specific users to access to selected apps adds granularity to policies applied;
• Uses of client grouping, blacklisting, and whitelisting for improving access control and defeating insider threats.

Speaker:
Apurva Jain, Commercial Team Lead, Darktrace

The future of work remains unpredictable. More than ever before, business leaders need to stay confident that their operations can continue securely in the face of regional or even global crises. While sections of the economy remain more uncertain and fragile than ever, cyber-attackers are ramping up their campaigns. Organizations must rethink their security approach and rely on new technologies like AI to achieve much-needed adaptability and resilience.

The session discusses:

• How AI has adapted to new patterns of work;
• Use of Cyber AI to protect the dynamic workforce;
• Defensive Autonomous Response capabilities

Speakers:
Brijesh Miglani, Team Lead Sales Engineering, Forcepoint
Nick Savvides, Senior Director of Strategic Business, APAC, Forcepoint

In a fireside chat, Nick Savvides, Senior Director of Strategic Business, APAC and Brijesh Miglani, Team Lead Sales Engineering, Forcepoint will discuss how enterprises are using data science to move from a reactive to predictive security approach.

• How machine learning is contributing to the use of data science in the era of digital transformation
• How to re-define cybersecurity with human behaviour and psychology as part of predictive security?
• How to prioritize observed risk in real-time to move left of breach ?

Speaker:
Sujit Christy, Group CISO, John Keells Holdings

COVID 19 has thrown up multiple challenges for security practitioners. With most employees working at home during the COVID-19 pandemic, it's more important than ever for businesses to ensure that their third-party providers have adequate business continuity plans to provide uninterrupted service.

It's critical to ask and revalidate if our suppliers' business continuity plan is adequate to sustain our operations and understand our stated objectives.

We typically think of supply chain attacks as stealthy attacks on hardware components, such as malware on laptops and network devices. Still, the supply chain attack was an attack on a service provider cannot be ruled out.

This session will discuss:

• How should the risk framework of supply chain vendors evolve;
• The risks posed by different kinds of vendors;
• How to redesign SLAs with third parties

Speaker:
Vipin Surelia, Head of Risk Services, India and South Asia, Visa

Organizations in India need to ramp up their authentication efforts in light of a 60% increase in cashless transactions since the start of the COVID-19 pandemic, which has led to increases in attempted fraud.

The big challenge or threat in the current work-from-home environment is that hackers use phishing and other social engineering methods to trick users into providing confidential data, such as credit card numbers, social security numbers, account numbers, or passwords.

The session discusses:

• Key security steps in light of the movement to digital transactions;
• Using AI & ML to reduce risk using new algorithms to detect threats;
• New forms of authentication methods to detect real-time risks.

Speaker:
Tamim Ahmed, Risk Analyst National CERT & BGD e-GOV CIRT Bangladesh

The region's critical infrastructure sector has been the target for several high-pressure APT attacks, credential-stealing malware attacks, social engineering attacks, cyber espionage, and other cyber-attacks. These attacks mostly target the government, energy, oil sector and aviation primarily aimed at data filtration.

Since the COVID-19 has thrown up enormous challenges at enterprises to move beyond the traditional castle and moat security model, they need to find new ways to build a defense-in-depth model with a multi-layered process.

The session discusses:

• Major Changes in Threat Landscape;
• Harnessing new process and technologies to protect critical infrastructure;
• Assessing the security posture with predictive threat actions.

Speaker:
Alain Sanchez, Office of the CISO, Senior Evangelist, Fortinet

As enterprises are 100% supporting the remote workplace and going through the digital transformation journey, the need to maintain the entire network's visibility and recognize the patterns of the flow of information seems a mus. They seem to be opting for Sofware Defined Wide Areas Network to address their needs. CISOs are leveraging this to fully integrate SD-WAN features with legacy infrastructure to ensure remote access security. Incidentally, unlike the traditional router-centric WAN architecture, they find the SD-WAN model to fully support applications hosted in on-premise data centers, public or private clouds, and SaaS services during this cloud-centric approach.

The session discusses:

• How SD-WAN helps to resolve security issues;
• Use cases for integrating SD-WAN with other frameworks to ensure secure access;
• How to deploy identity and authentication methods using SD-WAN.

Speaker:
Rajender Bedi, Technical Solution Specialist, Enterprise Endpoint and Security Products, Intel Corporation

Many businesses are implementing software security solutions. But as hackers get more sophisticated, threats are attacking the hardware layer. Hardware-based security features built-in to the hardware provide an important layer of protection for business devices, applications, and data. The Intel vPro® platform includes groundbreaking technologies that accelerate and scale security beyond software or human based approaches alone. It delivers hardware-enhanced security features designed to help protect the other layers of the computing stack. Intel® Hardware Shield available on the Intel vPro® platform provides enhanced protection features to help protect against below-the-OS attacks and safeguard apps and data. Intel® Hardware Shield also includes advanced threat detection that offloads routine security functions for lower user impact and continued productivity. Select the built for business platform that is right for you.

Speaker:
Lee Delson, Zscaler, Chief Architect, Asia Pacific & Japan

COVID-19 has increased threat landscape for enterprises. Ransomware, zero day attacks, phishing have become common, but enterprises are struggling to find a solution to deal effectively with these problems. Moreover, with cloud becoming an integral part of one's digital transformation journey, traditional security models followed by CISOs for years now do not necessarily work. Hence, CISOs have to rethink their security strategy. But, securing cloud is different from securing the traditional network. How can CISOs gear up for this change?.

The session discusses:

• Challenges of stopping ransomware;
• How CISOs can maintain consistent security on and off network;
• How best to leverage machine learning for cloud security.

Nation-state attacks often have close links to the military intelligence or state control apparatus with a high degree of technical expertise. The region is fighting off an array of disruptive attacks that include advanced malware, sophisticated distributed denial-of-service attacks and nation-state actors targeting DNS protocols as part of ongoing espionage campaigns.

The region could be vulnerable to cyber espionage because its critical infrastructure is becoming increasingly dependent on automated data processing and vast computer networks, making it vulnerable to such information warfare techniques. Are enterprises well-equipped to mitigate the risk of nation-state actors that have a 'license to hack"?

The session discusses:

• New techniques used by the nation-state actors to steal critical data information;
• New cyber defense techniques/strategies the country has to adopt in tackling the nation-state threats;
• Law enforcement challenges in tackling such attacks.

Speaker:
Rajesh Thapar, Group CISO, OakNorth

Some experts say an identity and access management strategy for a hybrid cloud environment should include single sign-on and multifactor authentication.

With the widespread of COVID-19, enterprises are leveraging the edge computing model, recommended by Garter, to build an integrated platform for applying IAM for the hybrid cloud.

As the task of managing today's hybrid work environment gets challenging, enterprises need to connect its users to the right technology at the right time, in a secure way.

The session discusses:

• Evolving an identity management solution;
• Taking a risk-based authentication approach for a secure remote workforce;
• Using a 'zero trust' model as part of the IAM strategy.

Speakers:
Ashutosh Jain, CISO, Axis Bank
Ravinder Pal Singh, Chief Information & Innovation Officer, Tata Singapore Airlines (Air Vistara)

Are security leaders creating value for business and part of technology innovation?: Is the CTO function aligned with security in driving innovation? Meeting the Expectations. Where is the Disconnect?

Speaker:
Ravindra Baviskar, Director - Sales Engineering (India & SAARC), Sophos

Ransomware is the fastest-growing cybersecurity threat, and it is becoming increasingly difficult for enterprises to rebound from such attacks. We have witnessed high profile organizations becoming the victim of these attacks and hitting the headlines. Security teams must be the hacker if you have to beat the hacker and understand the risks posed by these attacks.

The challenge CISOs face is to understand the trade-offs of different AppSec tools and which tools are best suited for DeveSecOps and which are not.

The session discusses:

• Understanding the ransomware attack kill chain;
• How synchronized security will help thwart attacks on your endpoints and firewall;
• Building an automated incident response mechanism to fight advanced threats.

Speaker:
Rajan Pant, Founder, IT-SERT of Nepal and CIO, CG Corp Global

While organizations invest a lot on getting data, more often than not they are not able to utilize the data intelligently. With enterprises, including large ones, facing increasing attacks, threat intelligence can go a long way in utilizing evidence-based knowledge to find out the risk of the system.

The session discusses:

• How to set the right process for threat intelligence;
• Understanding the early warning signals for threat detection;
• Evolving a comprehensive digital risk monitoring strategy

Speaker:
Matthew Burns, Director, BigFix, Asia Pacific and Japan, HCL Software

In today's unprecedented work-from-home environment, IT organizations are challenged with supporting corporate and BYOD devices.

The security teams have a considerable task of simplifying device enrollment and set up, deploying business and security applications, providing remote support, enforcing patching of at-home machines, and enforcing corporate IT policies.

The session discusses:

• Technologies that help you enroll, deploy, secure and support remote endpoints;
• Need for continuous monitoring;
• Ways to secure business operations.

These cybersecurity threats are amplified by the ongoing pandemic in the region--increasing phishing attacks, targeted attacks, disruption, distortion, and deterioration. The emergence of technologies such as IoT, skill shortage, insider threats, and cloud movement has posed the most significant risks.

A panel of experts discuss:

• Risks posed by increased digitization and cloud disruption;
• Use of the right technologies and tools for enhanced security posture;
• Use of predictive analytics and active defense in detecting threats;
• Cybersecurity investments in 2021