Speaker:
Prof. D Janakiram, Director, Institute for Development & Research in Banking Technology

In the increased digitization era, banks have leap forwarded their adoption to digital banking to be competitive and the digital banking security not drives competition, but also poses significant challenges for CISOs.

The security teams has a huge task of balancing conflicting commercial interest, convenience and security, besides complying with regulatory norms to ensure frictionless secure banking.

The session will discuss:

• How do CISOs balance security, convenience and digital banking innovation?;
• Technologies being harnessed to secure the digital banking;
• Data security, automation and compliance to address digital risks.

Speaker:
Manoj Abraham, Additional Director General of Police, Kerala Police

Today's big challenge facing enterprise security is the 'dark web,' an ungoverned and seemingly ungovernable internet area where you can browse and communicate with complete anonymity. Through the use of dark web and crypto currencies, criminals have been able to very successfully run 'crime-as-a-service' model. The business and the security agencies have been able to make very little, if any, impact.

What can be done to make your enterprises' cybercrime - resilient', and how should law enforcement respond to this menace.

The session will discuss:

• Challenges posed by Dark web and crypto currencies for enterprise security;
• How is law enforcement responding to the investigation process and building technical capabilities;
• New techniques and approaches being used to combat security threats from the 'dark web'.

Speaker:
Lt. Gen (Retd) Rajesh Pant, National Cybersecurity Coordinator-PMO

As analysts say, after feeling so defenseless in the face of calamity, enterprises are moving to an adaptive era. With the distributed workforce will come the inevitable discomfort of potentially exposing organizations to cyberattacks if the right precautions are not taken to adapt to this new phenomenon. Are enterprises geared up to respond the growing nation-state attacks and other cyber espionage? Should CISOs start making tough decisions and what should they prioritize and how ruthless they need to be in responding to threats?

Automation also helps in promptly resolving newly identified risks with vendors and enables addressing risks on repeatable processes, allowing humans to focus on the most significant threats.

This session will discuss:

• Responding to nation-state threat with a right strategy;
• Prioritizing and re-calibrating governance and compliance;
• Setting security priorities with a clear understanding of critical business risks;
• Harnessing new technologies.

Speaker:
Vernon Co, SE Manager APAC, EfficientIP

In this ‘zero trust’ era, DNS remains a favorite target and attack vector due it’s criticality for linking users to apps. 79% of organizations suffered DNS attacks, causing severe impacts such as app downtime. But as it sees almost all traffic intent, DNS is ideally placed to be your first line of defense against malware, ransomware and data theft, overcoming limitations of firewalls and IPS.

The session will discuss how client-based domain filtering and threat intelligence created from real-time analysis of DNS traffic:

• Improves attack detection, protection and mitigation;
• Bridges the security ecosystem silos by automating responses;
• Helps SOCs in detecting and remediating threats more easily.

Speaker:
Aaron Bugal, Global Solutions Engineer, APJ, Sophos

There is a growing demand for public cloud services as most enterprises embrace the cloud's opportunities. But there is no denying that moving to the cloud comes at a cost-increasing attack surface for every organization. Though the ever-increasing breaches of data storage services have resulted in cloud security awareness, cybercriminals manage to stay a step ahead. How are attackers changing the rules to find new ways into environments, and how to find the visibility you need?

This session will discuss:

• Technologies to leverage in the cloud;
• Common myths around cloud;
• Why a blind approach to cloud must not be taken.

Speaker:
Ashwath Reddy, Principal Consultant, Software Integrity Group, Synopsys

Large enterprises are migrating to the cloud in a phased manner. Enterprises are opting for a hybrid model, a mix of on-premise and cloud, preferably operating in a multi-cloud scenario. Besides, migrating the critical applications to the cloud also demands new considerations to enhance application security. Some pertinent questions surface as they start their cloud journey, for instance, how can your internal resources keep pace in this dynamic environment?

The session will discuss:

• How the application security testing process can bring relief to your organization;
• How to get ‘buy in’ from security and compliance team to move internal apps to cloud;
• Using containers and orchestration mechanisms to secure applications.

Speaker:
Neil Campbell, Vice President, APJ, Rapid 7

Fixing a breach is far more costly than prevention. Organizations are under pressure to respond to it faster. More often than not, though, it can be weeks or months before you’ve even realized that you’ve suffered one.

The session will discuss:

• Understanding the legal implications of the incident and plan a response mechanism;
• Evolving a crisis management plan to prevent any reputational loss;
• Required skills to remediate, respond and mitigate the risks and establish a smooth recovery process.

Speaker:
Lee Dolsen, Chief Architect, Asia Pacific & Japan, Zscaler

The IT and security heads are challenged from time to time about keeping the systems up and running, with availability and cyber resilience paramount. Breaking the kill chain is critical to understand in securing the environment. How can a ‘zero trust’ architecture be used in building this network and security transformation in a cloud-ready environment?

The session discusses:

• Bridging the network and security gaps with the right technologies and tools;
• Enhancing user access control mechanism with IAM and PAM;
• Prevent data leaks with an appropriate protection plan.

Speaker:
Mathan Babu Kasilingam, CISO, Vodafone Idea

We typically think of supply chain attacks as stealthy attacks on hardware components, such as malware on laptops and network devices. Still, the supply chain attack was an attack on a service provider that cannot be ruled out as it is a significant intrusion of the entire ecosystem. The supply chain attacks ushers in the risk: supplier vulnerabilities which the common cause of compromise. Keeping a watchful eye on suppliers' security status – always knowing the risks they bring in – is an essential part of building resilience and response.

The session will discuss:

• How to respond to software-associated supply chain attacks?;
• Intersection of DevOps and security;
• Security by design approach to secure software applications and evaluating the third-party products.

Speaker:
Jeewapadma Sandagomi, Senior General Manager-Enterprise Risk Management, Mobitel (Sri Lanka)

The telecom sector in Srilanka is going through an overhaul to drive digital transformation due to the ongoing pandemic. As a result, the traditional enterprise security role is also going through this change to meet the new technological, social, and business demands and derivatives. It’s become imperative for enterprise security to protect customer data against growing threats and leaks. Enterprises need to delve into adopting the best risk mitigation strategies and harness technologies in getting the data and networks exposed to vulnerabilities.

The session discusses:

• How to harness new technologies in protecting the telecom infrastructure and customer data;
• Best risk mitigation practices and framework to secure the ecosystem;
• Evolving compliance and privacy standards to meet the regulatory requirements.

Speaker:
Sanjay Tiwari, CISO, India Infoline Group

The biggest challenge for practitioners today is to enable greater flexibility for a remote workforce while being fully compliant and secure. The "zero trust" model can play a critical role, but implementing it is a daunting task, and there's no "one size fits all" approach to making the transition to a zero trust architecture. This session provides a practical approach to adopting zero trust, outlining the strategy, the possibilities for leveraging existing investments and the need for new investments.

This session will also discuss:

• Improved privileged access management using 'zero trust';
• Limiting exposure of sensitive data in light of the remote workforce and targeted attacks and new cybercrime scams;
• A five-step methodology to implementing 'zero trust' and stakeholder engagement.

Speaker:
Jitson Ong, Solution Architect, APJ, CyberArk

During this ongoing pandemic, users demand access to applications and systems from anywhere and any location in the world. It won’t be just manual, human identities, and protection methods, but a drive towards automation and digital transformation enhances the need for automation to ensure secure user access.

The session will discuss:

• The risk involved in this distributed work environment with the adoption of the ad-hoc workforce;
• Why IAM permission represents a potential attack path;
• Using the right tools and technologies to secure your identities.

Speaker:
Sameer Raje, General Manager & Head of India, Zoom Video Communications

The global pandemic disrupted and changed the world of collaboration and communication. Reports suggest flexible working environments improve the performance of employees as the enabled and connected teams can do great work from anywhere. With the vaccinations in progress, organizations are thinking of new approaches to re-enter the workplace.

The session will discuss:

• Security and privacy considerations for the employees in a post COVID back to office scenario;
• Secure user access and safety controls.

The ongoing challenges to fill mass cybersecurity job vacancies amid the backdrop of a lack of diversity continues to haunt one of the world’s hottest industries.

According to analysts, we are witnessing the ratio of women rising in the cybersecurity industry growing by 11% year on year.

However, the big challenge is how to retain them and bridge the skill gap and empower them. What are the unique challenges women CISOs face in their journey?

The session will discuss:

• Changing role of women in IT security and privacy;
• Essential skills that women prefer to build;
• Women’s contribution to securing the enterprise – strategic and tactical initiatives.

Cybersecurity is a two-sided proposition, requiring both defenses of internal networks and operating effectively in the cyber domain. The first side is to secure the networks that are undoubtedly necessary, organizing budgets, deploying people, processes, and technologies to secure the infrastructure. However, the weakest links in the cybersecurity posture are people and the facilities where the sytems are hosted physically. As you can guess, that is the far or second side of cybersecurity, that the teams should not lose sight of the need to couple the defense of their networks with appropriate resources dedicated to combatting criminal, terrorist, and other threats to secure their overall environment. How do you protect your IoT, OT, and SCADA systems against threats? Is there a strategy to deal with the external threats?

A fireside chat will experts discuss:

• Preventing attacks against using CPTED design;
• Security by design approach using SQuaRE standards;
• How does Information Sharing help responding to threats.

The need for enhanced business agility and secure remote access to support digital transformation has led to the adoption of the security access service edge, or SASE, model among enterprises. Some say CISOs now don't have to procure individual discrete security solutions and tie them into the network security layer; instead, they can source from one logical place using the SASE security model.

While most organizations have well understood the importance of SASE, not many are clear on how to go about its implementation.

While most organizations have well understood the importance of SASE, not many are clear on how to go about its implementation.

The session will discuss:

• Factors security teams need to evaluate when considering SASE adoption;
• How SASE architecture can help safely connect users to the data, applications, and resources;
• Using a subscription-based model for improved security.

The issue of balancing ‘Privacy’ with ‘Data Economy’ has once again come to the forefront, triggering a host of debates and petitions by government, human rights activists, CISO, CPO, and legal experts. Some of the challenges the industry is grappling with are fair use of data, the validity of a data privacy consent, balancing security with privacy, use of algorithmic decision making, data sharing with partner entities. It becomes critical to understand how the ‘data protection and privacy framework’, which includes regulation, standards, and policies, can be leveraged to provide privacy assurance to consumers and strike the right balance for the larger public good.

Some of the areas, the panel will deliberate:

• Right to privacy in the context of data protection and privacy bill;
• What are the risks of relying on consent as a means to process or share data ;
• What are the challenges faced on achieving data protection and privacy by use of emerging tech
• “Implications of data sharing and use by social media conglomerates, for instance, the recent Whatsapp Privacy policy