Speaker:
Lt. Gen (Retd) Rajesh Pant, National Cybersecurity Coordinator-PMO

COVID-19 has resulted in increased digitization across sectors, with the enterprise cybersecurity leaders suddenly finding themselves tasked with securing a new hybrid workforce and defending their largest-ever attack surface. The trend has led to data proliferation, and organizations struggle to handle the sheer volume of data in this new regime. What are the threats to watch and technologies to embrace during the pandemic and beyond, particularly when the abundance of valuable information has captured subversive elements' attention? At the same time, cybercriminals have breached networks and compromised millions of records, not only causing revenue losses but impacting brand reputation?

Enterprises consider 2020 to be the decade of digital trust as the country's top leadership emphasizes cybersecurity to have a tremendous impact on the nation's society and economics.

This exclusive keynote session describes:

• Changing threat landscape and lessons from the pandemic;
• Key priorities for 2021

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

A remote workforce. Economic stress. Pandemic fatigue. These ingredients create a "perfect storm" for insider risk, whether through malicious acts or accident. What can you do to improve monitoring and mitigation of insider risk in these unique conditions?

The exclusive session details:

• The latest research on insider incidents
• Unique risks created within today's remote workforce
• How to mitigate the risks posed by malicious and unintentional insider threats

COVID-19 poses various data protection and privacy challenges in the region, for instance, regarding cost-related issues of ensuring personal data security and the hiring privacy professionals during the economic crisis. It's time to discuss how enterprises are impacted by the proposed personal data protection and privacy regulations in the current distributed era.

There is a need for enterprises to understand the country's specific requirements in operating, with the enactment of data protection law in the region, whether there are established data protection laws and what standards of data protection should be applied.

The session discusses:

• Different aspects of data protection laws that impact businesses;
• Accountability for enterprises in hiring data protection officers;
• Data breach notification - challenges and implications.

The need for enhanced business agility and secure remote access to support digital transformation has led to the adoption of the security access service edge, or SASE, model among enterprises.

Some say, CISOs now don't have to procure individual discrete security solutions and tie it into the network security layer; instead, they can source from one logical place using the SASE security model.

The session discusses:

• Factors security teams need to evaluate when considering SASE adoption;
• Why SASE is the next evolution for network security;
• Why identity is paramount in the SASE model

In today's circumstances remote work is up by over 100%, demanding our security and infrastructure capabilities to overnight adapt to this change. Moving to the cloud is not only a good to have practice but a necessity now. But how to ensure data in cloud is not only protected but accessed by the right people. A 'Zero Trust' approach has proved successful for organizations managing security remotely, but how to go about its implementation.

This session will discuss:

• How to take a 'Zero Trust' approach in a hybrid cloud environment
• What are some practical challenges of 'Zero Trust' architecture
• How to leverage existing investments.

As technology continues to take hold of business transactions, it is of little surprise that the businesses are subject to a host of cyber-attacks, including business email compromise or BEC scams. One way to reduce the BEC scam's damage is to apply the principle o least privilege and create a detailed enterprise risk management plans that spell out procedures to secure accounts. Giving all employees access to payment information outside of their normal job functions can multiply the problem. While the advantages of access controls are known to all, the practical application remains a challenge.

The session will discuss:

• Shortcomings in efforts to detect BEC scams;
• Defining and managing access controls in a non-static environment;
• The best processes for investigating these scams

Speaker:
Tawhidur Rahman, Head-CIRT, Bangladesh

COVID-1 has led to digitization across sectors has led to data proliferation, and organizations are struggling to handle the sheer volume of data. In contrast, cybercriminals have breached networks and compromised billions of records, built fake websites, not only causing revenue losses but impacting brand reputation. Against this backdrop, Bangladesh Computer Incident Response Team has taken several steps to strengthen cybersecurity, including building a sensor network to enable all the critical infrastructure enterprises to share threat intelligence.

The session discusses:

• How the role of CIRT has evolved in helping the enterprises be 'future-proof';
• Harnessing new technologies in fighting threats in the region
• Building new cyber-defenses in preparing the organizations for future

You would all agree that an overwhelming 92% of businesses today are experiencing identity challenges, from lack of resources to lack of security experience.

The most significant challenge is balancing ease of use for employees with increased security for the business.

Some reports even say 81% of hacking-related breaches involved either stolen and weak passwords. It's time to understand how the Identity challenges of the enterprises in fighting fraud.

The session discusses:

• Building a distributed system where identity is federated across organizations.
• Developing a privacy-enhancing digital identity infrastructure
• Evolving a risk-based authentication mechanism

Speaker:
Sujit Christy, Group CISO, John Keels, Sri Lanka

COVID 19 has thrown up multiple challenges for security practitioners. With most employees working at home during the COVID-19 pandemic, it's more important than ever for businesses to ensure that their third-party providers have adequate business continuity plans to provide uninterrupted service.

It's critical to ask and revalidate if our suppliers' business continuity plan is adequate to sustain our operations and understand our stated objectives.

We typically think of supply chain attacks as stealthy attacks on hardware components, such as malware on laptops and network devices. Still, the supply chain attack was an attack on a service provider cannot be ruled out.

This session will discuss:

• How should the risk framework of supply chain vendors evolve;
• The risks posed by different kinds of vendors;
• How to redesign SLAs with third parties

This is one way to help security teams understand risks related to security operations, new projects or program-level risk and where gaps in defenses might exist - but too often this gets ignored or skipped, say experts. It is essential for the security practitioners to know how to operationalize and automate the security and privacy controls assessment framework.

The session discusses:

• Evolving a process to automate identity-the foundation for security controls
• Simplifying IT and security to increased business value and maintain security standards
• Harnessing technologies to build automation

Enterprises realize that DevSecOps brings security earlier in the life cycle of application development to reduce vulnerabilities in bridging security and IT to meet business objectives.

But are the CISOs ready for this culture shift in this DevOps movement and integration?

The session discusses:

• He correct way to train developers for secure coding;
• How AppSec differs from DevSecOps;
• How DevSecOps will evolve in 2021.

As enterprises are 100% supporting the remote workplace and going through the digital transformation journey, the need to maintain the entire network's visibility and recognize the patterns of the flow of information seems a mus. They seem to be opting for Sofware Defined Wide Areas Network to address their needs. CISOs are leveraging this to fully integrate SD-WAN features with legacy infrastructure to ensure remote access security. Incidentally, unlike the traditional router-centric WAN architecture, they find the SD-WAN model to fully support applications hosted in on-premise data centers, public or private clouds, and SaaS services during this cloud-centric approach.

The session discusses:

• How SD-WAN helps to resolve security issues;
• Use cases for integrating SD-WAN with other frameworks to ensure secure access;
• How to deploy identity and authentication methods using SD-WAN.

CISOs were expected to take charge of the biggest task to ensure smooth business function through remote working.

The security terms went berserk to enable businesses to work remotely and flexibly and had the right access rights, entitlements, and risk posture.

The session will highlight the journey of a CISO during this pandemic in meeting the business demands and securing the remote workplace. It will further discuss:

• Preparing the teams for the future in a post-COVID scenario;
• Understand single points of failure and find ways to provide additional resilience;
• How to make the best use of resources.

Experts say the software development benefits from security checks being brought to bear early and often, but the blending of in-house and open source code has historically complicated that process, Enterprises are increasingly focusing on DevOps as they do software development in-house. It's a question of where you start the journey of bringing security and operations and cloud development together while managing the application security.

The challenge CISOs face is to understand the trade-offs of different AppSec tools and which tools are best suited for DeveSecOps and which are not.

The session discusses:

• How CISOs need to do when they an unpatched vulnerability opens the door to an attack;
• How 'AppSec' is shifting left to find and eliminate defects earlier in the software development lifecycle;
• How both toolsets and security teams are maturing.

As enterprises adopt IoT products, are they ensuring that security is part of the design from the beginning and implementing micro-segmentation? This is the challenge that every CISO encounters.

Since IoT devices can be made cheaply and quickly, they may lack adequate security features. Security expert Bruce Schneier, a co-author of the Atlantic Council's report, says IoT needs to be regulated for security, just like the nutritional content of baby food or the fire resistance of kid's pajamas.

Enterprises need to focus on baseline security requirements while building IoT products.

The session discusses;

• Security threats posed by IoT systems;
• Implementing a micro-segmentation strategy to address security;
• Using artificial intelligence and machine learning within IoT products.

The challenges facing enterprises now are creating secure zones in data centers and cloud deployments, which allow companies to separate workloads and secure them individually while providing secure user access to the remote workforce. Another task on hand for organizations is to advance the pace of innovation and embrace the latest security methodologies, as the business demands grow. How can you meet the business objectives by aligning your security strategy with a 'zero trust' model and how important the element of micro-segmentation is to provide secure access.

The session discusses:

• How organizations can take a 'zero trust' approach;
• How can 'zero trust' create process-level visibility?
• How has micro-segmentation helped in the COVID-19 environment?

Some experts say an identity and access management strategy for a hybrid cloud environment should include single sign-on and multifactor authentication.

With the widespread of COVID-19, enterprises are leveraging the edge computing model, recommended by Garter, to build an integrated platform for applying IAM for the hybrid cloud.

As the task of managing today's hybrid work environment gets challenging, enterprises need to connect its users to the right technology at the right time, in a secure way.

The session discusses:

• Evolving an identity management solution;
• Taking a risk-based authentication approach for a secure remote workforce;
• Using a 'zero trust' model as part of the IAM strategy.

As enterprises strive to defend against future threats, the new buzz word XDR, a unified security and incident response platform, helps streamline and simplify security management.

This is emerging as a next-generation endpoint environment that requires next-generation defenses.

The session discusses:

• How have the endpoint attack surface and attacks evolved in 2020?
• How to enhance SoC capabilities to have proactive warnings of threats?
• Where does XDR fit into these?

Organizations in India need to ramp up their authentication efforts in light of a 60% increase in cashless transactions since the start of the COVID-19 pandemic, which has led to increases in attempted fraud.

The big challenge or threat in the current work-from-home environment is that hackers use phishing and other social engineering methods to trick users into providing confidential data, such as credit card numbers, social security numbers, account numbers, or passwords.

The session discusses:

• Key security steps in light of the movement to digital transactions;
• Using AI & ML to reduce risk using new algorithms to detect threats;
• New forms of authentication methods to detect real-time risks.

While corporate strategies around digital transformation drive measurable business outcomes, they are - at the same time-creating new security risks through the adoption of new technologies, increased complexity, and expansion of the attack surface with increased fraud and nation-state attacks.

In a fireside chat, the principal secretary of IT discusses how the cybersecurity infrastructure needs to be safeguarded by the enterprises in the post-COVID World. How enterprises need to take a 360 approach in building cyber resiliency in this digitally transformed World.

The session discusses:

• How to stay ahead of the hackers by bringing in the transparency into the entire process
• Enhancing SoC capabilities
• Harnessing new technologies to fight threats

The region's critical infrastructure sector has been the target for several high-pressure APT attacks, credential-stealing malware attacks, social engineering attacks, cyber espionage, and other targeted nation-state attacks. These attacks have majorly targeted the energy and oil sector, government, aviation, primarily aimed at data filtration. Besides, the region saw the frequency and severity of attacks, specifically targeting OT networks.

Since the COVID-19 has thrown up enormous challenges at enterprises to move beyond the traditional castle and moat security model, they need to find new ways to build a defense-in-depth model with a multi-layered process.

The session discusses:

• Harnessing new technologies to protect the critical infrastructure;
• Deploying an effective vulnerability management system
• Assessing the security posture with predictive threat actions.

These cybersecurity threats are amplified by the ongoing pandemic in the region--increasing phishing attacks, targeted attacks, disruption, distortion, and deterioration. The emergence of technologies such as IoT, skill shortage, insider threats, and cloud movement has posed the most significant risks.

A panel of experts discuss:

• Risks posed by increased digitization and cloud disruption;
• Use of the right technologies and tools for enhanced security posture;
• Use of predictive analytics and active defense in detecting threats;
• Cybersecurity investments in 2021

Speaker:
Lt. Gen (Retd) Rajesh Pant, National Cybersecurity Coordinator-PMO

COVID-19 has resulted in increased digitization across sectors, with the enterprise cybersecurity leaders suddenly finding themselves tasked with securing a new hybrid workforce and defending their largest-ever attack surface. The trend has led to data proliferation, and organizations struggle to handle the sheer volume of data in this new regime. What are the threats to watch and technologies to embrace during the pandemic and beyond, particularly when the abundance of valuable information has captured subversive elements' attention? At the same time, cybercriminals have breached networks and compromised millions of records, not only causing revenue losses but impacting brand reputation?

Enterprises consider 2020 to be the decade of digital trust as the country's top leadership emphasizes cybersecurity to have a tremendous impact on the nation's society and economics.

This exclusive keynote session describes:

• Changing threat landscape and lessons from the pandemic;
• Key priorities for 2021

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

A remote workforce. Economic stress. Pandemic fatigue. These ingredients create a "perfect storm" for insider risk, whether through malicious acts or accident. What can you do to improve monitoring and mitigation of insider risk in these unique conditions?

The exclusive session details:

• The latest research on insider incidents
• Unique risks created within today's remote workforce
• How to mitigate the risks posed by malicious and unintentional insider threats

COVID-19 poses various data protection and privacy challenges in the region, for instance, regarding cost-related issues of ensuring personal data security and the hiring privacy professionals during the economic crisis. It's time to discuss how enterprises are impacted by the proposed personal data protection and privacy regulations in the current distributed era.

There is a need for enterprises to understand the country's specific requirements in operating, with the enactment of data protection law in the region, whether there are established data protection laws and what standards of data protection should be applied.

The session discusses:

• Different aspects of data protection laws that impact businesses;
• Accountability for enterprises in hiring data protection officers;
• Data breach notification - challenges and implications.

The need for enhanced business agility and secure remote access to support digital transformation has led to the adoption of the security access service edge, or SASE, model among enterprises.

Some say, CISOs now don't have to procure individual discrete security solutions and tie it into the network security layer; instead, they can source from one logical place using the SASE security model.

The session discusses:

• Factors security teams need to evaluate when considering SASE adoption;
• Why SASE is the next evolution for network security;
• Why identity is paramount in the SASE model

In today's circumstances remote work is up by over 100%, demanding our security and infrastructure capabilities to overnight adapt to this change. Moving to the cloud is not only a good to have practice but a necessity now. But how to ensure data in cloud is not only protected but accessed by the right people. A 'Zero Trust' approach has proved successful for organizations managing security remotely, but how to go about its implementation.

This session will discuss:

• How to take a 'Zero Trust' approach in a hybrid cloud environment
• What are some practical challenges of 'Zero Trust' architecture
• How to leverage existing investments.

As technology continues to take hold of business transactions, it is of little surprise that the businesses are subject to a host of cyber-attacks, including business email compromise or BEC scams. One way to reduce the BEC scam's damage is to apply the principle o least privilege and create a detailed enterprise risk management plans that spell out procedures to secure accounts. Giving all employees access to payment information outside of their normal job functions can multiply the problem. While the advantages of access controls are known to all, the practical application remains a challenge.

The session will discuss:

• Shortcomings in efforts to detect BEC scams;
• Defining and managing access controls in a non-static environment;
• The best processes for investigating these scams

Speaker:
Tawhidur Rahman, Head-CIRT, Bangladesh

COVID-1 has led to digitization across sectors has led to data proliferation, and organizations are struggling to handle the sheer volume of data. In contrast, cybercriminals have breached networks and compromised billions of records, built fake websites, not only causing revenue losses but impacting brand reputation. Against this backdrop, Bangladesh Computer Incident Response Team has taken several steps to strengthen cybersecurity, including building a sensor network to enable all the critical infrastructure enterprises to share threat intelligence.

The session discusses:

• How the role of CIRT has evolved in helping the enterprises be 'future-proof';
• Harnessing new technologies in fighting threats in the region
• Building new cyber-defenses in preparing the organizations for future

You would all agree that an overwhelming 92% of businesses today are experiencing identity challenges, from lack of resources to lack of security experience.

The most significant challenge is balancing ease of use for employees with increased security for the business.

Some reports even say 81% of hacking-related breaches involved either stolen and weak passwords. It's time to understand how the Identity challenges of the enterprises in fighting fraud.

The session discusses:

• Building a distributed system where identity is federated across organizations.
• Developing a privacy-enhancing digital identity infrastructure
• Evolving a risk-based authentication mechanism

Speaker:
Sujit Christy, Group CISO, John Keels, Sri Lanka

COVID 19 has thrown up multiple challenges for security practitioners. With most employees working at home during the COVID-19 pandemic, it's more important than ever for businesses to ensure that their third-party providers have adequate business continuity plans to provide uninterrupted service.

It's critical to ask and revalidate if our suppliers' business continuity plan is adequate to sustain our operations and understand our stated objectives.

We typically think of supply chain attacks as stealthy attacks on hardware components, such as malware on laptops and network devices. Still, the supply chain attack was an attack on a service provider cannot be ruled out.

This session will discuss:

• How should the risk framework of supply chain vendors evolve;
• The risks posed by different kinds of vendors;
• How to redesign SLAs with third parties

This is one way to help security teams understand risks related to security operations, new projects or program-level risk and where gaps in defenses might exist - but too often this gets ignored or skipped, say experts. It is essential for the security practitioners to know how to operationalize and automate the security and privacy controls assessment framework.

The session discusses:

• Evolving a process to automate identity-the foundation for security controls
• Simplifying IT and security to increased business value and maintain security standards
• Harnessing technologies to build automation

Enterprises realize that DevSecOps brings security earlier in the life cycle of application development to reduce vulnerabilities in bridging security and IT to meet business objectives.

But are the CISOs ready for this culture shift in this DevOps movement and integration?

The session discusses:

• He correct way to train developers for secure coding;
• How AppSec differs from DevSecOps;
• How DevSecOps will evolve in 2021.

As enterprises are 100% supporting the remote workplace and going through the digital transformation journey, the need to maintain the entire network's visibility and recognize the patterns of the flow of information seems a mus. They seem to be opting for Sofware Defined Wide Areas Network to address their needs. CISOs are leveraging this to fully integrate SD-WAN features with legacy infrastructure to ensure remote access security. Incidentally, unlike the traditional router-centric WAN architecture, they find the SD-WAN model to fully support applications hosted in on-premise data centers, public or private clouds, and SaaS services during this cloud-centric approach.

The session discusses:

• How SD-WAN helps to resolve security issues;
• Use cases for integrating SD-WAN with other frameworks to ensure secure access;
• How to deploy identity and authentication methods using SD-WAN.

CISOs were expected to take charge of the biggest task to ensure smooth business function through remote working.

The security terms went berserk to enable businesses to work remotely and flexibly and had the right access rights, entitlements, and risk posture.

The session will highlight the journey of a CISO during this pandemic in meeting the business demands and securing the remote workplace. It will further discuss:

• Preparing the teams for the future in a post-COVID scenario;
• Understand single points of failure and find ways to provide additional resilience;
• How to make the best use of resources.

Experts say the software development benefits from security checks being brought to bear early and often, but the blending of in-house and open source code has historically complicated that process, Enterprises are increasingly focusing on DevOps as they do software development in-house. It's a question of where you start the journey of bringing security and operations and cloud development together while managing the application security.

The challenge CISOs face is to understand the trade-offs of different AppSec tools and which tools are best suited for DeveSecOps and which are not.

The session discusses:

• How CISOs need to do when they an unpatched vulnerability opens the door to an attack;
• How 'AppSec' is shifting left to find and eliminate defects earlier in the software development lifecycle;
• How both toolsets and security teams are maturing.

As enterprises adopt IoT products, are they ensuring that security is part of the design from the beginning and implementing micro-segmentation? This is the challenge that every CISO encounters.

Since IoT devices can be made cheaply and quickly, they may lack adequate security features. Security expert Bruce Schneier, a co-author of the Atlantic Council's report, says IoT needs to be regulated for security, just like the nutritional content of baby food or the fire resistance of kid's pajamas.

Enterprises need to focus on baseline security requirements while building IoT products.

The session discusses;

• Security threats posed by IoT systems;
• Implementing a micro-segmentation strategy to address security;
• Using artificial intelligence and machine learning within IoT products.

The challenges facing enterprises now are creating secure zones in data centers and cloud deployments, which allow companies to separate workloads and secure them individually while providing secure user access to the remote workforce. Another task on hand for organizations is to advance the pace of innovation and embrace the latest security methodologies, as the business demands grow. How can you meet the business objectives by aligning your security strategy with a 'zero trust' model and how important the element of micro-segmentation is to provide secure access.

The session discusses:

• How organizations can take a 'zero trust' approach;
• How can 'zero trust' create process-level visibility?
• How has micro-segmentation helped in the COVID-19 environment?

Some experts say an identity and access management strategy for a hybrid cloud environment should include single sign-on and multifactor authentication.

With the widespread of COVID-19, enterprises are leveraging the edge computing model, recommended by Garter, to build an integrated platform for applying IAM for the hybrid cloud.

As the task of managing today's hybrid work environment gets challenging, enterprises need to connect its users to the right technology at the right time, in a secure way.

The session discusses:

• Evolving an identity management solution;
• Taking a risk-based authentication approach for a secure remote workforce;
• Using a 'zero trust' model as part of the IAM strategy.

As enterprises strive to defend against future threats, the new buzz word XDR, a unified security and incident response platform, helps streamline and simplify security management.

This is emerging as a next-generation endpoint environment that requires next-generation defenses.

The session discusses:

• How have the endpoint attack surface and attacks evolved in 2020?
• How to enhance SoC capabilities to have proactive warnings of threats?
• Where does XDR fit into these?

Organizations in India need to ramp up their authentication efforts in light of a 60% increase in cashless transactions since the start of the COVID-19 pandemic, which has led to increases in attempted fraud.

The big challenge or threat in the current work-from-home environment is that hackers use phishing and other social engineering methods to trick users into providing confidential data, such as credit card numbers, social security numbers, account numbers, or passwords.

The session discusses:

• Key security steps in light of the movement to digital transactions;
• Using AI & ML to reduce risk using new algorithms to detect threats;
• New forms of authentication methods to detect real-time risks.

While corporate strategies around digital transformation drive measurable business outcomes, they are - at the same time-creating new security risks through the adoption of new technologies, increased complexity, and expansion of the attack surface with increased fraud and nation-state attacks.

In a fireside chat, the principal secretary of IT discusses how the cybersecurity infrastructure needs to be safeguarded by the enterprises in the post-COVID World. How enterprises need to take a 360 approach in building cyber resiliency in this digitally transformed World.

The session discusses:

• How to stay ahead of the hackers by bringing in the transparency into the entire process
• Enhancing SoC capabilities
• Harnessing new technologies to fight threats

The region's critical infrastructure sector has been the target for several high-pressure APT attacks, credential-stealing malware attacks, social engineering attacks, cyber espionage, and other targeted nation-state attacks. These attacks have majorly targeted the energy and oil sector, government, aviation, primarily aimed at data filtration. Besides, the region saw the frequency and severity of attacks, specifically targeting OT networks.

Since the COVID-19 has thrown up enormous challenges at enterprises to move beyond the traditional castle and moat security model, they need to find new ways to build a defense-in-depth model with a multi-layered process.

The session discusses:

• Harnessing new technologies to protect the critical infrastructure;
• Deploying an effective vulnerability management system
• Assessing the security posture with predictive threat actions.

These cybersecurity threats are amplified by the ongoing pandemic in the region--increasing phishing attacks, targeted attacks, disruption, distortion, and deterioration. The emergence of technologies such as IoT, skill shortage, insider threats, and cloud movement has posed the most significant risks.

A panel of experts discuss:

• Risks posed by increased digitization and cloud disruption;
• Use of the right technologies and tools for enhanced security posture;
• Use of predictive analytics and active defense in detecting threats;
• Cybersecurity investments in 2021