Speaker:
Shane Read, Former Global CISO, Noble Group and vCISO, TJL Cyber, Hong Kong

COVID-19 has resulted in increased digitization across sectors, with the enterprise cybersecurity leaders suddenly finding themselves tasked with securing a new hybrid workforce and defending their largest-ever attack surface. The trend has led to data proliferation, and organizations struggle to handle the sheer volume of data in this new regime. What are the threats to watch and technologies to embrace during the pandemic and beyond, particularly when the abundance of valuable information has captured subversive elements' attention? At the same time, cybercriminals have breached networks and compromised millions of records, not only causing revenue losses but impacting brand reputation?

Enterprises consider 2021 to be the decade of digital trust as the CISOs expect cybersecurity to have a tremendous impact on the nation's critical infrastructure.

This exclusive keynote session describes:

• Changing threat landscape and lessons from the pandemic;
• Key priorities for CISOs 2021 - identity and access management, cloud, data protection, and regulations;
• A collaborative approach to building skills and techniques to achieve "future-proof" enterprise security.

Speaker:
Dr. Amirudin Wahab, Chief Executive Officer, CyberSecurity Malaysia

The year 2021 will see an increase in organized cybercrime activities, APTs, and ransomware attacks targeted at the critical infrastructure organizations across South East Asia. Also, the remote workforce. Economic stress. Pandemic fatigue has made created a "perfect storm" for an increase in security breach risks. What can you do to improve monitoring, detection, and mitigation of the risks in these unique conditions?

This exclusive session details:

• Insight into Malaysia's Cybersecurity Master Plan for 2020-24 for tackling new threats;
• Enhancing predictive, preventive, and response capabilities using AI & ML techniques;
• How enterprises can use SASE and 'zero trust' models to fight new threats.

Speaker:
Kunal Jha, Senior Director Application Delivery and Security, APJ, Citrix

For years, playing whack-a-mole with security threats has been the only way to keep attackers at bay. With specialized solutions suited to every flavor of attack out there, cybersecurity has become capital intensive and increasingly complex. But what if, instead of ‘mole-whacking’ vector-based defense, IT could cover up the holes from which they tend to pop up? Why not use precious resources, protecting only the assets that need to be protected and cast aside what doesn’t?

The ‘zero trust’ approach can help you deliver the security promise.

The session will discuss:

• How to achieve ‘invisible security’ with an intelligent experience built on analytics and automation using ‘zero trust.’
• Delivering a better user experience and better ROI, while providing granular and consistent security policies for getting an outcome based on ‘zero trust.’

Speaker:
Gary Gardiner, Head of Security Engineering, APAC, Check Point

Check Point’s white hat research team which has discovered the existing malware out in the wild and also the’zero-day vulnerabilities discusses use cases around how organizations with responsible disclosure can further secure networks and devices.

It is imperative for organizations to under what the threat actors are doing in real-time.

The session discusses:

• Findings around the ‘zero-day’ vulnerabilities;
• Detecting threat actors movements in the networks, IoT devices, mobile and on the cloud in real-time;
• Securing the networks and devices

Speaker:
Yuko Miyahara, Commercial Team Lead, Darktrace

The future of work remains unpredictable. More than ever before, business leaders need to remain confident that their operations can continue securely in the face of regional or even global crises, and while sections of the economy remain more uncertain and fragile than ever, cyber-attackers are ramping up their campaigns. Organizations must rethink their approach to security, and rely on new technologies like AI to achieve much-needed adaptability and resilience.

The session discusses:

• Emerging threats from the transition to remote work
• How AI has adapted to new patterns of work
• Darktrace's use of Cyber AI to protect the dynamic workforce
• Defensive Autonomous Response capabilities

Speaker:
Hywel Morgan, Manager, System Engineering, ASEAN & Korea, Sophos

Historically, cybersecurity has focused on protection, preventing threats exploiting weaknesses within an organization. This is changing as organisations accept that due to gaps in defences allied with the attack's sophistication, threats will enter your organization and often remain undetected for weeks or months, exfiltrating data and moving across your assets. Businesses are increasingly focusing on threat detection and response to address this risk.

In this ever-evolving landscape, it is imperative to understand the right threat detection and response approach for your organisation; is it the Endpoint Detection and Response (EDR), or Extended Detection and Response (XDR) or Managed Detection and Response (MDR), and what are next-generation defences required.

The session will discuss:

• The need and benefits of threat detection and response
• Factors to consider and evaluate an appropriate approach to threat detection and response
• Achieving operational efficiency while raising your security posture

Speaker:
Joshua Foo, Regional Director, South Asia, Hong Kong and Taiwan, Chainalysis

Covid-19 had a major impact on cryptocurrency activity, both legal and illegal, resulting in record breaking ransomware attacks seen around the world. As the pandemic raged, cybercriminals took advantage of new extortion tactics, with victim payments rising over 500% compared to 2019. Join us as we break down the ransomware ecosystem and show how surprisingly few cybercriminals enable such massive destruction.

What are the main components of the ransomware ecosystem? Is there a way to mitigate the risks posed by these attacks?

This session discusses how blockchain analysis can help your organization:

• Profile criminals and track them down;
• Identify emerging and dominant variants;
• Pinpoint possible RaaS developers;
• Track affiliates testing RaaS providers.

Speaker:
Abid Adam, Group Chief Information Security Officer & Group Head of Privacy, Axiata, Malaysia

While corporate strategies around digital transformation drive good business outcomes, cybersecurity threats are amplified by the ongoing pandemic and the emergence of new technologies such as IoT and cloud momentum. How can security leaders avoid obstacles and become catalysts for change and deliver business value and mitigate risks arising from this digital transformation? How can they ensure security and privacy in their digital transformation journey, and what are the various aspects that need to be kept in mind to ensure business continuity.

This session discusses CISOs role:

• In protecting the identity in the digital transformation journey;
• How to begin the journey of digital trust;
• Using right technologies to ensure security and ease of doing business.

Speaker:
Mark Johnston, Head of Security, Customer Engineering, Google Cloud APAC, Google

Enterprises traditionally used on-premises IAM software to manage identity and access policies. With companies adopting cloud services, the process of managing identities is getting more complicated. Therefore, adopting cloud IAM solutions becomes a logical step. However, mapping single sign-on users and IAM roles can become challenging as users can have multiple functions that span several cloud accounts.

The session will discuss:

• How best to manage IAM roles in the cloud;
• What does cloud IAM include;
• On-prem IAM Vs. Cloud IAM.

Speaker:
AJ Eserjose, Regional Director, OT-ISAC (Operational Technology Information Sharing and Analysis Center)

Asset owners and operators are experiencing a convergence of IT and OT in this era of digital transformation, which is resulting in increased cyber risk to industrial control systems. Legacy ICS components are not designed to embrace this digital transformation and the heightened liability that accompanies it.

It has become imperative to redefine security architecture to build and improve the cyber resiliency of ICS in this connected world, and equip teams and systems to prevent or respond to sophisticated threats and actors now taking advantage of this new environment.

The session discusses:

• Security threats posed by connected systems;
• Making security part of the design from the beginning and implementing micro-segmentation strategy to build cyber resilience;
• Maximizing the value of information and threat intelligence sharing in addressing ICS risk.

As organizations pursue a new generation of infrastructure with SDN and cloud, business is primed to move and shift faster than ever, but speed without security is simply a risk multiplier. It is vital to learn how global organizations have operationalized a simple, fast, and safe segmentation strategy to secure agile, dynamic, and complex environments and stop the lateral movement of threats. What would be the security and risk outcomes and the role of micro-segmentation in building the ‘zero trust’ framework? An insight into the lessons learned from segmenting over 1 million workloads.

The session will discuss:

• The movement toward segmentation & Zero Trust for enhanced security;
• Why the traditional network-based segmentation approaches fall short of security;
• How to apply micro-segmentation to any greenfield and brownfield environment.

Speaker:
Clive Finlay, Chief Technology Officer, APJ & EMEA, Symantec Enterprise Division, Broadcom

Throughout 2020 organizations widely adopted a zero trust architecture in response to the pandemic and it is now fast replacing traditional VPN approaches. As the zero trust approach continues to evolve, the challenge for organizations in 2021 and beyond lies in how to implement this approach across environments, both in the cloud and on-premise.

This session will discuss:

• The evolution of zero trust in a pandemic world
• The next chapter in the zero trust framework and new technologies to consider
• How to overcome implementation challenges and the benefits of a platform approach

Speaker:
Neil Campbell, Vice President, APJ, Rapid 7

Fixing a breach is far more costly than prevention. Organizations are under pressure to respond to it faster. More often than not, though, it can be weeks or months before you’ve even realized that you’ve suffered one.

The session will discuss:

• Understanding the legal implications of the incident and plan a response mechanism;
• Evolving a crisis management plan to prevent any reputational loss;
• Required skills to remediate, respond and mitigate the risks and establish a smooth recovery process.

Speaker:
Karunanand Menon, Senior Sales Engineer, APAC, Okta

Passwords have been a constant throughout the internet era. As we’ve moved from desktops to smartphones, from on-premises infrastructure to cloud services, we’ve all relied on passwords to access and safeguard our data and resources across the applications we use daily.

But in this new digital age where data breaches are rampant, passwords are no longer good enough. Not only are they insecure, but they are also expensive and offer a poor user experience. Is there a better way to protect your applications and prevent account takeover incidents?

The session will discuss:

• Enhancing user experience and access control with passwordless authentication;
• How passwordless authentication helps in curbing identity theft;
• Critical considerations for practitioners as they embark on a passwordless journey.

Speaker:
Rich Thompson, VP, Global Sales Engineering, BlackBerry

When it comes to enterprise security, Zero Trust is a concept that is becoming popular. More of a philosophy than a set of procedures, Zero Trust requires a deeper discussion and look at security. Is it practical for every one? Should Zero Trust be a priority? Why does it matter? What are the challenges? What is important? What about IoT? What role does our current security program play?

This session will explore the important questions about whether Zero Trust should be a priority for your organization and touches on the role of users and devices, environment and network. We will discuss the approaches and challenges with Zero Trust, addressing business drivers such as cloud environments and business continuity needs.

Speaker:
Lee Dolsen, Chief Architect, Asia Pacific & Japan, Zscaler

The IT and security heads are challenged from time to time about keeping the systems up and running, with availability and cyber resilience paramount. Breaking the kill chain is critical to understand in securing the environment. How can a ‘zero trust’ architecture be used in building this network and security transformation in a cloud-ready environment?

The session discusses:

• Bridging the network and security gaps with the right technologies and tools;
• Enhancing user access control mechanism with IAM and PAM;
• Prevent data leaks with an appropriate protection plan.

Speaker:
Jonathan Andresen, Senior Director, Marketing & Products, Asia Pacific & Japan, Bitglass

Network security architectural best practices are undergoing a dramatic shift. Two prominent IT security trends have dominated InfoSec discussions during this ongoing pandemic: Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE). In practical terms, which is more important, what is the relationship between them, and how will they improve cybersecurity effectiveness?

As security teams prepare for either a return to the office or a more distributed workforce and as cyber threats continue to proliferate, IT teams must understand the differences between these two essential security paradigms.

The session will discuss:

• Key difference between ‘zero trust’ and SASE and what it means to CISOs;
• How to improve security by leveraging ZTNA within a SASE architecture;
• Common SASE and ZTNA use cases and tactical and strategic approach to implementing the frameworks.

Speaker:
Eric Lam, Director for Security Solutions, Microsoft Asia Pacific

The recent cyberattacks have shown increased sophistication in the breadth of tactics used to penetrate, expand across, and persist in affected infrastructure. They have posed a serious threat to every organization. While the tactics, techniques, and procedures (TTPs) that the bad actors utilized are not new to defenders, we have also come to realize that many organizations have once again been caught unprepared.

Companies should start or continue to adopt a ‘zero trust’ mentality across their environment to defend against such attacks. A ‘zero trust’ mindset creates a more resilient, consistent, and responsive posture to new incidents. It helps address gaps in unprotected devices, weak passwords, and gaps in multi-factor authentication (MFA) coverage that attackers can exploit.

The session will discuss:

• How a ‘zero trust’ framework will help build cyber resiliency across the environment;
• Factors that need evaluation before implementing a ‘zero trust’ framework;
• Improving user authentication and control using ‘zero trust’ principles.

Speakers:
Micky Lo, MD, Chief Information Risk Officer, BNY Mellon, HongKong
Steven SIM Kok Leong, President, ISACA Singapore Chapter
Surachai Chatchalermpun, CISO, Krungthai Bank, Thailand

How to strategize and see security in a new light amidst new challenges. The emergence of technologies such as IoT, skill shortage, insider threats, and cloud movement has posed the most significant risks for enterprises in the current times, which are amplified by increasing phishing attacks, targeted attacks, disruption, distortion, and deterioration.

A panel of experts discuss:

• Risks posed by increased digitization and cloud disruption;
• Use of right technologies in the adaptive era
• Use of predictive analytics and active defense in detecting threats;
• Cybersecurity investments in 2021

The popular SolarWinds hack, the supply chain attack that implanted a backdoor in the Orion network monitoring software pushed to 18,000 of the firm's customers, is considered to be potentially the most significant intrusion in our history.

The campaign's full scale, including all of the tactics, techniques and procedures being used by attackers remaining unknown, has left most enterprises across the regions in a state of shock.

What are the lessons the CISOs need to learn from this attack? Do you have a process to evaluate your vendor's security policies and frameworks?

The panel will discuss:

• How should the risk framework of supply chain vendors evolve;
• The risks posed by different kinds of vendors;
• Defining security by design approach while evaluating the third party products.