The C-Suite Edition

Manufacturing 4.0, Industrial IoT, connected machines and sensors opens up for digital automation in heavy industry. Connecting everything in an industrial environment also creates new risks and threats. What are these threats and how should we address the risks?

• Technology trends in operational IT
• Examples from the mining industry
• Cyber security threats in operational IT
• Measures & technology to meet the threats
• 6 things you need to do as an IT leader next week

Problem #1: Security agents don’t scale. Less than 50% of cloud assets are covered by host security solutions i.e. agents.

Problem #2: Alert overload. For every 100 cloud assets there are an average of 10,000 alerts from agents.

Before the cloud, we secured physical hosts. That meant spending time installing multiple security agents—one for each server. However, at least we were living in a reasonably static world. We assigned IP addresses to physical assets, and they seldom changed. Even then, as every security veteran knows, agent integration was tedious, and coverage rarely reached 100% of assets. Then the cloud started making virtual what used to be physical. So we used what we had. We took security agents that ran on physical hosts and ran them on virtual machines. In a cloud environment, one scales utilization up and down frequently—possibly thousands of times per hour across multiple clouds—and all within a CI/CD pipeline that builds one’s infrastructure. One has containers and VMs to deal with, and agents carry substantial operational costs.

To win at cloud security, tools must provide visibility based on the singularity of virtualization. The cloud must be treated holistically as a tightly interconnected web of assets, rather than a collection of independent machines. Context matters—and cloud security risks must be determined both by examining the full-stack within assets and by examining the relationships between them.

• Be aware of the dangers: ransomware inside and outside
• Emerging new models of ransomware
• Unpatched vulnerabilities at risk
• Benefits of artificial intelligence (AI) in cyber defense/offense
• How to battle ransomware: prevention and training

The banking community takes a number of action steps to keep their institutions, customers and employees safe.

• The most relevant threats against financial institutions
• How do new resilience regulations assist in the combat against cybercriminals?
• The future of payment systems like SWIFT or Fedwire or CHAPs or even central banks?
• The best defense models

Evolution is running as always. This is relevant and good for business, digitalization, and technology. But criminals adopt and evolve with all the changes, revealing new vulnerabilities and all the new capabilities in new technology. It’s important to stay up to date to be best prepared.
Let’s look at the business consequences before, during and after an incident.

Traditional security risk assessment as part of enterprise risk management has been known to struggle with methodology to conduct proper risk assessments. Often identification of risks uses compliance oriented approach, giving a false sense of security that the organization is not exposed to risks as long as they fulfill compliance requirements. This session provides insights to the understanding of the benefits of risk scenario analysis using analytical approaches and providing participants with opportunity to conduct practical scenario analysis and risk assessment examples and output within the business security context with the goal to strengthen existing security risk frameworks.

Securing modern enterprise has never been more difficult. Modern applications are assembled
not built and applications are more commonly composed from open source-code instead of authored by hand.

Further complicating the security of modern enterprise software are the Developer and Application Security Professionals who are overwhelmed with vulnerabilities in all layers of code, while facing the need to deliver software quickly and securely.

Many organisations are encouraging their developer teams to adopt a security mindset and take more ownership on security issues earlier in the development process. In this panel we will discuss what can be achieved effectively and what a successful program looks like in practice.

• Cultivating developer security adoption in the enterprise – what works, what doesn’t?
• How can we get around siloed application and cloud security tools that focus on severing issues after deployment?
• How can we create better rapport between developers and security teams?

Cloud environments are characterized by their dynamic nature. It’s easier than ever before to spin up new resources and add new technologies, which leads to an ever-increasing number of people and teams deploying in the cloud. Ephemeral resources like serverless functions and containers mean that workloads are being added and removed at blistering speeds.

From the security perspective, however, these changes have made keeping up with the cloud all the more challenging. The dynamic nature of the cloud has strained some traditional security approaches to the breaking point.

• The security pipeline is broken.
• Which context do you need to still be able to get things done?
• A view on the current, the next, and future of cloud security.

Resilience is the ability to fight back and remain strong despite continuous attacks – taking into account that the attackers only need to succeed once, defenders need to succeed every time. This session will argue that resilient cyber defense can only be achieved through automation and that automation requires intelligence that is both timely and tailored to the defending organization.

Phishing attacks are a subset of social engineering strategy that imitate a trusted source and concoct a seemingly logical scenario for handing over login credentials or other sensitive personal data.

• Browsing a new way of phishing using a malicious browser extension: what can we do to stay safe?
• “Browser in the Browser” attacks (BitB attacks): A devastating new phishing technique
• Sophistication of Spear phishing
• Prevention of Social Engineering Attacks: Organizational design that minimize attack vector

• How to stay safe against policy violations
• Detect atypical behaviors and tracks signatures for potential high-risk events
• Response and forensic investigations into what happened
• European Union NIS2 directive: a high common level of cybersecurity across the Member States

As exciting as they are, these new trends also pose important questions around security and business resilience. What is the appropriate level of trust to consider and deliver when people or devices access corporate systems and applications? How to maintain great user experience whilst ensuring security isn’t compromised? How to achieve business resilience, turning temporary fixes into future-proof measures?

Join this session to explore how to enable business resilience with a secure access strategy, avoid Push phishing and incorporating new trends such as Passwordless.

CISOs in the middle of warfare

• The impact of cyber-attacks on businesses and nations
• Cyber-attacks on critical infrastructure – detection, prevention and investigation
• How do the laws treat cyber-attacks? State of emergency