Agenda DACH March 2025
08:00
Registration
08:15
POWER BREAKFAST
Let's open the conference with a power breakfast where you will have the opportunity for the first morning networking with colleagues from different industries and a chance to make new acquaintances and exchange business cards.
09:00
- Increasing Cyber Threat Landscape: As cyberattacks targeting critical infrastructure continue to rise, organizations in the DACH region must prioritize strategic security investments to safeguard essential services against sophisticated threats, ensuring uninterrupted operations.
- Advancements in Technology: The rapid evolution of technology, including IoT and smart infrastructure, necessitates substantial investments in security to address vulnerabilities and ensure the safe integration of these technologies within critical systems.
- Economic Stability and National Security: Protecting critical infrastructure is vital for maintaining economic stability and national security in the DACH region. Strategic investments in security not only enhance resilience but also build public trust in essential services, fostering a secure environment for growth and innovation.
09:25
- Multiple Regulatory Frameworks: Companies in DACH must comply with NIS2, DORA, GDPR, KRITIS, and other overlapping regulations.
- Need for Integration: A unified approach simplifies compliance management, reducing operational complexity and risks.
- Future-Readiness: Scalable solutions are essential to adapt to evolving regulatory demands and maintain resilience.
Ola Pontén
CISO
SCA
10:00
- Continuous Verification: Implementing Zero Trust principles emphasizes the need for ongoing validation of user identities and device security, ensuring that every access request is thoroughly assessed regardless of location.
- Least Privilege Access: The framework promotes limiting access to only what is necessary for users and third parties, significantly reducing potential attack surfaces and minimizing the risk of unauthorized access.
- Segmentation of Resources: Zero Trust encourages the segmentation of networks and resources, making it harder for threats to spread laterally and ensuring that third-party access is tightly controlled and monitored.
10:20
Coffee break and 1-1 meetings
10:50
- Proactive Threat Detection: AI systems analyze vast amounts of data to identify patterns and anomalies, enabling organizations to detect potential threats before they escalate into serious incidents.
- Augmented Decision-Making: AI tools assist human security teams by providing real-time insights and recommendations, allowing for quicker and more informed responses to cyber incidents.
- Automated Response and Remediation: By automating routine tasks and incident responses, AI frees up human resources to focus on complex issues, enhancing overall efficiency in cyber incident management.
11:15
- Integrated Compliance Frameworks: Develop unified compliance frameworks to streamline processes and reduce redundancies across various regulatory requirements.
- Cross-Functional Collaboration: Encourage teamwork across departments to enhance understanding and address overlaps in compliance efforts, improving resource allocation.
- Technology Adoption: Utilize compliance management tools and automation to simplify tracking and response to regulatory changes, enhancing overall compliance efficiency.
Henrik Thomsson
Head of IT Security at Lidl Sverige
Mikael Varverud
CISO
Iptor
11:40
- Navigating New Threats: The DACH region faces evolving cyber and physical threats targeting critical infrastructure, including energy grids, healthcare, and transportation systems.
- Regulatory Compliance and Preparedness: Adapting to frameworks such as NIS2 and KRITIS requires a unified approach to compliance, ensuring operational resilience and risk mitigation.
- Technology and Collaboration: Strengthening security demands coordinated efforts between public and private sectors, leveraging advanced technologies, and sharing intelligence to protect essential services effectively.
12:10
Lunch Break
13:10
- Defined Accountability in Cloud Environments: Implementing clear roles and responsibilities among cloud service providers and clients is essential to ensure all parties understand their security obligations, enhancing the overall security posture.
- Joint Risk Management Strategies: Conducting collaborative risk assessments within the cloud framework allows organizations to identify and mitigate vulnerabilities effectively, ensuring comprehensive coverage against potential threats.
Ongoing Communication and Training for Cloud Security: Establishing regular communication channels and training programs fosters a strong partnership, keeping all stakeholders informed about evolving security practices and emerging threats in the cloud ecosystem.
13:35
- Defining Boundaries and Responsibilities: Clarifying roles between service providers and clients ensures smooth operations, minimizing security gaps and misconfigurations.
- Managing Risks and Compliance: Effective collaboration is essential for meeting regulatory requirements and mitigating shared risks, especially in multi-cloud environments.
- Best Practices for Governance: Establishing transparent communication and clear accountability fosters trust and reduces vulnerabilities in interconnected ecosystems.
14:10
- Streamlined Compliance Frameworks: Developing a unified compliance approach helps organizations effectively navigate multiple regulations, ensuring consistent adherence to NIS2, GDPR, and other applicable standards across operations.
- Scalable Solutions for Evolving Regulations: Implementing flexible compliance tools and processes enables organizations to adapt swiftly to regulatory changes, enhancing their resilience while minimizing disruptions to business operations.
Integrated Risk Management Practices: Fostering a culture of collaboration between compliance, security, and operational teams ensures that regulatory demands are met while simultaneously addressing broader business risks.
14:40
Cybersecurity is a collective effort, and strategic alliances are key to staying ahead of adversaries. Building alliances with government bodies, industry peers, and international cybersecurity firms enables faster threat detection, joint response capabilities, and shared intelligence. Platforms like the European Cyber Security Organization (ECSO) facilitate such collaborations.
Strategic alliances are key to strengthening defenses against evolving cyber threats. This session will examine how partnerships help organizations navigate compliance and regulatory landscapes, enhance their defenses, and optimize cybersecurity investments.
14:30
Coffee Break & 1-1 meetings
15:00
- Holistic Risk Assessment Strategies: Organizations must conduct comprehensive evaluations of their critical infrastructure to identify vulnerabilities and ensure compliance with emerging regulations like DORA and KRITIS.
- Investment in Security Technologies: Leveraging advanced security solutions is crucial for safeguarding critical infrastructure against evolving threats while fulfilling regulatory obligations.
Cross-Sector Collaboration: Engaging with governmental bodies and industry partners promotes a shared understanding of regulatory requirements, fostering a collective approach to protecting critical infrastructure in the DACH region.
15:25
- Enhanced Threat Detection: AI tools analyze vast amounts of data in real-time, identifying patterns and anomalies that may indicate potential security threats, enabling quicker responses.
- Automated Incident Response: By automating routine tasks such as alert triage and initial incident analysis, AI allows security teams to focus on more complex issues, improving overall efficiency.
- Continuous Learning and Adaptation: Machine learning algorithms continuously improve by learning from past incidents and evolving threats, providing security teams with updated insights and strategies to combat emerging risks.
15:50
- Enhanced Risk Management: By adopting a Zero Trust approach, organizations can better identify and mitigate risks associated with external threats, thereby strengthening their overall security posture.
- Integration with Advanced Technologies: The framework facilitates the use of advanced technologies, such as AI and machine learning, to detect anomalies and respond to threats in real time, enhancing incident response capabilities.
Cultivating a Security-Centric Culture: Implementing Zero Trust principles fosters a culture of security awareness among employees and third-party partners, promoting best practices and shared responsibility in protecting sensitive information
16:10
Leg Stretcher
16:15
- Enhanced Detection Capabilities: AI algorithms can analyze vast amounts of data in real time, identifying patterns and anomalies that may indicate potential threats, allowing human analysts to focus on more complex security issues.
- Accelerated Incident Response: Automation can streamline response protocols by executing predefined actions during security incidents, significantly reducing response times and mitigating damage before human intervention is required.
- Continuous Learning and Improvement: AI systems improve over time by learning from past incidents, providing valuable insights that can inform security strategies and enhance the effectiveness of human decision-making in threat management.
16:50
- Trust and Data Control: Effective collaboration hinges on trust between organizations, necessitating clear data-sharing protocols to safeguard sensitive information.
- System Compatibility: Integrating diverse security tools across organizations can pose challenges; adopting standardized frameworks can enhance interoperability.
Training and Communication: Ongoing training for security teams and regular communication between partners are vital for adapting to evolving threats and ensuring effective collaboration.