8:00am
Registration and networking
9:00am
Chair's opening remarks
Hannah Kuchler, San Francisco Correspondent, Financial Times
9:05am
Opening keynote: Scoping the future of cyber security and how organisations can prepare for what is to come
This keynote will review:
- What impact will the innovation in technologies – like biometrics, predictive analytics and AI have?
- How can AI address the fundamental challenge of legacy security protocols?
- How do cryptocurrencies and blockchain impact cyber security measures?
- What is the “active defense” model and is it the right approach for anticipating and isolating attacks?
- How can organisations ensure they are prepared and anticipate what is next?
Dr Alison Vincent, Group Chief Information Security Officer, HSBC
9:45am
Live interview: Embedding Nextgen security solutions to drive adoption internally, across the supply chain and to consumers
- How can flexible and adaptable security layers be enabled to allow for evolving technology and enable greater convenience and security?
- How can we strike the right balance between security and delivering the simplicity and convenience that people demand in today’s digital world?
- How can we ensure that consumers feel their personal information, money and identity are secure in the digital age?
- What is the future for wearable technology and voice authentication?
- What security technologies have huge potential in securing our digital future?
- How can we ensure external services across complex supply chains are also secured?
- What are the must-haves in terms of cyber security, and how can companies calculate a sensible budget for them? Should cybersecurity budgets scale up in line with the size of the company?
Interviewee: Michele Hanson, Chief Information Security Officer, News UK
Interviewed by: Alexis Conran, TV presenter and actor, writer and former presenter, The Real Hustle
9:45am
- 360 degree panel: How are Financial Services continuously responding to a complex and evolving risk Environment?
- Cyber attacks against this sector have grown in number, size, and sophistication. This is complicated further by a rise in merger and acquisition (M&A) activity and global expansion which creates an even greater challenge in integrating different infrastructures, databases, protocols and computer assets across multiple jurisdictions.
- Defending the digital landscape in a cohesive and holistic way is a huge challenge.
- How are financial regulators helping to protect the system?
- Has collaboration and information-sharing between relevant institutions (government, banks, regulators) been achieved?
- If trust has emerged as the key competitive differentiator, how will this impact the financial services supply chain?
- What is the update on cyber-protection regulations specific to the financial industry?
- How have the challenges of compliance to existing complex regulatory requirements, including those on anti money laundering, KYC and sanctions and data protection, been met?
- How can AI and machine learning be implemented effectively to support compliance, improve monitoring and reporting, and prevent illicit financial flows?
Dr. Marc Hofmann, Chief Information Security Officer, SWIFT
Cheri McGuire, Group Chief Information Security Officer, Standard Chartered Bank
10:30am
Networking break
11:00am
CISO thought leader dialogue: Live scenario response to a cyber security attack
During this live session we will follow the story of a response to a major cyber incident. A number of leading cross-sector CISO panellists will then discuss the key stages of the recovery plan and how they would have responded to ensure operations were recovered quickly and the impact was minimised.
Flavius Plesu, Chief Information Security Officer, Bank of Ireland
12:15pm
Lunch
1:15pm
Business continuity and resilience: Interactive scenario contingency planning round tables
Cyber response is about asking questions and making key decisions about the recovery stage based on the understanding of the incident. Simulation of a cyber emergency scenario is a critical part of building cyber resilience into your organisation. This interactive exercise will challenge the participants to make decisions that will influence the outcome of the cyber incident story. At the end of the training there will be time to reflect on the outcome of each group’s decisions, providing insights into the impact of the decisions made.
Each group will have a specific cyber security challenge assigned to them and a leader to guide them through the scenario response process. Once the damage has been assessed ie what is the attackers goal, what type of incident is it, how serious is the incident, has the system been compromised; you will need to agree with the group how do you isolate that breach, who has been affected and should they be informed, how can business be resumed quickly and securely, what are the priorities, who should lead on the business continuity, what are the next steps, who needs to be informed, have stakeholders, staff or the press already found out?
In terms of the recovery steps, what can you do to prevent the attack from happening again, are your monitoring tools and processes sufficient, which of your pieces of equipment or devices are the most vulnerable, are your critical data and systems backed-up, what is the “cyber kill chain” ie a sequence of stages required for an attacker to successfully infiltrate a network and exfiltrate data from it, how can your monitoring and response plan be improved?
SCENARIO 1: One of your employees has opened a spam email which contained malware that has enabled a hacker to gain access to the network
SCENARIO 2: Following a data security breach a reporter has gotten wind of details about the attack and has been in contact with you
SCENARIO 3: The CEO is angry about how the response is going and creating more problems than they are solving
SCENARIO 4: Your system has been compromised and there is a blackout at the power station affecting thousands of customers and putting increasing pressure on the rest of the network
SCENARIO 5: At the airport, the customer management system has been hacked and there is no data available at this stage
SCENARIO 6: One of the team has accidentally provided the password for a database of customer information and several unauthorized access attempts have been made
SCENARIO 7: The CFOs laptop has been stolen from the organisation and despite being password-encrypted, the security settings are not that high and it contains very sensitive business data
SCENARIO 8: One of your executive team members has been threatened and has provided a team of unknown hackers with detailed information of your cyber security
SCENARIO 9: A few of your PCs infected by a ransomware attack, how can you prevent it from spreading?
SCENARIO 10: Reports of multiple, seemingly unrelated, cyber incidents are occurring at the same time including phishing attempts and a Distributed Denial of Service (DDoS) attack, how do you respond?
3:15pm
Summary of interactive scenario planning sessions
3:30pm
Chair's closing remarks
3:35pm
Conclusion