19th Annual e-Crime & Cybersecurity Congress 2021 | AKJ Associates | 2 March 2021 | Online

New security models for a new era: government, business, work and play have changed, so must security

We are at a decisive moment. The era in which most of us have spent our adult lives, an era of globalisation, is coming to an end.

It is not being ended by COVID-19: its central assumptions have been fraying for the past decade. But overwhelming technological change, and its acceleration by the pandemic, has hastened the end. The workplace, shopping, banking, personal communications, dating, politics - there's no part of our lives, personal or professional, that is not being upended by the virtual world.

These disruptions that we're seeing presage at least a temporary Age of Disorder, in which old certainties crumble and new ones take their place. And nowhere are the effects of this more obvious than in cybersecurity.

Out of the comfort zone, into the fire

Even pre-pandemic, more than two billion of us are spending over 25% of our online time on social networks. Phishing attacks and scams on these platforms are on the rise, and the platforms themselves offer only minimal controls to prevent the further propagation of account takeover - and this activity is invisible to the enterprise.

Post-COVID, with remote working common, this is an enormous problem.

The broad adoption of collaboration, chat and social channels - such as Skype, Zoom, WhatsApp and LinkedIn - as critical work tools has increased the attack surface and weakened controls. These channels are rapidly outpacing email as the communications tool of choice, and they are even less secure than email, which is itself still the key vector for social engineering and credential theft.

Most security teams have no existing tools in their arsenal to extend their visibility into this realm, particularly when these accounts are personal rather than company-owned - and attempts to do so raise questions about privacy and surveillance.

And governments and businesses are finally having to walk the walk on digitalisation.

When a pizza company takes all its orders via app, DDoS attacks become its top threat. When schools teach lessons online, but local authorities are quibbling over the additional costs of an E5 license for O365, children are put at risk. When the national power grid can't get budget to secure NT/4 boxes in physically insecure sub-stations, CNI is vulnerable. When hospitals can't treat patients because of ransomware, people die.

Digitalisation and the IoT are concrete developments with real impacts - and security needs to respond.

Will BigTech help to secure the citizen?

In the public sector, accountability to the public and to corporations will force governments to do a better job. Cyberspace is not a target in itself - it's a medium. And that medium connects, in every direction, to the machinery of civilisation itself.

That machinery is critical national infrastructure. It's the medium through which populations access information, goods and services; it's the basis upon which businesses now operate in a digital world; with the Internet of Things, it's a parallel world that lacks almost all the safeguards we expect the state to provide in the 'real' world.

Cyberspace needs the investment in laws, police and paramedics that the physical world has. Citizens and businesses demand a better service.

In the private sector, boards are being held to account for cybersecurity by key stakeholders and the regulators. They will in turn make others accountable to them. But who? Is this the moment the CISO rises in prominence, or will the real responsibility fall to others?

Ultimately, the answer depends on who can give boards answers to business problems, not just IT problems.

Will risk managers, business units and CISOs - and the insurance industry - be able to give them an idea of potential losses and predictive data on breaches and their impact? How will CISOs satisfy senior management's needs for evidence of cybersecurity? Who will present this to investors and regulators?

The e-Crime & Cybersecurity Congress will take place online and will look at how the fabric of cybersecurity regulation, governance and enforcement must change, as well as the latest technologies, strategies and architectures that can keep society and business safe. As digitalisation goes critical, is this finally the moment at which traditional cybersecurity management has to change?

2021 Speakers

Stephen Lear
Senior Manager, National Cyber Crime Unit - Prevent & Protect, National Crime Agency

Stuart Aston
National Security Officer, Microsoft

Steve Williamson
Head of Internal Audit - Information Security & Data Privacy, GSK

Jane Corr
Chief Information Security Officer, Great West Life Europe

Scott Barnett
Head of Information & Cyber Security, NHS National Services Scotland

Lukas Grimfors
Global Security Architect, Autoliv

Prof. Carsten Maple
Professor of Cyber Systems Engineering, University of Warwick

Gabriel Voisin
Partner, Privacy, Data Protection, Cyber, Bird & Bird LLP

Dan Burns
Head of Cybersecurity Operations, Next

Laura Ellis-Philip
Director of Digital, Ashford and St. Peter's Hospitals NHS Foundation Trust

Laura Morgans
Information Security, Risk & Compliance Manager, Dr. Martens

Clair Phelps
Senior Information Security Manager, Legal & General

Jonathan Craven
Head of Information Governance & Data Protection Officer, Central and North West London NHS Foundation Trust

Johannes Braams
Senior Cybersecurity Advisor, Royal Haskoning DHV

Dan Baylis
Group Security Operations Manager, Quilter Plc

Chris Baars
Cyber Incident Exercising Lead, A.P. Moller - Maersk

Iain Harrison
Information Governance & Risk Manager, Leicester City Council

John Rouffas
Director of Cybersecurity, NuVida Data Forensics

John Finch
Information Governance Manager, Plymouth City Council

Dave Meltzer
CTO, Tripwire

Thom Langford
Security Advocate, SentinelOne

Gina Doekhie
Cybercrime Specialist, Dutch National High Tech Crime unit

Jas Sagoo
Cybersecurity Manager, Birmingham City Council

Brett Raybould
Solutions Architect, Menlo Security

Stephen Roostan
VP EMEA, Kenna Security

Justin Shaw-Gray
Sales Director, Synack Inc.

Dov Lerner
Security Research Lead, Sixgill

Nour Fateen
Presales Manager, UKI & META, Recorded Future

Sumukh Tendulkar
Senior Director of Product Marketing, Sixgill

Michael-Angelo Zummo
Cyber Threat Intelligence Specialist, Sixgill

Sudeep Venkatesh
Chief Product Officer, Egress Software

Ben King
Chief Security Officer, Okta

Niamh Muldoon
Global Data Protection Officer and EMEA Trust & Security Leader, OneLogin

Max Berg
Senior Solutions Engineer. BeyondTrust

Jacob Serpa
Sr. Marketing Manager, Bitglass

Peter Morton
Senior Cybersecurity Engineer, Mclaren Automotive Ltd

Chris Strand
Chief Compliance Officer, IntSights

Paul Prudhomme
Head of Threat Intelligence Advisory, IntSights

Migchiel de Jong
Systems Engineer, Illumio

Trevor Dearing
Technology Director, EMEA, Illumio

Harish Sekar
Senior Technical Evangelist, ManageEngine

Simon Newman
Head of Cyber & Business Services, Police Crime Prevention Initiatives

2021 Sponsors

STRATEGIC SPONSORS:
• BeyondTrust
• Cofense
• Darktrace
• Egress
• Illumio
• IntSights
• Okta
• Recorded Future
• SentinelOne
• Sixgill

EDUCATION SPONSORS:
• Bitglass
• Intel 471
• Kenna
• LogRhythm
• ManageEngine
• Menlo Security
• Nominet
• OneLogin
• Opswat
• Reliaquest
• Synack
• Tenable
• Tripwire

NETWORKING SPONSOR:
• ThreatConnect