21st Annual e-Crime & Cybersecurity Congress 2023 | AKJ Associates Ltd | 28 February 2023 | Park Plaza Victoria London, 239 Vauxhall Bridge Rd, Pimlico, London SW1V 1EQ, UK

As cyberspace becomes the arena for a new cold war, does cybersecurity practice need to change?

Too much focus on PID protection, not enough on cybersecurity?

Not that long ago cybersecurity was the art and science of stopping economically motivated actors exploiting vulnerabilities in traditional IT networks to commit a fairly narrow range of frauds, disruptions and data thefts. It was the counterpoint to cybercrime, which was seen as being carried out almost exclusively by non-state actors. Yes, some nation-states used cybercrime to make money and yes, governments’ use of cyberattacks for economic and political espionage is not new.

However, it’s become increasingly clear that a new global cyberwar has started that looks very much like the cold war of the 1950s to 1980s. As one commentator puts it, instead of stockpiles of nuclear weapons, “the threat of cyberwar, by contrast, has more to do with a global stockpile of vulnerabilities, amassed by accident as a by-product of continued innovations in connectivity. In the end, the sensation is the same: a foreboding feeling of pervasive, imminent risk. Cyberwar is real.”

So how does a cyber-cold war create a different set of risks for individual organisations? Does the potential for huge rises in the scale and sophistication of attacks, and the likelihood that infrastructure disruption and destruction will become more prevalent, objectively change the security calculus? One answer is that it will force firms to stop focusing narrowly on GDPR and think strategically about real security: as Mario Greco, chief executive at insurer Zurich says, focusing on the privacy risk to individuals is missing the bigger picture: “First off, there must be a perception that this is not just data . . . this is about civilisation. These people can severely disrupt our lives.”

The struggle to value cybersecurity

It’s hard to argue that cyberrisk is not rising. And most security professionals seem to agree that in some ill-defined way, it is.

• 51% of CISOs/CIOs, believe that businesses will need a specific strategy in place to protect against cyberwarfare in the next 12-18 months.
• The C-suite is increasingly concerned about loss of IP and R&D secrets, revenues and operational resilience.
• Governments are concerned about the potential for attacks on CNI and also for exploitation of poorly-understood linkages in financial systems, energy infrastructure and supply chains.

So surely the value of good cybersecurity, and of the professionals who implement it, is rising too? That’s not so easy to prove.

For a start, not everyone believes the new threats mean a new strategy is need. One piece of research showed that while 71% of CIOs and CISOs in a sample of almost 7,000 cybersecurity professionals believe cyberwarfare is a threat to their organization, 27% still admit to not having a strategy in place to mitigate this risk.

On the other hand, insurance premiums continue to spiral up as insurers get more data on how frequent attacks have become and how much damage they cause. Indeed, Zurich’s Greco says that cyberattacks will become uninsurable, particularly those involving state actors (Lloyds of London just announced an exemption for state attacks too). That struggle to assess the right premium level.

But generally, it has not got any easier to properly quantify cyberrisk at the firm level. So, Boards, while they put cyber at the top of their risk priorities, still do not put their money where their poll responses are.

This year’s e-Crime & Cybersecurity Congress will look at how we all need a new kind of security. Join our real-life case studies and in-depth technical sessions from the security and privacy teams at some of the world’s most admired brands.

2023 Speakers

Keir P
Head of Strategic Response, National Cybersecurity Centre (NCSC)

Irfan Hemani
Deputy Director of Cybersecurity and Digital Identity, Department for Science, Innovation and Technology

Helen Rabe
CISO, BBC

Lt Col Chris Cameron
Head of Cybersecurity - Permanent Joint Headquarters, UK Strategic Command

Andrew Gould
Detective Chief Superintendent CISSP, CISMP, National Cybercrime Programme Lead

Jesús Mérida Sanabria
CISO, Iberia

Sarah Lawson
CISO, UCL

Mark Logsdon
CISO, NHS Digital

Stuart Peters
Head Cyber Resilience Policy Cybersecurity and Digital Identity Directorate, Department for Science, Innovation and Technology

Jane Corr
CISO, Canada Life Group Services Europe

Becky Pinkard
Head of Cyber Operations, Barclays

Joseph Da Silva
CISO, RS Group plc

Adam Maxwell
Head of Information Security, Doctor Care Anywhere

Simon Newman
CEO, The Cyber Resilience Centre for London

Darcy Delich-Coull
Head IT Security & Compliance, Footasylum

Simon Goldsmith
Director for Information Security, OVO Energy

Jensen Penalosa
Assistant Legal Attaché, FBI

Ash Hunt
CISO, Apex Group

Eleanor Ludlam
Partner, DAC Beachcroft

Andrea Walker
Head of Information Security, BBC

Jon Townsend
CIO, National Trust

James Burchell
Senior Security Engineer, CrowdStrike

David Mahdi
Chief Identity Officer, Transmit Security

Johan Dreyer
Field Chief Technology Officer, Mimecast

James Maude
Lead Cyber Security Researcher, BeyondTrust

Maurice Luizink
Director, Solutions Engineering, Transmit Security

Maurits Lucas
Director of Product Marketing, Intel471

Ian Dutton
Senior Sales Engineer, GateWatcher

Adrian Jones
Country Manager UK & Ireland, Gatewatcher

François Normand
Cyber Threat Intelligence Manager, Gatewatcher

Andy Lalaguna
Senior Solutions Architect, eSentire

Tom McVey
Solutions Architect, Menlo Security

Ashley “AJ” Nurcombe
Senior Cyber Security Consultant - UK&I, Corelight

Rob Lay
Leader, Systems Engineering, Cisco

Michael Bourton
Senior Security Solutions Engineer EMEA & APAC, VMRay

Chris Martin
Senior Director, EMEA, Abnormal Security

David Lomax
Systems Engineer, Abnormal Security

Kevin Tongs
Account Executive, Silobreaker

Alistair Mills
Director, Sales Engineering, Northern Europe, Proofpoint

Gareth Owenson
Chief Technology Officer and Co-Founder, Searchlight

Aaron Mulgrew
Solutions Architect, Forcepoint

Chris Neely
Director of Sales Engineering, Noetic Cyber

Khalid Khan
Cybersecurity Strategist, Forcepoint

Grant Revan
Head of Strategic Engagement, Red Sift

Jorge Montiel
Head of Sales Engineering - EMEA, Red Sift

Haydn Brooks
CEO, Risk Ledger

Ben Johnson
CTO and co-founder, Obsidian security

Richard Ford
Chief Technology Officer, Integrity 360

Matthew Brady
Sales Engineering Manager, Synopsys

Michael White
Principal Architect, Synopsys

Lewis Shields
Principal Intelligence Analyst, ZeroFox

Scott Chenery
Regional Manager, Kiteworks

Ben Readings
Field Solutions Engineer, Kiteworks

PJ Norris
Senior Security Engineer, SentinelOne

Jonathan Lee
Sr. Product Manager, Menlo Security

2023 Sponsors

STRATEGIC SPONSOR:
• Abnormal
• BeyondTrust
• Corelight
• CrowdStrike
• Forcepoint
• Gatewatcher
• Integrity360
• Menlo Security
• Mimecast
• Proofpoint
• Red Sift
• SentinelOne
• Synopsys
• Transmit Security

EDUCATION SEMINAR SPONSORS:
• Cisco
• eSentire
• Hoxhunt
• Intel 471
• Kiteworks
• Noetic
• Obsidian
• Ontinue
• Open Systems
• Risk Ledger
• Searchlight Cyber
• Silobreaker
• VMRay
• ZeroFox

NETWORKING SPONSORS:
• iZOOlogic
• Perception Point
• UltraRed

BRANDING SPONSORS:
• Agnostic Intelligence
• BSS
• JT