AKJ E-Crime & Cybersecurity 2024 - Spain | AKJ Associates Ltd | 23 October 2024 | Hotel NH Collection Madrid Eurobuilding, C. del Padre Damián, 23, Chamartín, 28036 Madrid, Spain

Building real protections in cyberspace
Much of the hype around cybersecurity today focuses on AI and the implications for both attackers and defenders. Yes, AI lowers the barriers of entry for attackers and saves them money and time in crafting attacks and then ‘processing’ the defenders’ responses. Mostly though that is a volume problem: there will be more attacks, just as it happened with the digital industrialisation of fraud.

And yes – AI can create new attack types, such as deepfakes, which are more than just a volume problem.

But the biggest change in cybersecurity is actually the regulatory response that is emerging. In the US, this has come via the SEC, which sees cybersecurity as a material issue for stakeholders and so seeks to drive standards via investor protection.

The EU has taken a more comprehensive and sensible approach which is essentially to acknowledge that cyberspace is a real entity in which citizens, businesses and the state operate, just as they do in the physical world, and so it needs the same protections as that physical world.

This means we need lawmakers, regulators and law enforcement to create the kind of frameworks we take for granted in the physical world.

DORA, NIS2, the Cybersecurity Act, the Cyber Resilience Act and, coming later, the EU AI Act, are world-leading attempts to put cybersecurity onto a modern footing commensurate with the threat it poses to economies, infrastructure and political stability.

This is a huge change for cybersecurity professionals. It means, for sure, that senior management will be forced to budget for compliance with these new regulations. But will that actually improve security? Will it suck resources into tick-box compliance functions? Will it focus more on resilience (what happens after a breach) than on security, because the assumption is that breach is inevitable? And since regulations are necessarily out of date as soon as they are published, will they skew security towards ensuring previous threat types are protected against rather than looking forward at preventing the unexpected?

All of this will require new approaches and new skillsets from CISOs. They need to understand regulations and how to mould their security efforts to them. They need to develop or work with compliance monitoring.

They need to be able to work with the business to explain the costs and benefits of regulatory compliance. And they need to be able to adhere to fixed external standards, where before perhaps they felt able to operate autonomously.

2024 Speakers

Félix Antonio Barrio Juárez
General Director, INCIBE

Ramon De La Iglesia Vidal
Global Head of GRC, Santander Consumer Finance

Francisco García Lázaro
Corporate Information Security Sr. Director, Palladium Hotel Group

Ivan Sanchez López
Group CISO, RSI Group

Alberto López
CISO & CIO, Solaria Energía y Medio Ambiente

Laura Parra
Global CISO, Cellnex Telecom

Jesús Alonso Murillo
Group CISO, Línea Directa

Jesús Mérida Sanabria
CISO, Iberia

Marina Nogales
Director of Threat Intelligence, Unilever

Eduardo Gonzalez
Global Advanced Cybersecurity Director, Banco Sabadell

Javier Sánchez Salas
CISO, ENGIE España

Alfonso Hermosillo
Senior Solutions Engineer, SpyCloud

2024 Sponsors

STRATEGIC SPONSORS:
• Akamai
• Integrity360
• SentinelOne
• ThreatLocker

EDUCATION SEMINAR SPONSORS:
• Sepp MAil
• SpyCloud