Tue Mar 30 CEST (7 months ago)
In your timezone (EDT): Mon Mar 29 11:00pm - Tue Mar 30 11:00am
10th e-Crime & Cybersecurity France
Securing the supply chain: the world after SolarWinds
After almost a year of on-off COVID-lockdowns, CISOs could be excused for struggling with the challenge of maintaining security in a fluid, hybrid work environment. Simply keeping on top of the basics, like ransomware, is a full-time job. Just ask French IT services giant Sopra Steria. It just announced that a Ryuk ransomware attack has cost it between €40 million and €50 million.
But in addition to that, they are also scrambling to protect the ever-expanding attack surface that is being created by accelerated digitalization. Companies have no choice but to embrace e-channels across their businesses, and their customers and suppliers are doing the same. Securing these websites, apps, payment channels and customer interfaces is non-trivial and may require a rethink of security and development environments.
The IoT is also becoming a significant blip on CISOs radars. More accurately thought of as a vast ecosystem of sensors, the IoT generates huge volumes of sensitive data from devices mostly not built with security in mind. Just tracking which devices are on your network is complicated. And if we return to office working, the smart buildings in which we work are full of potential security flaws.
Data privacy of course, IoT related and not, is critical. While many CISOs still believe privacy beyond their security remit, this distinction will become unsustainable. French firm Predicio recently found itself in the spotlight over its role in the secretive world of the collection and selling of mobile location and other personal data, a market that raises many questions about how companies protect personal data and how they define authorised and unauthorised data usage. Schrems II is just the beginning.
On top of all that, CISOs now have to grapple with the implications of SolarWinds. Third-party security was already one of the most difficult challenges CISOs faced. But Solar Winds shows that your own security vendors can be your weakest link. It shows that state-actors may be your biggest risk. And it shows that third-parties remain the most dangerous vector for committed cybercriminals.
So, what can CISOs do about third-parties when digitalization, the IoT and remote work already stretch teams to the limit? How can security teams scale to the threatscape, without demanding an unsustainable level of resources? And what are today’s security priorities?
RSSI France & Responsable des SI Industriels Eau, Suez
Head of SOC, ENGIE
RSSI, Assistance Publique – Hôpitaux de Marseille
Digital & Cybersecurity Lawyer, DLGA
CISO EMEA, Schneider Electric
VP Cybersecurity, Alstom
Partner, Privacy, Data Protection, Cyber, Bird & Bird LLP
Group Information Security Officer, Allianz Partners
Sales Engineer - South EMEA, Recorded Future
CTO EMEA, FireEye
Solutions Engineer, BeyondTrust
Regional Sales Director, Southern Region, Bitglass
Solutions Engineer, Bitglass
Security Systems Engineer, Keysight Technologies
Security Advocate, SentinelOne
Regional Sales Director, BitSight
Country Manager & Technical Director – France, Cybersel
Dr Stephen Topliss
VP Marketing Planning, Global Fraud & Identity, LexisNexis Risk Solutions
Director Solutions Consulting, Southern Europe, LexisNexis Risk Solutions
Sales Engineering Manager France, Zscaler
Cybersecurity Account Manager, Darktrace
International Marketing | Data Management - ManageEngine
Regional Director SEMEA Corelight
Sales Engineer SEMEA, Corelight
Country Lead, France, CybelAngel
• Beyond Trust
• Lexis Nexis Risk Solutions
• Recorded Future
• Sentinel One
• Bit Sight
• KeySight Technologies