Agenda

08:55 – 09:00: Chairman’s welcome

09:00 – 09:30: Keynote – Why it is better for security to release fast

Jason Maude, Chief Technology Evangelist, Starling Bank

The accepted wisdom is that there is a balance to be struck between speed of delivery and having a secure and reliable system, but is this actually true? In this opening keynote, Jason Maude, chief technology evangelist at Starling Bank will explore what security approaches the challenger bank is taking as it rolls out new features and services, as well as the best principles and practices to adopt in order to ensure FS companies can achieve speed and seamlessness without compromising cyber security. A Q&A session following the presentation will also take a closer look at DevSecOps approaches, changing customer attitudes to authentication and how best to tackle the cyber security skills shortage.

09:30 – 10:00: How can your organization become Ransomware Ready?

Shakel Ahmed, Sales Engineer, Pentera

Ransomware attacks have rapidly increased in frequency and severity. What was initially considered a nuisance has been adopted by sophisticated attackers in complex, multi-phased attacks. The total cost of ransomware attacks can climb into the millions of dollars. In this presentation, Shake Ahmed, Sales Engineer at Pentera, will explain how the company was the first to create an Automated Security Validation platform and the first active ransomware emulation framework, applying ransomware tactics and techniques, onto an organization’s framework, allowing the company to validate readiness against a ransomware attack at any given moment.

10:00 – 10:30: The Challenges of Trusted Access in a Cloud-First World

Chris Martin, EMEA Solutions Architect for Access Management and Authentication, Thales

Just 31 per cent of organisations have embraced a Zero Trust strategy following the pandemic, and and 83 per cent are concerned about the security threats associated with managing a remote workforce, according to the 2021 Thales Access Management Index (AMI). In this presentation, Martin will explore key challenges highlighted by the report and how adopting Multi-Factor Authentication (MFA) is a good foundation for mitigating these security risks. He will also explore the world of Shared Security (also known as shared responsibility) which is a cloud security management model that describes the distribution of enterprise data security management and accountability between a company and its cloud service providers.

10:30 – 11:00: Panel session: The adversary within: How are FSIs managing insider threat and data privacy risk?

While cyber defence tends to focus on malicious actors and preventing data breach, insider fraud remains a constant threat for financial services institutions (FSIs), with many unable to fully guard against the actions of opportunistic or disgruntled employees - especially in the era of hybrid working. Alongside this threat, the data privacy risk landscape is becoming more complex, with employees working on a range of personal devices and locations, and consumer concern over the security of their data on the rise, making who has access to data and how those individuals are using it a critical priority for FSIs. To combat this dual data security challenge, FSIs must focus on raising awareness of data privacy risk and foster an ongoing culture of accountability with employee engagement at the front line of defence. This panel session with expert speakers will cover key challenges for FSIs in building a culture of data security throughout the organisation.

Panellists:

● Lior Arbel, Chief Technology Officer (CTO), Performanta

● Arun Banerjee, Cyber Risk Consultant with Zurich Resilience Solutions, Zurich Insurance

● Professor Ganna Pogrebna, Behavioural Data Scientist, The Alan Turing Institute

● Dave Harvey, Head of Cybersecurity, UK, at FTI Consulting

11:00 – 11:15: Coffee break

11:15 – 11:45: Banking on Self-Learning AI: Neutralizing Threats Before Cyber-Attackers Strike Gold

Mariana Pereira, Director of Email Security Products, EMEA, Darktrace

Today, digital financial data drives global businesses and economies. With greater rewards, cyber-attackers continue to target finance industry institutions with full force - and increasingly advanced attack capabilities.

This session with Mariana Pereira, Darktrace’s Director of Email Security Products, will explore the challenges that financial institutions face including insider threat, supply chain attacks, IP theft, and regulatory compliance. There will also be special focus on the importance of AI-powered cyber defense in fighting back against the next generation of stealthier, more powerful cyber-attacks. The session will also cover how advanced cyber defense technology protects the entire digital estate in high-risk environments; how self-learning AI thwarted a spoofed Chase Fraud alert aimed at gathering information for fraudulent transactions, and; how attackers are set to supercharge social engineering techniques with offensive AI.

11:45 – 12:15: The Evolution of Insider Threat Risks (and how to respond)

Andrew Rose, Resident CISO, Proofpoint

As the way of working has evolved, so, too, have insider threats. It’s no longer just about the risks associated with an angry or careless employee; there are now three distinct insider threat profiles. Financial Services firms need to rethink their approach to existing detection and response strategies to mitigate the risks associated with evolving insider threats. In this session, Andrew Rose, Proofpoint’s Resident CISO, will give an overview of insider threats and the role of greater visibility in data movement to mitigate these incidents. The session will cover how to recognize and mitigate the risks associated with the three primary insider threat profiles, as well as practical tips and tricks to create a new detection and response strategy to mitigate insider threat risk.

12:15 – 12:45: The ultimate guide: Reduce risk with your software security initiative

Adam Brown, Managing Consultant, Synopsys

The Building Software in Maturity Model (BSIMM) can help you measure and understand current levels of success, weakness, and maturity of your organizations’ software security program. BSIMM allows CISOs and other security executives to compare data against their industry peers and pinpoint specific areas of need in their own AppSec programs.

The most recent version of the BSIMM describes the work of 2,873 software security group members working to secure the software developed by 398,544 developers.

Join our session to discover what activities are essential for building a successful SSI and what steps can be taken to drive a successful security program.

12:45 – 13:10: Lunch Break

13:10 – 13:40: Securing Storage & Backup; The Final Frontier

Doron Pinhas, CTO, Continuity Software and John Meakin, Former CISO, Royal Bank of Scotland, Standard Chartered, and Deutsche Bank

While a lot of CISOs effort is directed towards prevention and detection – not enough attention is paid to securing storage and backup environments. This is a glaring blind-spot since the working assumption should be that some attacks will succeed. When that happens, storage and backups are the last line of defense. But are they secure enough? This session with Continuity Software will cover new ransomware trends & the evolving data threat landscape, bust the myths of storage and backup protection and look at a roadmap for successful rollout.

13:40 – 14:10: Man vs machine: Can attack simulation provide the same security posture as penetration testing?

Cyber security teams have long relied on penetration testing to safeguard systems and pre-empt the worst possible cyber attack scenarios. But as the cyber criminals rapidly switch their tactics and automate their activities, financial services organisations are at risk of losing sight of their adversaries, with many unaware of how operationally effective their security technologies are against the latest attack strategy. As a result, organisations are exploring the potential of automated penetration testing and attack simulation technology, which runs an open framework to simulate red and purple teaming across an organisation. But how effective can these technologies get, and can a machine ever be smart enough to pre-empt the cyber criminal’s next move, or will there always be a role for human-led pen testers? This expert panel will debate the future of penetration testing and assess how advanced FSIs are in automating their cyber defences.

Panellists:

● Sam Murdoch, Vice President, EMEA, Cymulate

● Andrew Pannell, Head of Cyber Security, Bottlepay

14:10 – 14:40: Does a career in credential theft have a future?

Josh Green, Technical Marketing Engineer, Duo Security (A Cisco company)

The vast majority of cyber security attacks still either begin with, or involve credential theft, with criminals taking advantage of the abundance of passwords and login details available on dark web sites and the rising rate of data breach. In this session, Josh Green, Technical Marketing Engineer at Duo Security will explore the potential of passwordless authentication towards freedom from credential-related cyber crime. His talk will review the current risk landscape and ask what financial services providers can do to protect their customers from credential theft now and in the future.

14:40 – 15:10: Panel session: Hackers in plain sight: How are FSIs cracking down on hackers, ransomware and supply chain risk?

In the past year financial services customers have shifted rapidly onto digital channels, with hackers only too happy to join them there to launch increasingly sophisticated phishing, fraud and ransomware attacks from behind the anonymity of a screen. As a result, FSIs are under pressure to stay one step ahead of cyber criminals while CISOs are building strategies to ensure data is safe and backed up in the event of a ransomware incident. Meanwhile, it’s not just large institutions that are being targeted; a spate of high profile supply chain attacks have shown the devastating impact of hackers honing in on third party suppliers in an attempt to steal valuable data and infiltrate systems. This panel session with cyber security experts will take a look at the new techniques hackers are using to exploit vulnerabilities, the role that AI and threat detection monitoring can play in detecting threats, and some of the best strategies for protecting systems, data and customers in the event of a breach.

Panellists:

● Catherine Aleppo, Head of Cyber, Aston Lark

● Ed Fretwell, Head of Application Architecture with Moneybox

● Bob Rudis, Chief Data Scientist, Rapid 7

● Oge Udensi, Cyber Security Resilience Lead, UK Finance

15:10 – 15:40: Not All Risks are Equal - Why Context Matters in Cloud Security

Andy Condliffe, Security Engineer, Orca Security

The promise of adding new security tools and capabilities to security operations efforts is more intelligence to make better, more well informed decisions with, but do they deliver on that promise? If a Security Operations Center (SOC) team receives hundreds of “high priority” alerts every day should they even trust the risk score that is being used? In this session we discuss our best strategies in the fight against alert fatigue and how to rebuild trust in security intelligence.

15:40 – 16:10: Keynote session: Cybersecurity as an enabler of innovation
Saj Huq, Director of Innovation, Plexal

The closing keynote session of the day, will hear from Saj Huq, Director of Innovation at Plexal, the innovation centre that delivers cyber programmes in partnership with key government agencies including NCSC for startups, Cyber Runway and LORCA. Saj will speak about key innovation trends taking place in cyber security, including: the intersection of emerging technologies and cyber (such as AI and cyber); challenges and opportunities around innovating within horizontal tech domains such as cyber; the value of public-private cooperation in cyber and why the future of the industry lies in information sharing, collaboration around common problems. In a live Q&A session, he will also cover early-stage commercialisation challenges in cyber such as access to suitable amounts of funding, customer needs, the need for cyber solutions to be relatively mature before going to market and also provide key insights into the need for 'security by design' informed by the NCSC’s tech assurance strategy.

16:10 - 16:20: Chair's roundup and end of conference.