New York

Generative AI is proving to increase productivity and augment humans in new ways. To seize these opportunities, organizations must be aware of and manage its risks. That includes understanding how generative AI has changed the threat landscape and the security concerns that come with it. In this session, learn about the different AI approaches within the cyber security domain, discuss the benefits and limitations, and how to mitigate some of the risks. Also, learn how applying Self-Learning AI across your organization’s digital environment will help your security team prevent, detect, respond, and heal from incidents, including those augmented by generative AI.

As we near the end of the year, join Cris Thomas, X-Force Global Lead of Policy and Special Initiatives, as he delivers the Cyber State of the Union, where he will discuss this year’s most prominent threats, who they’ve targeted, how much it’s costing various industries and geographies, and what we can expect from emerging threats on the horizon.

Despite having distinct differences, data privacy and compliance are deeply intertwined with cyber security. As focus on data privacy and compliance increases, business leaders can expect to see vast changes related to how consumer data is managed, shared, and secured. Policy & laws on data privacy and compliance continue to expand and become increasingly stringent, so it is important for companies and their respective business leaders to consider these areas as they develop & evaluate their cyber security strategies. For instance, last year the SEC proposed amendments to its rules on cyber security, risk management, strategy, governance, and incident disclosure by public companies.

At a more granular level, there are various initiatives to protect specific consumer data and ensure enterprises are compliant in doing so – particularly health data and children’s personal information. The American Data Privacy and Protection Act (ADPPA) if passed could greatly impact health data beyond the scope of HIPAA by establishing a national framework to protect & preserve the privacy of consumer data collected by entities not covered by HIPAA. In an American Medical Association survey, about 75% of surveyed patients expressed concern and confusion related to the privacy of their health data and how it is handled. The ADPPA could help clear up some of this confusion by establishing clear expectations. Another critical area is the collection of personal information of children. The Children’s Online Privacy Protection Act (COPPA) helps put parents in control of how their children’s data is handled and ensures that all entities in possession of this data sustain its confidentiality, security, and integrity.

Maintaining strong data privacy and compliance practices is imperative in preventing sensitive personal data from becoming compromised. This information is extremely valuable to cyber criminals, who seek to utilize compromised data to steal others’ identities or resell such PII.

This panel will look at the latest data privacy policies and implications for what this means for business leaders in the future. Our lineup of experts will lend their insights and offer best practices relating to privacy, compliance, and identity protection.

Organizations process and store huge volumes of sensitive information. Inadequate controls in IAM processes and technology can lead to breach, involuntary exposure of data, and non-compliance issues.

Join us as we demonstrate a proven Zero-Trust driven assessment, architecture and executable roadmap process that answers the most common questions about CyberSolve implementations: How do we determine what we COULD do vs. what we SHOULD do? What’s this going to cost us? How do we maintain our IAM once it is implemented? What is different when addressing Workforce IAM vs Customer IAM (CIAM)?

Organizations embrace modern-day applications and services to enhance its technical capabilities with the goals of becoming more agile and more efficient. This journey towards modernization is commonly referred to as Digital Transformation and is frequently propelled by broader organizational business objectives. However, as with any beneficial change, there come associated risks and rewards. This presentation will delve into the intersection of Digital Transformation and Security Operations, shedding light on the blind spots and inefficiencies that can emerge. You will also gain insights into various tools and techniques to equip your security team for effectively countering well-prepared threat actors.

“Pay Up, or Else”. The number of organizations who have been faced with this scenario has been steadily increasing over the past several years as ransomware attacks continue to rise — both in numbers and the size of payouts.

The clear and present danger of a ransomware attack looms large among cyber executives and business leaders as the number of vulnerabilities increases daily. According to a 2022 CRA Business Intelligence survey, nearly one in four respondents reported that their organization experienced one or more ransomware attacks in the past 12 months, and almost one out of three of these organizations said the attacker succeeded in gaining access to their systems, encrypting files, and demanding a ransom

According to this survey, many believe that the worst is yet to come and that they are at a significantly higher risk of a cyberattack than ever before – it’s not a matter of “if,” but “when.”

Preparing for the inevitable and defending against the threat of a ransomware attack requires constant evaluation and assessment, and then making the necessary adjustments.

On this panel, our lineup of industry experts will discuss the key security measures enterprises must take, going beyond backup and recovery and anti-malware/anti-virus solutions to include endpoint security, vulnerability management, Active Directory monitoring, credential protection, DNS security tools, SIEM, DLP and encryption, and cloud security software.

Organizations are rapidly adopting digital innovation (DI) initiatives to accelerate their businesses, reduce costs, improve efficiency, and provide better customer experiences. Common initiatives involve moving applications and workflows to the cloud, deploying Internet-of-Things (IoT) devices on the corporate network, and expanding the organization’s footprint to new branch locations.

 With this evolving infrastructure also come growing security risks. Organizations must cope with growing attack surfaces, advanced threats, increased infrastructure complexity, and an expanding regulatory landscape. To accomplish their desired outcomes while effectively managing risks and minimizing complexities, organizations should look to adopt a cybersecurity platform-based approach that provides visibility across their environment and a means to manage both security and network operations easily.

 The Fortinet Security Fabric solves these challenges with broad, integrated, and automated solutions that enable security-driven networking, zero-trust network access, dynamic cloud security, and artificial intelligence (AI)-driven security operations. Fortinet offerings are enhanced with an ecosystem of seamless integrated third-party products that minimize the gaps in enterprise security architectures, while maximizing security return on investment (ROI).

In today’s cybersecurity landscape, nothing is constant except change. 2023 has been no exception. During the Top Cyberattack Trends of 2023, we will explore six of the cyber risks that are trending now, with real-life examples.

Join Mike DePalma, Vice President of Business Development at Datto, a Kaseya Company, as he takes a deep dive into this year’s worst attacks and how to mount a defense that keeps businesses out of trouble.

Use of the cloud is continuously growing, not surprisingly so due to its perceived lower costs, greater agility, and ability to increase computing power with increased demand & continuously deploy new applications and software features.

Despite the appeal of cloud, there are many security risks and vulnerabilities and managing these risks has proven to be a big challenge as cyber criminals shift their tactics to cloud data and systems in responses to this increased use of the cloud. According to a CRA Business Intelligence’s September 2022 Cloud Security Survey, misconfigurations, lack of oversight, and little visibility across the organization are among their chief concerns regarding cloud deployments.

If organizations are going to successfully adopt/transition to the cloud, they must ensure security is part of their program. An effective cloud security program includes various process and technology capabilities to effectively keep up with the current threat landscape and vulnerabilities.

In this talk we’ll cover real life examples of how attackers are finding your assets, and how you can stay a step ahead.

• How ransomware gangs are shifting their focus to SMEs as a route into enterprise organizations
• Why organizations only have visibility of 27% of their attack surface
• How cloud providers aren’t supporting their users enough with their in-built security tools

The frequency of cyberattacks targeting businesses is increasing – and will continue to increase. Today, when attackers don’t work alone but rather in enterprises with institutional hierarchies and R&D budgets, it’s important to rethink the use of passwords.

Employees are the weakest link of an organization’s security chain. Even those in industries such as finance, healthcare, and IT, which are typically regarded as secure, have questionable password habits.

Going passwordless might be just the answer to all of the downfalls of passwords. Big tech companies, like Google and Apple, are already endorsing and supporting passkeys, a change that will soon make passwords a thing of the past and provide more online security.

During the past 10 years I’ve participated in many security incidents, received confidential readouts of other company incidents, collaborated with top well-known incident response firms as well as government agencies. It’s with these experiences and learnings I’ve applied an overlay of Zero Trust to the problem. Having also delivered Zero Trust strategies at two globally-recognized enterprises we can speak to the reality of the problem and solution.

In 2022 I presented how my Enterprise Security teams delivered Zero Trust at Adobe and Cisco. So, let’s talk about why we prioritized the initiative; a forward thinking strategy that really defended against the attacks we were seeing. During this session we’ll discuss some high-profile security incidents from the past year, reviewing the themes, kill chain, and how or where a Zero Trust strategy might help prevent the attack, slow them down, or reduce risk.

As an example, many high profile hacks all started similarly. Related to an employee or contractor credential theft (or purchase) and an MFA fatigue or bypass. These are NOT highly sophisticated attacks and there are strategies that can save your bacon.