New York

Derived from the past, present and future, learn about the best practices around Securing Access with Zero Trust. While many organizations have begun their journey to zero trust, the elements and opportunities are changing. In this session, we’ll review where zero trust is today, where it is going tomorrow, and how to plan for the zero trust of the future.

Over the past several years, we have seen a tremendous increase in the number of cybersecurity and privacy rules and regulations. During this discussion, Mr. Sweeney will discuss those changes, the approaches that organizations are taking to address these new requirements, and the close relationship between cybersecurity and privacy.

“Pay Up, or Else”. The number of organizations who have been faced with this scenario has been steadily increasing over the past several years as ransomware attacks continue to rise — both in numbers and the size of payouts.

The clear and present danger of a ransomware attack looms large among cyber executives and business leaders as the number of vulnerabilities increases daily. According to a 2022 CRA Business Intelligence survey, nearly one in four respondents reported that their organization experienced one or more ransomware attacks in the past 12 months, and almost one out of three of these organizations said the attacker succeeded in gaining access to their systems, encrypting files, and demanding a ransom

According to this survey, many believe that the worst is yet to come and that they are at a significantly higher risk of a cyberattack than ever before – it’s not a matter of “if,” but “when.”

Preparing for the inevitable and defending against the threat of a ransomware attack requires constant evaluation and assessment, and then making the necessary adjustments.

On this panel, our lineup of industry experts will discuss the key security measures enterprises must take, going beyond backup and recovery and anti-malware/anti-virus solutions to include endpoint security, vulnerability management, Active Directory monitoring, credential protection, DNS security tools, SIEM, DLP and encryption, and cloud security software.

Across large organizations today, financial fraud is an important use case. As the world continues to move online and shop online, fraud teams are seeing upticks in suspicious transactions that need to be investigated. When it comes to fraud prevention, falling behind is not an option and failing to analyze these transactions can lead financial institutions into taking on additional risks. In this panel discussion with fraud prevention vendor: Kount Inc and Swimlane we will be discussing:

Use of the cloud is continuously growing, not surprisingly so due to its perceived lower costs, greater agility, and ability to increase computing power with increased demand & continuously deploy new applications and software features.

Despite the appeal of cloud, there are many security risks and vulnerabilities and managing these risks has proven to be a big challenge as cyber criminals shift their tactics to cloud data and systems in responses to this increased use of the cloud. According to a CRA Business Intelligence’s September 2022 Cloud Security Survey, misconfigurations, lack of oversight, and little visibility across the organization are among their chief concerns regarding cloud deployments.

If organizations are going to successfully adopt/transition to the cloud, they must ensure security is part of their program. An effective cloud security program includes various process and technology capabilities to effectively keep up with the current threat landscape and vulnerabilities.

Software as a Service (SaaS) applications bring the promise of business agility and enablement. But like any technology that provides significant benefit, there are often security implementations that become overlooked. As your business grows and scales, so does the risk imposed at the identity layer across the SaaS estate. In this session, we will highlight the identity problem in SaaS; from human identities (internal employees, external vendors, third party contractors, partners, etc.) to machine identities (application-to-application connectivity, 3rd party OAuth applications, etc.). Attend this session to better understand the risks imposed on every identity within the SaaS estate, and pragmatic approaches to improve your posture.

During the past 10 years I’ve participated in many security incidents, received confidential readouts of other company incidents, collaborated with top well-known incident response firms as well as government agencies. It’s with these experiences and learnings I’ve applied an overlay of Zero Trust to the problem. Having also delivered Zero Trust strategies at two globally-recognized enterprises we can speak to the reality of the problem and solution.

In 2022 I presented how my Enterprise Security teams delivered Zero Trust at Adobe and Cisco. So, let’s talk about why we prioritized the initiative; a forward thinking strategy that really defended against the attacks we were seeing. During this session we’ll discuss some high-profile security incidents from the past year, reviewing the themes, kill chain, and how or where a Zero Trust strategy might help prevent the attack, slow them down, or reduce risk.

As an example, many high profile hacks all started similarly. Related to an employee or contractor credential theft (or purchase) and an MFA fatigue or bypass. These are NOT highly sophisticated attacks and there are strategies that can save your bacon.

We all have been talking about “cloud” for a number of years. We migrated to the cloud and working in and with multi-cloud environments. However, security teams in many organizations have a hard time keeping up. Cloud environments and technologies are fundamentally different than traditional on-prem environments, with different challenges, new risks (as well as opportunities), threats and tools unique to the cloud. Trying to move security teams to consider the cloud environment NOT as an extension or as an evolution of the on-prem environment is not easy and many fail trying to adopt similar methodologies and techniques embedding security into the cloud as they did on prem. In this session we will talk about why and where it is so different, focusing on how organizations and security teams should act differently when addressing security concerns in the cloud.

Despite having distinct differences, data privacy and compliance are deeply intertwined with cyber security. As focus on data privacy and compliance increases, business leaders can expect to see vast changes related to how consumer data is managed, shared, and secured. Policy & laws on data privacy and compliance continue to expand and become increasingly stringent, so it is important for companies and their respective business leaders to consider these areas as they develop & evaluate their cyber security strategies. For instance, last year the SEC proposed amendments to its rules on cyber security, risk management, strategy, governance, and incident disclosure by public companies.

At a more granular level, there are various initiatives to protect specific consumer data and ensure enterprises are compliant in doing so – particularly health data and children’s personal information. The American Data Privacy and Protection Act (ADPPA) if passed could greatly impact health data beyond the scope of HIPAA by establishing a national framework to protect & preserve the privacy of consumer data collected by entities not covered by HIPAA. In an American Medical Association survey, about 75% of surveyed patients expressed concern and confusion related to the privacy of their health data and how it is handled. The ADPPA could help clear up some of this confusion by establishing clear expectations. Another critical area is the collection of personal information of children. The Children’s Online Privacy Protection Act (COPPA) helps put parents in control of how their children’s data is handled and ensures that all entities in possession of this data sustain its confidentiality, security, and integrity.

Maintaining strong data privacy and compliance practices is imperative in preventing sensitive personal data from becoming compromised. This information is extremely valuable to cyber criminals, who seek to utilize compromised data to steal others’ identities or resell such PII.

This panel will look at the latest data privacy policies and implications for what this means for business leaders in the future. Our lineup of experts will lend their insights and offer best practices relating to privacy, compliance, and identity protection.

Applications are now the #1 attack vector. Open source software now comprises over 70% of most applications. Supply chain attacks increased 650% from 2020 to 2021. Clearly, if you don’t already have an effective open source security program, you need to get one. Attend this session to learn how to build an effective, state-of-the-art open source security program — that you have confidence in. The speaker will discuss tool selection, security automation, and processes you need to put into place to reduce your attack surface, block malicious open source packages, and respond quickly and with ease to the next Log4j-style announcement.