Atlanta 2020

As enterprises have become increasingly reliant on technology for every aspect of operations, technical executives like CIOs and CISOs have found themselves in a completely new operations center: the boardroom. This shift is more recent for CISOs, who increasingly must demonstrate security and compliance at a board level. This move can present a significant challenge. Board members are often not well-versed in technology or security best practices, let alone jargon. At the same time, CISOs (and CIOs) often lack the business experience to speak in terms that the board can understand, defaulting to technical discussions that the board can’t parse.

This breakdown in communication can have a cascade effect. The board might fail to fully understand the security risks posed by a certain initiative. Or, with the growing number of costly and embarrassing security breaches, they might overemphasize caution and risk mitigation at the expense of implementing important technical advancements.

In this session, attendees will learn strategies for discussing security and technology priorities at the board level.

1. Getting alignment: The board isn’t going to understand the technical nuances of why certain security measures will impact DevOps cycles or application rollouts, but they will understand the trade-off between speed to market and security. Planning in advance how to address these trade-offs at the business level will minimize confusion and ensure a baseline of understanding across all stakeholders.
2. Build a “roadmap to yes”: Everyone has a story “draconian” security requirements preventing them from using a technology. These anecdotes can make it feel like security is diametrically opposed to innovation. CISOs need to come prepared with a roadmap for getting to “yes” and a clear understanding of business requirements and tradeoffs.
3. Focus on Risk and Reward to the Business: One of the most critical success factors for CISOs in a board setting is mapping the priorities of the security team to core business objectives.
4. Lead with Resilience: Help the board to understand that there is no such thing as fool-proof security but that the risks are well understood will manage their expectations about what is possible and what risks actually exist.

In addition to providing board-conversation strategies, attendees will also learn how shifting board composition is changing the dynamics on cybersecurity and technology conversations.

Today, 94% of cyber-threats still originate in the inbox. ‘Impersonation attacks’ are on the rise, as artificial intelligence is increasingly being used to automatically generate spear-phishing emails, or ‘digital fakes’, that expertly mimic the writing style of trusted contacts and colleagues. Humans can no longer distinguish real from fake on their own – businesses are increasingly turning to AI to distinguish friend from foe and fight back with autonomous response. In an era when thousands of documents can be encrypted in minutes, ‘immune system’ technology takes action in seconds – stopping cyber-threats before damage is done. Find out how in this session.

Digital business demands seamless user experiences, interoperability among a diverse set of platforms, and near instant access to the right resources at the right time. To accomplish this, digital initiatives rely on a mature, scalable IAM organization for success. This session will arm you with the knowledge you need to deliver identity solutions that are agile and adaptable enough to support new business initiatives and safeguard against new threats as they arise.

Security teams today are being overwhelmed by the massive amounts of data collected by their various protection tools and in most cases, these security teams do not have the budget to hire external Security Operations Center (SOC) analysts. As such, companies are looking to implement an automated response system by using SOAR (Security Orchestration, Automation and Response) tools in an effort to relieve some of the burden on their already understaffed security teams and increase efficiency.

In a recent survey of more than 1,400 IT security professionals, 79% reported that their organization has existing automation tools and platforms in place (29%) or are planning to implement them within the next six months to three years (50%). However, this is not a simple solution for many companies as the successful implementation of automation requires a well-trained and educated team. In fact, 56% of organizations from this same survey indicated that they don’t currently have the in-house expertise required to effectively use these tools. This presents a problem as the shortage of gap between workforce demands and skilled cyber security professionals in the field is larger than ever and steadily increasing. According to another report, it is projected that by 2021, 3.5 million cyber security jobs will be unfilled; that’s a 350% increase in open positions from 2013 to 2021.

This panel will provide an understanding on SOAR tools, the importance on training your security team to understand and leverage these tools to more rapidly detect and respond to threats, and ways to attract and retain talent.

The collective efforts of attackers have fundamentally changed the cyberdefense game. Today, adversaries are sophisticated, creative and tenacious — launching attacks at unprecedented rates and volumes. Blue Hexagon Chief Strategist Danelle Au will dive into the threat landscape including new attack vectors and how they are delivered. She will present a new approach to detect network threats using deep learning. Deep learning neural networks can learn and intelligently make decisions on malware, even zero days seen for the first time. In this session, hear about why advances are possible today and how organizations worldwide are harnessing deep learning address the modern threat landscape.

Emerging regulations, transformative technologies and a global security-talent shortage is putting extraordinary pressure on security leaders and their teams. It’s hard enough to just keep the “security lights” on,never mind keeping up with – and getting ahead of — all the new security challenges that come with digital transformation. If you can’t do it all, what should you do? This presentation will examine how the ever-expanding role of the CISO is driving the need for better prioritization of available resources, and will help audience-members take a more strategic approach to evaluating alternatives like outsourcing.

According to a recent survey, last year 69% of organizations suffered a data breach caused by an Insider Threat, even with a data loss prevention (DLP) solution in place. While malicious users are a legitimate threat to an organization’s security, another study found that 64% of incidents were a result of human error made by an employee. In fact, 78% of Chief Security Officers confessed that even they have clicked on suspicious links.

These statistics demonstrate that having a DLP solution in place with a centralized IT Security team is not sufficient in protecting company assets. Organizations must also address the human element and provide effective ongoing training and education to all employees within the organization.

This panel will discuss the importance of understanding and detecting the various types of Insider Threats that put your organization at risk, as well as provide insight on how to prepare a prevention and defense strategy against an insider breach.

Using public clouds for enterprise datacenters has become mainstream and hybrid multi-cloud is the new norm. The advantages of public cloud are significant and the gained agility undisputable. However, securing cloud environments is different from securing traditional data centers and endpoints. One misconfiguration can put your entire organization at risk…or worse. According to Gartner, “Through 2022, at least 95% of cloud security failures will be the customer’s fault.”

The dynamic nature of the cloud requires continuous assessment and automation to avoid misconfigurations, compromises and breaches. It is also difficult to maintain complete visibility of cloud assets across rapidly changing environments, limiting your ability to enforce security standards at scale. On top of these challenges, cloud governance is critical for maintaining corporate and regulatory compliance and security policies as they evolve.

This session will investigate those challenges, and present “6-Steps to Cloud Compliance Automation” that can be used to develop your Cloud Security Posture Management framework, and highlight a Check Point customer who has successfully implemented a more secure and compliant hybrid cloud infrastructure.

On October 10, 2019, the California Attorney General published regulations for implementing the California Consumer Privacy Act of 2018.  While the 24 pages of regulations have provided clarity in several areas, this is very much a work in progress.  Just some of the information security areas addressed include verifying consumer requests, transmitting consumer data securely, and use of self-service portals.  In this interactive presentation, a data protection industry veteran will offer perspective on the regulations and what they mean for your information security program.  Takeaways include:

• Insight into the Section 150 information security requirements
• Resolving conflicts between the Act and the regulations
• What must be completed by July 1, 2020

Most breaches are caused by exploiting oversights in basic cybersecurity hygiene. But complex networks often make basic cybersecurity hygiene very challenging. This session will review the challenges we face and explore some solutions. We’ll cover techniques to help you get control over your cybersecurity fundamentals so you can protect your organization from the inevitable attack vectors and reduce your cyber risk.