Miami

Cyber-attacks cost $8.44 trillion in 2022, an unmistakable signal that it’s time for the industry to rethink its approach to cyber security. The widely adopted approach of maintaining knowledge bases of known attacks is simply not enough. To protect the enterprise today and tomorrow, defenders need real-time AI that learns the business better than any cybercriminal ever can. In this session, learn how Darktrace are delivering a Cyber AI Loop, a system of interconnected AI engines that continuously learn and optimize the security profile to prevent, detect and respond to attacks, while enabling the human to achieve ‘cyber confidence’ at the heart of security operations.

Legacy SOAR (Security Orchestration, Automation and Response) technology promised to revolutionize the practice of security operations. Unfortunately, the first generation of these platforms have gained a reputation for rigid playbooks that require extensive development resources, poor case management features, and limited use cases. That’s why Swimlane developed a more modern and extensible approach to security automation.

As we get into 2023, Security teams continue to be faced with critical questions: what is current state of the threat landscape? What are the latest malicious TTP’s and how can we prepare to defend against them?This year’s IBM Security X-Force Threat Intelligence Index (TII) Report presents an uncomfortable truth: cyberattacks are more prevalent, creative and faster than ever. 94% faster to be exact, as threat actors exponentially increase the time it takes to deploy ransomware from months to less than 4 days. The ransomware economy continues to add pressure with deployment of backdoors and ransomware attacks listed as the top 2 actions on objective from hackers, and attacks using extortion saw a sharp increase to more than a quarter of incidents observed.Join IBM Security to hear the latest insights from the newly released 2023 TII Report, surfacing findings from thousands of real-life incident response engagements, top attack types and pathways to compromise, and recommendations to implement to strengthen your security posture. Discuss concrete actions that CISOs can take with their teams to proactively address the threats shown and shift from reactive to proactive threat management.

“Pay Up, or Else”. The number of organizations who have been faced with this scenario has been steadily increasing over the past several years as ransomware attacks continue to rise — both in numbers and the size of payouts.

The clear and present danger of a ransomware attack looms large among cyber executives and business leaders as the number of vulnerabilities increases daily. According to a 2022 CRA Business Intelligence survey, nearly one in four respondents reported that their organization experienced one or more ransomware attacks in the past 12 months, and almost one out of three of these organizations said the attacker succeeded in gaining access to their systems, encrypting files, and demanding a ransom

According to this survey, many believe that the worst is yet to come and that they are at a significantly higher risk of a cyberattack than ever before – it’s not a matter of “if,” but “when.”

Preparing for the inevitable and defending against the threat of a ransomware attack requires constant evaluation and assessment, and then making the necessary adjustments.

On this panel, our lineup of industry experts will discuss the key security measures enterprises must take, going beyond backup and recovery and anti-malware/anti-virus solutions to include endpoint security, vulnerability management, Active Directory monitoring, credential protection, DNS security tools, SIEM, DLP and encryption, and cloud security software.

During the past 10 years I’ve participated in many security incidents, received confidential readouts of other company incidents, collaborated with top well-known incident response firms as well as government agencies. It’s with these experiences and learnings I’ve applied an overlay of Zero Trust to the problem. Having also delivered Zero Trust strategies at two globally-recognized enterprises we can speak to the reality of the problem and solution.

In 2022 I presented how my Enterprise Security teams delivered Zero Trust at Adobe and Cisco. So, let’s talk about why we prioritized the initiative; a forward thinking strategy that really defended against the attacks we were seeing. During this session we’ll discuss some high-profile security incidents from the past year, reviewing the themes, kill chain, and how or where a Zero Trust strategy might help prevent the attack, slow them down, or reduce risk.

As an example, many high profile hacks all started similarly. Related to an employee or contractor credential theft (or purchase) and an MFA fatigue or bypass. These are NOT highly sophisticated attacks and there are strategies that can save your bacon.

Hundreds of millions of people work in Chrome every day, and Chrome gives enterprises the controls and protections that keep corporate data safe. When paired with BeyondCorp Enterprise, businesses can secure hybrid and remote workforces and enforce context-aware access controls across managed and unmanaged devices. Google’s approach to secure enterprise browsing protects organizations for internal and external threats. By applying data loss prevention, extension controls, phishing and malware protections and more right within the browser, and giving security teams the reporting and visibility they need, Google is raising the bar on browser security.

Use of the cloud is continuously growing, not surprisingly so due to its perceived lower costs, greater agility, and ability to increase computing power with increased demand & continuously deploy new applications and software features.

Despite the appeal of cloud, there are many security risks and vulnerabilities and managing these risks has proven to be a big challenge as cyber criminals shift their tactics to cloud data and systems in responses to this increased use of the cloud. According to a CRA Business Intelligence’s September 2022 Cloud Security Survey, misconfigurations, lack of oversight, and little visibility across the organization are among their chief concerns regarding cloud deployments.

If organizations are going to successfully adopt/transition to the cloud, they must ensure security is part of their program. An effective cloud security program includes various process and technology capabilities to effectively keep up with the current threat landscape and vulnerabilities.

Few environments are as fast-changing and rapidly evolving as cloud computing. In a matter of just a few years, growth has exploded, and the cloud’s capabilities continue multiplying. Along with the growth in the cloud is a near equivalent growth in attacks on cloud networks. According to Check Point researchers, attacks on cloud-based networks increased by 48 percent in 2022 compared to 2021. In fact, Gartner says 95% of cybersecurity professionals are concerned about public cloud security. Making matters worse, also according to Gartner, there is a 52% cloud computing skills gap with today’s cybersecurity professional needs and overall, there is a 2.72M shortage of cybersecurity professionals. All of these facts lead to a significant need for a smart, powerful, comprehensive, and complete security platform to manage and secure today’s multi-cloud, cloud-native deployments. Enter CNAPP – Cloud Native Application Protection Platform. In this session, we’ll discuss what CNAPP is, why it’s needed, and several available resources where you can learn more.

Despite having distinct differences, data privacy and compliance are deeply intertwined with cyber security. As focus on data privacy and compliance increases, business leaders can expect to see vast changes related to how consumer data is managed, shared, and secured. Policy & laws on data privacy and compliance continue to expand and become increasingly stringent, so it is important for companies and their respective business leaders to consider these areas as they develop & evaluate their cyber security strategies. For instance, last year the SEC proposed amendments to its rules on cyber security, risk management, strategy, governance, and incident disclosure by public companies.

At a more granular level, there are various initiatives to protect specific consumer data and ensure enterprises are compliant in doing so – particularly health data and children’s personal information. The American Data Privacy and Protection Act (ADPPA) if passed could greatly impact health data beyond the scope of HIPAA by establishing a national framework to protect & preserve the privacy of consumer data collected by entities not covered by HIPAA. In an American Medical Association survey, about 75% of surveyed patients expressed concern and confusion related to the privacy of their health data and how it is handled. The ADPPA could help clear up some of this confusion by establishing clear expectations. Another critical area is the collection of personal information of children. The Children’s Online Privacy Protection Act (COPPA) helps put parents in control of how their children’s data is handled and ensures that all entities in possession of this data sustain its confidentiality, security, and integrity.

Maintaining strong data privacy and compliance practices is imperative in preventing sensitive personal data from becoming compromised. This information is extremely valuable to cyber criminals, who seek to utilize compromised data to steal others’ identities or resell such PII.

This panel will look at the latest data privacy policies and implications for what this means for business leaders in the future. Our lineup of experts will lend their insights and offer best practices relating to privacy, compliance, and identity protection.

In this session, Moti Shkolnik, Firedome’s CEO will share insight into the most commonly overlooked entry point to supply chain and insider threat attacks. Based on a unique background as an attacker in the field for 15 years, the session will address attacker tactics and explore the need and the means of securing IoT enterprise devices to prevent organizational attacks.