St. Louis

With the potential ability to shut down an entire organization and prevent it from executing its mission, ransomware is still the leading threat; in 2021 it represented 21% of all attack types according to the latest X-Force Threat Intelligence Index report. These attacks not only test almost every aspect of technical defenses, but also on a broader level, an organization’s ability to maintain minimum viable functionality and delivery of services, while responding.

On the plus side however, from hundreds of client engagements, IBM has not only mapped out each of the attack stages and how they can be disrupted, but also how to initiate a CISO driven, cultural shift, towards an organizational wide resiliency strategy, suitable for this particular threat, as well as many others.

Join us to hear what we have learned and where best to augment your defenses against these attacks.

Your security team manages risks that affect business units and functions across your entire organization. Security is threaded through every aspect of your business, and your decisions have never mattered more. On a regular basis, you make decisions that affect day-to-day operations, data and system security, executive-level strategy and quite possibly, the future success of your organization. Security leaders straddle the lines of executive, strategic, and tactical decision making, and must be experts at navigating all three. We’re wearing many hats, often switching between them from meeting to meeting, and it’s imperative that we can effectively communicate and drive decisions that improve and mature our security efforts to mitigate risk across the board.

This session will explore ways to enhance engagement with technical teams, business units and executives alike, while still maturing your security program to be more efficient and effective at managing and mitigating risk. Concepts and topics covered will include:

• The 3 levels of decision making you must navigate on a daily basis and how they impact communication with the rest of the organization
• Identifying metrics that demonstrate value to executives and mature program operations for optimal effectiveness
• The importance of aligning reporting so all levels of the org are speaking the same risk language
• An example use case from Tenable in how these aligned metrics can demonstrate tangible business value at all levels of the organization

Cloud innovations continue to drive the rapid adoption of cloud services, which offer numerous advantages such as increased flexibility, better scalability, cost savings, higher productivity, and resiliency. However, challenges in migrating to the cloud and protecting the cloud environment cause concern for many organizations. According to research done by Cybersecurity Insiders in partnership with (ISC)², 72% of organizations said they feel either not at all confident (8%), slightly confident (12%), or moderately confident (52%) in their cloud security posture, expressing concerns over data loss & leakage, data privacy, compliance, and unauthorized access. Lack of qualified staff / knowledge and visibility of security platforms continue to be the biggest threats facing cloud security, with misconfigurations accounting for the majority of cloud data breaches.

This panel will highlight the benefits of migrating to the cloud and examine the pros & cons of the various cloud models. Our lineup of Subject Matter Experts will discuss the risks facing security teams as they adopt cloud services, offer recommendations to minimize these risks, and provide insight on best practices to secure the cloud.

The Shuttle Challenger tragedy was a major turning point in the NASA Space Program. What appeared at first to be a random accident quickly became a case study in how trivial amounts of risk acceptance can snowball into a disaster. What lessons can we as security professionals learn from this tragedy, and how do we apply them to our everyday lives?

Multi-generational data sprawl leads to data fragmentation, an increased surface for cyberattacks, complicates automation and process efficiency efforts, and increases the potential risk of a successful ransomware attack.  When ransomware strikes, simplicity and scalability are critical to minimize disruption and resume business operations quickly. Learn how to reduce the attack surface across workloads and best practices to protect, detect, and recover from ransomware threats through multi-layered security and Zero Trust Principles for on-premises, SaaS applications, cloud, and hybrid infrastructures with a unified experience. 

As new models of ransomware emerge and attacks become more frequent as they prove successful to bad actors, it’s imperative for business leaders to reexamine their approach to cyber security to more effectively combat threats and minimize damage in the event of a ransomware attack. For many companies today, that means foregoing the traditional “trust but verify” perimeter-based security and implementing Zero Trust framework built on the principle of “never trust, always verify”. Through its capability to isolate users and machines, Zero Trust can in the event of an attack limit it from spreading while still maintaining running operations, making it a popular security strategy. In fact, last year in his Executive Order on Improving the Nation’s Cybersecurity, the President of the U.S. recommended the Federal Government adopt Zero Trust architecture.

This panel will look at how ransomware attacks and bad actors have evolved to become more successful. Should companies pay hackers to get their data back or will that backfire? Our lineup of Subject Matter Experts will contrast traditional perimeter-based security with Zero Trust and offer their insight on how adopting strategies and policies that can help companies stay resilient as ransomware threats continue to grow.

Good security gets out of the way of users while getting in the way of adversaries.  Passwords fail on both accounts. What holds us back from getting rid of passwords? Trust. In this session, we will propose a framework of technical controls to ensure only trusted sessions authenticate, regardless of faults or failures in any one factor.  We will share a path forward for increasing trust in passwordless authentication.

As we settle into life with COVID, the topic of zero trust security and a remote workforce is top of mind for all enterprise security teams. During this session you’ll hear from security practitioners who were responsible for the zero trust strategy and implementation at two Fortune 500 global enterprises – Adobe & Cisco. They will share their experiences and tips for rolling out zero trust methodologies at scale. 

SaaS platforms are used by nearly everyone but SaaS security is often overlooked. That can be for a variety of reasons: Perhaps the security team doesn’t understand the nuances and settings for each different SaaS application in use. Perhaps the SaaS owners don’t understand security risks while configuring the apps, and don’t bring in the security team to help. Bridging this gap and ensuring appropriate SaaS security is in place is crucial in today’s dynamic world.