Tampa 2020

Global disruption has taught us that the only thing that is certain, is things will remain uncertain – and that business leaders need to remain confident that their operations can continue securely in the face of global or even regional events. Though parts of the world are re-opening, attackers have not slowed down and may be even lying in wait to take advantage of the next disruption.

Traditional, static, legacy approaches to security consistently prove both unintelligent and ill-equipped to adapt. Organizations often find themselves undergoing a delicate balancing act—each new work practice and technology that is needed to adapt, evolve, or even grow also brings unforeseen risk.

This session will explore how Cyber AI allows organizations to achieve much-needed adaptability and resilience, ensuring both seamless transition and the ability to disrupt attacks in the earliest moments. In the face of an uncertain present and future, Cyber AI enables businesses to continue communicating, operating, and innovating.

As enterprises have become increasingly reliant on technology for every aspect of operations, technical executives like CIOs and CISOs have found themselves in a completely new operations center: the boardroom. This shift is more recent for CISOs, who increasingly must demonstrate security and compliance at a board level. This move can present a significant challenge. Board members are often not well-versed in technology or security best practices, let alone jargon. At the same time, CISOs (and CIOs) often lack the business experience to speak in terms that the board can understand, defaulting to technical discussions that the board can’t parse.

This breakdown in communication can have a cascade effect. The board might fail to fully understand the security risks posed by a certain initiative. Or, with the growing number of costly and embarrassing security breaches, they might overemphasize caution and risk mitigation at the expense of implementing important technical advancements.

In this session, attendees will learn strategies for discussing security and technology priorities at the board level.

1. Getting alignment: The board isn’t going to understand the technical nuances of why certain security measures will impact DevOps cycles or application rollouts, but they will understand the trade-off between speed to market and security. Planning in advance how to address these trade-offs at the business level will minimize confusion and ensure a baseline of understanding across all stakeholders.
2. Build a “roadmap to yes”: Everyone has a story “draconian” security requirements preventing them from using a technology. These anecdotes can make it feel like security is diametrically opposed to innovation. CISOs need to come prepared with a roadmap for getting to “yes” and a clear understanding of business requirements and tradeoffs.
3. Focus on Risk and Reward to the Business: One of the most critical success factors for CISOs in a board setting is mapping the priorities of the security team to core business objectives.
4. Lead with Resilience: Help the board to understand that there is no such thing as fool-proof security but that the risks are well understood will manage their expectations about what is possible and what risks actually exist.

In addition to providing board-conversation strategies, attendees will also learn how shifting board composition is changing the dynamics on cybersecurity and technology conversations.

Security teams today are being overwhelmed by the massive amounts of data collected by their various protection tools and in most cases, these security teams do not have the budget to hire external Security Operations Center (SOC) analysts. As such, companies are looking to implement an automated response system by using SOAR (Security Orchestration, Automation and Response) tools in an effort to relieve some of the burden on their already understaffed security teams and increase efficiency.

In a recent survey of more than 1,400 IT security professionals, 79% reported that their organization has existing automation tools and platforms in place (29%) or are planning to implement them within the next six months to three years (50%). However, this is not a simple solution for many companies as the successful implementation of automation requires a well-trained and educated team. In fact, 56% of organizations from this same survey indicated that they don’t currently have the in-house expertise required to effectively use these tools. This presents a problem as the shortage of gap between workforce demands and skilled cyber security professionals in the field is larger than ever and steadily increasing. According to another report, it is projected that by 2021, 3.5 million cyber security jobs will be unfilled; that’s a 350% increase in open positions from 2013 to 2021.

This panel will provide an understanding on SOAR tools, the importance on training your security team to understand and leverage these tools to more rapidly detect and respond to threats, and ways to attract and retain talent.

We all know that the operating paradigm in which business is conducted changes on almost a daily basis, yet the way we defend the sensitive data within our business has remained static for nearly 3 decades. Perimeter security is not sufficient, and that’s why we have embraced the concept of Securing the Breach by protecting the data at rest, in transit and in motion utilizing a three step approach of strong centralized key management, encrypting the data and controlling access thru identity access management.

This presentation will address our three step approach to data protection and how it can enable organizations to meet compliance mandates, mitigate risk and secure their infrastructure from on premise to the cloud.

Gain insight on how to prepare for the breach and protect what truly matters—your data.

According to a recent survey, last year 69% of organizations suffered a data breach caused by an Insider Threat, even with a data loss prevention (DLP) solution in place. While malicious users are a legitimate threat to an organization’s security, another study found that 64% of incidents were a result of human error made by an employee. In fact, 78% of Chief Security Officers confessed that even they have clicked on suspicious links.

These statistics demonstrate that having a DLP solution in place with a centralized IT Security team is not sufficient in protecting company assets. Organizations must also address the human element and provide effective ongoing training and education to all employees within the organization.

This panel will discuss the importance of understanding and detecting the various types of Insider Threats that put your organization at risk, as well as provide insight on how to prepare a prevention and defense strategy against an insider breach.

Modern tools such as SNIPR and Modlishka make it easier for hackers to launch large-scale automated attacks, bringing credential re-use and two-factor-authentication attacks to record highs. How did we get here, and will mainstream adoption of passwordless security have an impact?
We will explore how the rise of virtual desktop infrastructure has affected workstation login and review how the evolution of authentication has impacted organizations’ identity and access management systems.
In this session, you’ll learn:
• Why is Credential Reuse at All-time Highs?
• How has Authentication Evolved?
• Why this is the Passwordless Decade

It is important to recognize that, overall, the industry has an effectiveness problem. The escalation in threat activity and the talents shortage in the industry has created a situation where, despite lots of products and cybersecurity spend, we aren’t getting better protection. To put a finer point on it, there are over 3,000 vendors selling products in the industry. The total spend last year was $120B+ and even with all of that there we almost 4,000 breaches — a 96% increase over the previous year.​ The key takeaway from these breaches is that they are NOT product failures.​ They are operational failures. ​To prevent these kinds of breaches from happening again in the future, we believe, the industry needs to adopt a new approach – an operational approach – to cybersecurity. ​

When threat actors exploit weaknesses in an organization’s IT infrastructure, the consequences can be devastating to productivity, reputation, and financially. Without treating cybersecurity as an ongoing process, hackers can find, weaponize, deploy, and attack your infrastructure faster than your team can patch the vulnerability leaving your infrastructure unprotected. Your systems may be secure today, but next week, a cybersecurity criminal may discover and exploit a critical vulnerability in your environment. Join us as we discuss how continuous vulnerability management can be executed effectively.

During this session, Cybersecurity Advisor Klint Walker will discuss:

• The New Cyber Security Threats & Trends that have arisen as a result of COVID-19
• How these threats impact business leaders as they work from home and how to navigate these new security challenges
• Supply Chain Security during this Crisis
• Security Tools from DHS/CISA to analyze & protect the executive’s new home / work environment