Wall Street

Support from fellow executives, clarity in board communications, and demonstrable alignment with industry regulations all influence the success of a security transformation more than is commonly realized. In this session, experienced technologist and veteran CTO and financial services industry leader, Gregory Simpson explains how interpersonal dynamics influence everything from establishing a phased deployment plan to reporting on success metrics. Learn the skills and tools that help ensure everyone, from directors to end users, is united behind your project while exploring this important, if often overlooked, topic.

Emerging technologies present significant opportunities but also heighten existing risks and introduce new cyber threats. For financial institutions, the traditional practice of cyber risk management is increasingly crucial as new technologies expand their digital footprint. Cyberattacks are becoming more frequent and sophisticated, with well-funded criminal groups using advanced tools, including generative AI, to enhance their strategies. This evolving threat landscape highlights the urgent need for robust risk management and agile incident response frameworks. Financial institutions must fortify their defenses and refine their incident response capabilities to stay ahead of emerging threats, ensuring they can protect their assets and maintain operational resilience in an increasingly complex cyber environment.

In today’s rapidly evolving digital landscape, organizations are struggling with diverse methods of interaction with employees, customers, and partners through a multitude of technologies. This complexity often leads to a lack of control over Identity and Access Management (IAM), leaving organizations vulnerable to security threats and compliance issues. The cost of ignoring the risk can haunt you for years however, you cannot correct what you don’t know, so the first steps are assessing whether your organization is positioned for a successful implementation, migration or fix and, validating the organization is focused on the right path and/or issue they are looking to mitigate. Join us as we demonstrate a proven, 3 stage, IAM Strategic Assessment model that is NIST compliance driven answering the “what, where, when, why and how” surrounding both Workforce Identity & Access Management and Customer Identity & Access Management (CIAM) programs, projects and operations.

Whether you see it as good, bad, or indifferent, AI is here to stay and it’s changing the way software is developed. We can now give instructions to large language models and instantly be greeted with the code needed to build applications or features. This trend is only going to increase and with the speed and scale it offers, continue to be leveraged by more organizations.

But there is still a very real human element to this. AI is not designing software, it is taking human readable language as a design and building the code. It is clear that in the building of software, AI puts the emphasis in design. The same is true of application security. When you are not writing the code how do you ensure it is secure code? You can’t do it in the build stage, the AI is building it for you, and sure, you could do it in the testing phase, but good luck with that bottleneck. We need to rethink, or relook at building security in – at the design phase.

The good news is that we already have the tools and processes needed. In this talk, we’ll see how secure by design principles and threat modeling are the arsenal we need when securing software in the age of AI.

Regulators worldwide are addressing operational resilience. Because of the rising likelihood of disruptions and their potential cascading effects, particularly in the financial sector, international regulators are collaborating to establish best practices and harmonize approaches. In this session, we’ll review some of these regulations and discuss how network analysis and visibility can help you prepare for, adapt to, and withstand or recover from disruptive events.

Learn about what’s actively happening in the last quarter in the ransomware ecosystem. Halcyon’s professional services team has the largest private research on ransomware payloads and their tools. We engage daily with federal law enforcement, cyberinsurance carriers, breach coaches, and DFIR firms to assist victims on ransomware recovery so we get an in depth view of the threat actors, how they’re being successful, and what is happening on victim’s networks.

From that experience, we provide stories and trends to illustrate how ransomware is constantly evolving to overcome the challenges of having to collaborate amongst criminal groups. As any business model, it must adapt and the recent business pressures in ransomware are coming from decreasing payout rates, improved security controls, and recent law enforcement actions. Halcyon breaks down five specific trends that are the catalyst in new behaviors from ransomware operators and RaaS groups that have helped them continually generate more revenue than ever in 2024. Halcyon provides the supporting data, business pressures, and the countermeasures that organizations can take to adapt to these changing areas. Mixed in are as many stories from recent events and cases that Halcyon has been engaged on to provide color to this continually developing world.

The Cybersecurity Summit will be giving away an InfoSec world VIP pass during the cocktail reception to one lucky winner (a $2,400 value).