Playlist

Cybersecurity Leadership Summit 2020

Videos from the Cybersecurity Leadership Summit 2020
36 videos in this playlist
Event Recording
Markus Malewski, Joerg Hesske: No Chance for Hackers and Spies. Why Thyssenkrupp Takes a Completely Different Approach to Security
Nov 20, 2020

Markus Malewski, Head of SOC / SIEM at thyssenkrupp gives an insight how thyssenkrupp re-formed the Security division after the Winnti attack in 2016, why the company is so well prepared for current and future challenges and how the solutions of Elastic help to achieve those. Jörg Hesske, AVP CEMEA at Elastic shows how Elastic Security helps SecOps teams to protect their company against threats quickly and precisely with an integrative security approach.

Event Recording
Elastic Security Workshop Part I - Unified Protection for Everyone
Nov 19, 2020

Learn how the latest security capabilities in the Elastic Stack enable interactive exploration, incident management and automated analysis, as well as unsupervised machine learning to reduce false positives and spot anomalies — all at the speed and scale your security practitioners need to defend your organization. Additionally, we'll be talking about the new protection and detection capabilities of the free Elastic Endpoint, now also part of Elastic Security, as well as EQL - the event query language, which brings new query and detection capabilities to Elastic Security.

Event Recording
Mario van Riesen: The Evolution of Application Security
Nov 16, 2020

Cyberattacks have rapidly evolved since the advent of online transacting almost 25 years ago, with attackers continually escalating and refining their evasion techniques. While organisations and individuals continue to mobilise in an attempt to mitigate the global disruptions taking place around them, cybercriminals have wasted no time in exploiting the COVID-19 pandemic. Today, attackers and fraudsters call upon a sophisticated suite of tools, including human-powered click farms, social engineering, and malware – all designed to defeat traditional defenses such as WAFs & CAPTCHAs. 

This session will dive deeper into how organisations can keep pace with this precipitate shift and adjust their security postures accordingly, to more accurately reflect the realities of an ever-evolving threat landscape. 

Discussion Points:  

  • Attack Evolution - navigate the automated application attack-roadmap as it has progressed from the commodification of Credential Stuffing and ATO schemes to some of the most cutting-edge examples of Manual Fraud capability. 
  • Countermeasure Efficacy - discover how F5’s Application Fraud portfolio addresses the whole spectrum of eCrime attacks deterring cybercriminals who continually retool to circumvent traditional countermeasures. 
  • Inverting Friction - understand how organisations can protect their customers and brand without compromising user experience or collecting PII. 
Event Recording
Bryan Christ: Improving Operational Maturity with an Automation First Strategy
Nov 16, 2020

In his keynote, Bryan will talk on how automating Identity and Access Management can evolve your operational maturity and strengthen your security programs. 

Event Recording
Ioannis Chrysakis: The CAP-A Best Practice: Towards Enabling a Privacy-Friendly Apps Market by Applying a Crowdsourcing-Based Evaluation Approach
Nov 16, 2020
Event Recording
Christopher Schuetze: Safer With Security - How Fabrics Can Be Used to Manage the Complexity of Your Enterprise Security
Nov 13, 2020

A flexible architecture is an absolute must in order to keep pace with new challenges within a constantly evolving landscape. Christopher Schütze, Cybersecurity Practice Director and Lead Analyst at KuppingerCole, will look at methodologies that help to structure, reorganize, and extend the existing Cybersecurity landscape within your organization. He will examine current topics such as “Information is the new oil” and “Trust only with verification – Zero Trust” and how you can integrate this into your strategy. Information security and ensuring a high level of trust must be a fundamental part of Cybersecurity strategies in the years to come. This will help you to make the right choices and improve overall security, and learn how to be safer with security.

Event Recording
Martin Rohrer: Cyber Navigation in Turbulent Times – How Cyber Maturity Assessments Provide a Sense of Direction
Nov 13, 2020

When navigating a big ship, it is crucial to know your position and the course you set. In this case, the ship is a symbol for a company planning its investment in cyber security. In practice, the overall strategic view is often obscured or missing. An assessment of the cyber maturity level will give a better understanding of the position as well as the direction, considering the specific risks. A risk-based approach allows investments in cybersecurity to have the greatest possible, measurable impact.

Event Recording
Anett Mádi-Nátor: C-Level Cybersecurity Awareness – Does the C-Suite Fall Behind in Understanding the Importance of Cybersecurity Services?
Nov 13, 2020

In the crisis created by Covid-19 it is even more obvious how C-level are reacting and in cases not reacting properly to new cybersecurity situations resulting from rapid and enforced digitalisation. Can or should they be given more time to adapt? Can they build up the proper cybersecurity decision making skillset? Is it worth the effort? The speaker explains how that is possible, what new digital roles should be created within an organisation and how to meet challenges posed by the transforming digital ecosystem.

Event Recording
Ana Isabel Ayerbe Fernández-Cuesta: Security by Design IoT Development and Certificate Framework
Nov 13, 2020

Next-generation of Smart IoT Systems needs to manage the closed loop from sensing to actuation with safe operational boundaries and the need to be distributed across IoT, Edge and cloud infrastructures with complex and heterogeneous systems, connectivity and failures, as well as being able to operate in an unpredictable physical world facing situations that have not been fully understood or anticipated in the software development process.

In this context, it is necessary to support the continuous delivery of trustworthy Smart IoT Systems, to support their agile operation, to support the continuous quality assurance strengthening their trustworthiness, and to leverage the capabilities of existing IoT platforms and fully legacy, proprietary and off-the-shelf software components and devices. In this talk, it will be explained how to facilitate the development, operation and quality assurance of trustworthy and resilient Smart IoT systems.

Event Recording
Jan Tietze: Minimising Risk from Cyber Threats: Focus on Reducing Time to Containment
Nov 13, 2020
Event Recording
Jochen Fischer: A Small Leak Can Sink A Great Ship - Cybersecurity Warfare & SAP
Nov 13, 2020

Security is Culture – and culture starts with people (not technology!) The complex topic of SAP-security is a massive challenge for the almost 500.000 companies worldwide using SAP. The challenges are the same for everyone, and it is the combined corporate responsibility of the C-Level and all employees to protect the enterprise from threats. These core applications can be secured by focusing on the 3 main attack vectors: People, Processes, and Technology. Within this keynote, Jochen Fischer shares what needs to be done to define clear ownership and responsibilities for SAP-security. Enabling people to understand the risk in SAP is fundamental to design a sustainable strategy that is based on the individual risk profile of each individual company. It is time to stop the monkey business when it comes to mission-critical topics like security. As independent expert, Jochen Fischer provides state-of-the-art methodologies to deliver the right people the suitable skills required to protect SAP without burning money on tools that have no or limited effect on corporate cyber resilience.

Event Recording
Espen Otterstad: Social Engineering - Exploiting the Human Factor
Nov 13, 2020
Event Recording
Panel - Assuring the Security of Your Enterprise - Social Engineering and Pentesting
Nov 13, 2020
Event Recording
Berthold Kerl: Top 2021 Cyber Topics: Results From a Recent KC Survey
Nov 13, 2020

In this talk, you will learn about the results of the recent KuppingerCole Survey on top Cybersecurity Topics for 2021.

Event Recording
Dr. Mariarosaria Taddeo: Trusting AI in Cybersecurity: A Double-Edged Sword
Nov 13, 2020

Applications of artificial intelligence (AI) for cybersecurity tasks are attracting greater attention from the private and the public sectors. Estimates indicate that the market for AI in cybersecurity will grow from US$1 billion in 2016 to a US$34.8 billion net worth by 2025. The latest national cybersecurity and defence strategies of several governments explicitly mention AI capabili- ties. At the same time, initiatives to define new standards and certification procedures to elicit users’ trust in AI are emerging on a global scale. However, trust in AI (both machine learning and neural networks) to deliver cybersecurity tasks is a double- edged sword: it can improve substantially cybersecurity practices, but can also facilitate new forms of attacks to the AI applica- tions themselves, which may pose severe security threats. We argue that trust in AI for cybersecurity is unwarranted and that, to reduce security risks, some form of control to ensure the deployment of ‘reliable AI’ for cybersecurity is necessary. To this end, we offer three recommendations focusing on the design, development and deployment of AI for cybersecurity.

Event Recording
Jakub Boratynski: EU Cybersecurity Policy Actions and Priorities
Nov 13, 2020

Technological advances and new trends provide great opportunities to the economy and society as a whole. The high reliance on digital technologies especially during the COVID-19 crisis increases at the same time the potential attack surface for malicious actors. The paradigm of security is shifting. The EU is undertaking several actions for its citizens and companies, in order to enhance the resilience of critical infrastructure, support supply chain security (5G) and research, create a European cybersecurity certification and a new, modern cybersecurity strategy for Europe.

Event Recording
Hila Meller: Covid 19 - Adapting to the New Normal
Nov 13, 2020

In her key note Hila Meller will explain how the new normal impacted by the Covid-19 global pandemic is reflected in the Cyber Security Space.

She will explain the changing threats in this new reality as well as the steps and strategies used by BT to globally adapt to the news ways of working, combined with a wider global view based on inputs and collaboration with large multi-national organizations.

Event Recording
Paolo Comi, Nadia Fabrizio: Quantum Secured Blockchain
Nov 13, 2020

This talk aims to share the experience achieved during Q-Secure Net, a 2020's project co-financed by the European Institute of Technology (EIT) and Italtel, Cefriel, Politecnico di Milano, CNR, UPM and Telefonica. Q-Secure Net will provide a cost-effective and flexible network solution for unconditionally secure communication services based on Quantum Key Distribution (QKD) thought for fiber-optic networks.

The talk will also present an application of Blockchain Atomic Swaps for the exchange of securities and cryptocurrencies, developed in the project and based on QKD. Atomic Swaps have great potentials for financial scenarios regarding securities, crypto exchanges and cryptocurrencies but have specific security threats.

The QKD market is expected to grow over $980 million by 2024. In the long term, the QKD will be strategic for the design of new architectures in many sectors like telco, defence and transports and 5G sectors. QKD's infrastructural security and its ability to mitigate cyber-risks, also allow a whole new class of approaches and applications for Decentralised Finance.

 

 

Key Takeaways:

-          QKD Features

-          Capabilities for Fintech applications

-          Atomic Swap and Crypto Exchanges

-          How QKD can mitigate risk in applications like smart contracts for Decentralised Finance Scenarios (for example in the Atomic SWAP use case)

Event Recording
Jean-Christophe Gaillard: The Cyber Security Skills Gap: Real Problem or Self-inflicted Pain?
Nov 12, 2020

You don’t have to go far these days to find security professionals complaining about skills shortages, and countless media outlets relaying their views. But there are at least two sides to this argument and the situation requires a more balanced approach. The security industry needs to rebuild its narrative to attract more raw talent at all levels.

Event Recording
Stefan Würtemberger: The Road to Zero Trust After a Cyber-Incident
Nov 12, 2020
Event Recording
Ammar Alkassar: Cybersecurity and Digitisation within the Corona Crisis – First Experiences and Initial Conclusions
Nov 12, 2020

Within the Corona Crisis, IT and digitisation have proven their essential role for state administration, economy, as well as society. These techniques are not only the backbone for our highly-industrialized countries, but now also recommended as such.

The keynote will reflect the first months of the Corona Crisis with a focus on digital administration and IT as backbone. In this context, aspects of project management, management culture, and risk tolerance will be addressed. Last, but not least the keynote will present theses on experiences and future do’s and don’ts, especially focussing on cybersecurity and data protection in digital project management.

Event Recording
Matt Berzinski: Choosing the Right IAM solution to secure your Hybrid Cloud Environment
Nov 12, 2020

In 2020 organizations have been forced to accelerate their digital transformation plans to meet the needs of a more digital engaged end user. From remote workforces to shifts to online commerce, nearly every industry has had to adopt to this new reality. This has resulted in rapid cloud service adoption and a need for integration of existing on-premises investments with them. But today's Hybrid Cloud reality needs a comprehensive security policy that encompasses newly acquired cloud technologies all the way down to legacy on premises applications which provide business critical capabilities. In this presentation, we will discuss the characteristics needed in an Identity and Access Management platform that will allow organizations to quickly get address new security issues while allowing for a smooth digital transformation at their own pace.

Event Recording
Rolf von Roessing: Business Continuity – Learnings in the Light of the Corona Crisis
Nov 12, 2020
Event Recording
Sergej Epp, Ashley Ward: Need for Speed: How DevOps is Changing Cybersecurity
Nov 12, 2020

Is your cybersecurity as fast as your business? Finding the right strategy to secure the growing speed and diversity of DevOps driven application development and dynamic infrastructures is hard. To master this journey, organisations have not only to adapt new security controls but in most cases to redefine their cybersecurity strategy and traditional approaches such as Defence-in-Depth and Zero Trust Architectures from scratch.
In this session, you will learn the FIRST PRINCIPLES how to align the pace of your cybersecurity to your business speed from both perspectives: a cybersecurity expert and a former developer.

Event Recording
Darran Rolls: The Confessions of an X-CISO: Identity Centric Security @ Enterprise Scale
Nov 12, 2020
Event Recording
Steffen Minkmar: Cyber Resilience - Regulatory Developments in the Financial Services Industry (and Beyond)
Nov 12, 2020

Cyber resilience, a term often heard but never fully understood, has made headlines for many years. Nonetheless, we are still confronted with ransomware attacks that lead to the standstill of organizations, as evidenced in the 2017 Maersk attack or the declared state of emergency by the mayor of the city of New Orleans in December 2019 after the city was hit by a cyberattack.

Many organizations perceive cyber resilience as yet another regulatory topic to be addressed by the IT department or the IT security teams, ignoring the regulatory requirements deriving from stakeholders such as the European Central Bank, or the need to interlink cyber preparedness with business continuity efforts and the much-needed support not only by the business departments but also the C-suite.
All this stems from an incomplete understanding of cyber resilience and what added value it can offer to an organization. The presentation aims to close this knowledge gap by highlighting key regulatory requirements, and how these can be addressed in coordination with key decision-makers. It will also provide insights into future regulatory developments with a specific view on the EU legislation. The presentation will also talk about testing approaches for cyber resilience, such as the TIBER-EU (Threat Intelligence-Based Ethical Red Teaming for the European Union) framework.

Key takeaways:

1) After completing this session, the participant will be able to refer to relevant CR regulations and put them into context and everyday use and to understand expectations from the FS regulators.
2) After completing this session, the participant will have knowledge about how CR is applied in other FS organizations, and what tools and methods exist to assess CR readiness.
3) After completing this session, the participant will be able to discuss key CR topics with senior management to promote the importance of CR, and to make a business case for it.
4) After completing this session, the participant will be able to refer to available resources on the internet to deepen his/her knowledge of CR.

Event Recording
Panel - Secure Work Anywhere: The New Normal from Corporate Policies to Security Practices
Nov 12, 2020
Event Recording
Enrico Frumento: IT-OT Convergence of Security
Nov 12, 2020

Experts define Operational Technology (OT) as «hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events.»

OT differs from IT, in terms of functionalities, the culture of operators and threats. In recent months, we witness an increasing convergence of IT and OT systems. This area is a novel and rapidly expanding one for both cybercrime and industry. Recent IBM’s 2020 X-Force Threat Intelligence Index summarizes that attacks targeting operational technology (OT) infrastructure increased by over 2000 per cent in 2019 compared to the previous year. The COVID-19 pandemic accelerated these trends: it is the digital accelerant of the decade and accelerated companies’ digital transformations by approximately a global average of 6 years.

For example, one of the impacts of COVID-19 –at least until a vaccine is discovered– is the reduction of on-site staff. In the case of OT systems, this put a strain on the already limited resources and required an increase in external connectivity. The result is the numerous industrial plants exposed to, for example, ransomware attacks.

 

From a bird-fly point of view, IT and OT are still missing a holistic approach that includes cybersecurity, physical security and cyber-physical security, an integrated cyber-risk estimation and governance models able to span across IT and OT domains. Overall the primary need concentrates around as reconciliation of IT Security (typically built on Confidentiality-Integrity-Availability paradigm) with OT Cybersecurity (which fundamental properties are instead Safety-Reliability-Productivity).

 

 

Key Takeaways:

-          Status of IT and OT security

-          long term impacts of the pandemic on the digital transformation agenda of industry

-          Main challenges and trends for the IT and OT security

-          Some possible solutions

Event Recording
Panel - Zero Trust Paradigm for the Future of Security
Nov 12, 2020
Event Recording
Greg van der Gaast: The Future Role of the CISO
Nov 12, 2020
Event Recording
Brennan Lodge: Home Grown Machine Learning Implementation for the SOC
Nov 12, 2020

The machine learning deployment, integration, and release pipeline is unique and unlike any typical software, application or detection life cycle. A SOC has a blend of infrastructure, team dynamics, disparate logs and data sets, a SEIM, ticketing systems and a need for analytics to better serve and improve their defenses, cyber security posture and incident response. Proper implementation of using machine learning for cyber security defenses can be done with both team and engineering integrations. This talk will walk through an example of machine learning implementation for the SOC in an enterprise environment with lessons learned and best practices. 

Event Recording
Panel - Accelerating Digital Transformation with Secure Cloud Access
Nov 12, 2020
Event Recording
Panel - European Cybersecurity Job Market and the Gender Perspective
Nov 12, 2020
Event Recording
Martin Kuppinger: Cybersecurity Trends in the Age of Work from Home
Nov 11, 2020

The way people are working has changed fundamentally. Cybersecurity is even more essential than before. Martin Kuppinger, Principal Analyst at KuppingerCole, will look at the factors that drive the relevance of cybersecurity, but also change the way cybersecurity is done right. He then will look at the trends in cybersecurity and how new technologies and methods help in mitigating cyber risks and improving cyber attack resilience. This includes looking at the impact of Work from Home, changing attack vectors, or the impact of AI on cybersecurity, and discussing what new technologies such as SOAR and Cyber Ranges can provide for getting better in cybersecurity. He also will look at the need for doing a thorough cybersecurity portfolio assessment, to optimize spending and getting a grip on the zoo of cybersecurity tools most businesses already have to pay for and to manage.

Event Recording
Flavio Aggio: COVID-19 Cybersecurity Attacks
Nov 11, 2020

Cybersecurity technologies to identify, protect, detect, respond and recover are extremely important, but not sufficient. HumanOS upgrade is required to safely use the Internet and It is not only about training and awareness. It is about the way users must behave online and IT community must openly acknowledge system vulnerabilities. Humans are the weakest and strongest links in Cybersecurity.

Event Recording
Stefan Romberg: Regulatory Compliance Challenges in 2020
Nov 11, 2020

How do you prepare for the increasing regulatory challenges in a time of ongoing cloud migrations with global service providers? The invalidation of the EU-US privacy shield and the enforcement of the NDAA Section 889 will require a thorough review of existing controls and a swift management of stakeholder interests. This key note will provide practical experiences and guidance to ensure you meet your compliance goals.