Cybersecurity Leadership Summit 2022

Most organizations don’t suffer from a lack of cybersecurity tools. They suffer from the cost and administrative burden of running too many of these. They suffer from the lack of integration. They suffer from the lack of skills in optimally configuring the tools and analyzing the data.

Couldn’t less be more? But what is the right answer? Just retiring some tools? Consolidating to new solutions such as XDR? Replacing old tools with the newest best-of-breed solutions?

As always, best start with a plan, and with defined methods to evaluate the contribution of the various tools you have to your targets. The plan must help you in understanding which elements you need most for protecting your IT. On the other hand, you must understand how well your existing tools landscape contributes to this.

In his talk, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will unveil methodologies that can help you in assessing your cybersecurity tools portfolio, and that can help you in deciding about where to invest next.

Cyber Warfare and Disinformation have been heavily weaponized since Russia´s full-scale Invasion of Ukraine and even before, aiming at destabilizing the free part of the world. It is the "synergy of the evil" between cyber warfare and MDM (Misinformation, Disinformation, Malinformation) that is causing the potential for long term damages and risks for critical infrastructures, societies and businesses. What is it that we have to expect in the near and longer future? How can we prepare for the worse to come? Ksenia Iliuk will share with us her insights from now 8 years since the Krim Invasion and 8 months in the general Cyber and Information Warfare in Ukraine.  

Current frameworks from Cyber Essentials in the UK, to the NIST Cyber Security Framework, HIPPA, PCI-DSS and even ISO27002:2022 often take at least 18-24 months to agree by their governance bodies. The world is much faster moving that that, the fact many regulatory frameworks will take years before the kinks are ironed out demonstrate that they are good for what they were designed for at inception, but after that many of them do not keep up with the changing threats and risks enterprises face, let alone the real controls that are required to protect the enterprise. This is why they are more than often just a tick-box exercise for many enterprises. This session will demonstrate with an analysis of several standards and frameworks, that they are a great starting point if you don't know where to start, but if your really want to protect your enterprise you need to go beyond using controls checklists designed for yesteryear's threats and risks. And what organisations can do to improve security to keep in touch with current threats and risks?

Cyber Security traditionally has been seen as the domain of Technology, with an expectation that the solution for cyber resilience has to be provided by IT – and we happily accepted this challenge and delivered numerous software and hardware solutions, design and development principles, policies and process controls.

However, as most successful cyber-attacks in recent time have started by targeting users with phishing emails or social engineering, raising awareness of their role in increasing cyber resilience is at least as important as providing “just a technical solution”.

This presentation will – based on example of a famous real robbery in Berlin – show how user awareness can become an important line of defence in cyber security.

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day, everyday. This is particularly true for Identity and Access Management, which is a component of every domain within Cyber Security, and it's identified as a cause for more than 80% of data breaches. IAM is rarely about white-hat hackers counter-attacking an ongoing intrusion. It's mainly about a set of good practices, clearly defined processes and, overall, good hygiene in the way we manage our identities, our resources, our entitlements, and the way they relate to each other.

Security of users, data, devices and networks is orchestrated via a set of precautionary cyber measures called cyber hygiene. Enterprises today deal wih a sheer volume users, data and devices, often distributed across complex cloud/hybrid environments – making cyber hygiene monitoring a challenging task. In this session, leading cyber experts shed light on the importance of implementing effective cyber hygiene amidst an uncertain threat landscape and share best practices on how to do so.

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” ― Sun Tzu, The Art of War

Join this session to gain a deeper understanding of threat actors and the current threat landscape, in order to help you adapt and protect your organisation from cyber warfare. We know adversaries do not rest. Attacks are growing more destructive, causing mass disruption to organisations and society. Take away knowledge of Threat Actors, current attacks, strategies to defend your organisation and understand how your workforce puts you both at risk but can also be leveraged to be your first line of defence.

Over simplifying, IT security means defending the IT systems from threats procured by cybercriminals. Their targets are, for example, the manipulation of systems, the extorsion or exfiltration of data, and the interruption or alteration of services. However, what happens if we have humans instead of IT systems? Given that the scope of an attacker is always the same, as aforementioned, attacking a human is an entirely different process, and the attack tactics must change. This well-known fact involves social engineering and human sciences (e.g., psychologists or behavioural sciences instead of informatics). However, from the cyber security side of the coin, what does it imply dealing with humans? What does it mean, for example, to perform convincing penetration testing or vulnerability scanning to deeply test human weaknesses: it is not merely a problem of sending a phishing email and waiting for clicks. How can be done a threat analysis or threat intelligence on humans? Moreover, how can a company calculate the cyber risk that a human represents and how many effective ways to reduce it? If we fully put humans (either as employees or IT security operators) at the centre of cybersecurity, the questions become several.

The problem is complex because, by its nature, it is multicultural and requires different non-technical competencies. It includes experts in philosophy, political science, cyber sociology, pedagogy, acting performance, etc., collaborating with cybersecurity experts. Facing the human element of security is a genuinely multicultural and interconnected approach. Furthermore, humans are coincidentally “human” and not machines: there are also ethical and legal issues to consider, and their reactions change during the day. The talk will explore and present a comprehensive view of what happens when there are not the IT systems but the humans at the centre of cybersecurity.

How do cyber criminals go about a hacking attack and how easy is it to capture sensitive data? As the saying goes, "Keep your friends close, but your enemies closer," we take a look at how hackers and social engineers work with social pentester Graham Stanforth.

Imagine deepfake footage of a CEO engaging in bribery, a politician committing a sexual assault just a few days before an election, or soldiers committing atrocities on foreign soil. In our current environment, where conspiracy theories thrive, deepfakes could lead to catastrophic consequences. We are at an inflection point. Soon, deepfakes will move from being an oddity to possibly becoming a destructive social and political force. This presentation will discuss how deepfakes are made using deep learning methods and explore the possible impacts to society and to cybersecurity with some recent examples. The presenter will also discuss some of the latest research into deepfake detection.

For big companies like Mercedes, there is no generic zero trust implementation to deliver the values for customer, workforce, suppliers and logistics. It is unlikely to have a greenfield implementation as there is a rich fundament of processes, technologies and business uses cases need to be covered. This presentation describes how to build a holistic view of your ecosystem, understand your maturity, develop a reference architecture for your vision and then come up with a continuous transformation to achieve the targets using a value and risk driven approach.

The economic value represented by the energy industry makes utilities an attractive target for cybercriminals. An expansive attack surface coupled with strong interdependencies between physical and digital infrastructure makes utilities an interesting case study for cybersecurity implementation.

Jerry Onesti and Jochen Toesmann from EON highlights the impact of cyberthreats across the value chain of utilities and shares his insights on how to protect assets associated with cyber-sophisticated industries such as energy.

For any large company, regulated or not, it is essential to have a mechanism or process for detecting vulnerabilities. For this purpose, various scanners exist that can automatically scan the company's IT assets for known and new vulnerabilities. However, this is where the big challenge begins: most scanners tend to find a large number of vulnerabilities. This is important and good, but not every vulnerability is equally relevant for every company.

Typically, most organizations drown quickly with the number of vulnerabilities they have. Different specific scanners for compliance, containers, source code, operating systems and applications deliver a hardly manageable number of different potential problems per asset.

For vulnerability management to work, you need to build a sustainable vulnerability management, define intelligent processes and specify intelligent bundling and prioritization.

In this presentation, Christopher Schütze will show how this was achieved in a successful project.

This presentation will explore why companies need security automation. We will look at how companies can ensure success (and how to ensure failure). Leveraging professional experience and doctoral research into security automation, the presenter will examine the keys to successful security automation, including how to prioritize use cases and build enterprise support. This session will look at how to decide what to automate (and what not to automate), strategies to help ensure a successful security automation program, and lessons learned from success and failure, including worst reason to pursue security automation.

Ransomware attacks continue to increase in frequency and severity. Every organization needs a ransomware and malware resilience plan. Three major components of such plans should include deploying Endpoint Security solutions, keeping computing assets up to date on patches, and backing up data. In this session, we'll look at trends in ransomware as well as review the results of the KuppingerCole Leadership Compass on Endpoint Protection Detection & Response (EPDR) solutions.

Resilience has been changing over the last 15-20 years, where we now accept and acknowledge the various types of reslience an organisation should be responding to. This session will explore how security has moved from a focus on just protection to faster detection and response. It will aso explore what the fast moving technologies mean for other types of resilience that organisations will be faced with in the coming future, and what they can do about it.

Human factors continue to be a weak link in enterprise defence strategies. This panel session will explore vulnerabilities around human factors and will look into security initiatives that have a valuable impact on the ability of enterprises to mitigate risk and optimize their cybersecurity program.

This presentation will explore why companies need security automation. We will look at how companies can ensure success (and how to ensure failure). Leveraging professional experience and doctoral research into security automation, the presenter will examine the keys to successful security automation, including how to prioritize use cases and build enterprise support. This session will look at how to decide what to automate (and what not to automate), strategies to help ensure a successful security automation program, and lessons learned from success and failure, including worst reason to pursue security automation.

This keynote will explore the role of government in providing a secure framework for digital transformation.

In this exclusively curated panel session, top CISOs from across the world reflect on where they find themselves today, explore trends that will define the cyber ecosystem over the next decade and highlight the core attributes required for future CISOs to maneuver through the challenges brought about by the digital enterprise.

The old saying goes, ‘The more things change, the more they stay the same”. This has never been more true than today in the modern CTO and CISO’s life. As technology evolves, the attack surface and actors adapt. Are they really different? Or are they the same vulnerabilities that have always existed, surfacing in new vectors in the infrastructure? Here are five new fundamental areas to keep in mind as you fend off the modern attacks of old.

The challenges to information security in companies are increasing every year. The focus is on serious attacks against small and large companies and the urgent need to protect their own information. It is no longer sufficient to view the protection of corporate information in a one-dimensional way. Many different facets are important: authentication, authorization, governance, policies, processes, monitoring and surveillance, cyber defense and many more.

Putting a company on the right track in the long term requires strategic and technical expertise that is usually managed from the information security area within the company - by the Chief Information Security Officer.

But what skills does a modern CISO need? What should be his or her strengths, what does a company need to look out for if it has this role, or how does a security expert need to develop in order to meet the numerous requirements for this position? Join this session by KuppingerCole CISO, Christopher Schuetze to get answers to these pertinent questions

SBOM offers multiple ways of getting under the covers of your and other provider's software resilience. Implemented properly, SBOM not only increases code and library transparency with a a much better chance to catch hidden software flaws much more quickly and potentially ahead of your adversaries, but is it worth the pain coming with it?

The role of a CISO has expanded beyond technical competence and compliance – an uncertain threat landscape calls for a technically competent leader with strategic oversight across the board, from engaging with multiple stakeholders to manage and get buy-in for cyber resilience programs to communicating cyber strategies to the board.

Join Christoph Hagenbuch and Alexander Silhavy in this session as they share proven strategies to help you make critical cybersecurity decisions and provides best practices on effective stakeholder management and communication.

Attackers are expected to leverage the uncertain geopolitical landscape to carry out advanced cybercrime attacks, leaving businesses susceptible to intrusions that could have potential second and third-order effects on their operations.

In this panel session, leading CISOs provide a blueprint to identify attackers and improve your odds of mitigating cyber-attacks, manage stakeholder coordination and address best practices to harden cyber defenses amidst the exceptional risk environment organizations find themselves in. 

From Christina Rupp’s initial talk, we have seen that Germany’s governmental cybersecurity architecture is a complex ecosystem. In this Panel Session, we will discuss challenges and requirements of European institutional cybersecurity architectures and how such architectures should be equipped to address current and future threats .

The cost of doing nothing is something that today we have to factor into many aspects of our lives.  Inaction hurts and we’ll briefly talk about the 6 degrees of separation for the connected areas that are impacted by Cybercrime.  There is more at risk than what can be solved by technology.

The last year has seen almost two-thirds of mid-sized organizations worldwide experiencing an attack. Managing ransomware attacks requires significant patience, preparedness and foresight – Stefan shares his experience managing the ransomware attack on Marabu Inks, his key learnings from the attack and how they have shaped the organization’s response capabilities.

Every business should be equipped to understand for itself what most threatens and endangers its business model. This is the starting point for preparation measures for disruptions and crises that, if not properly managed, can endanger and even kill organizations as a whole.

Assessing and understanding key assets and the threats towards them is true, applied, real-life risk management. Acting and reacting in the crisis needs to be based on a proper preparation. Service continuity and IT service continuity do not happen out of the blue but out of business-informed planning, and preparation.

Christopher Schuetze, Matthias Reinwarth and Kai Boschert will highlight the most important steps of an organization's journey to prepare for and even embrace disruptive events and circumstances as part of a holistic, sustainable business approach.

They will provide guidance and, even more importantly, challenge the audience with collaborative exercises for understanding and applying key methodologies to converge business resilience management and cybersecurity into a single, tailored, yet agile survical strategy. Five building blocks will be outlined that form the foundation of a unified strategy to achieve the common goals of resilience and recovery while limiting the impact of cyber attacks on business operations.

As the sprawl of devices, device types, and solutions continues to skyrocket, environments only grow more complex.

But there's good news: asset management has evolved.

Today’s “asset intelligence” moves from a spreadsheet approach to an API-driven, always up-to-date view into all assets via integrations of existing tools, data correlation at scale, and querying capabilities to find and respond to gaps.

Join this workshop to learn: how asset intelligence and the emerging Cyber Asset Attack Surface Management (CAASM) category improves security hygiene, reduces manual work, and remediates gaps.

In this workshop, we will show you how to implement a risk class-based approach within access management with little effort in order to achieve the highest level of control, compliance and transparency in your own organization. All the necessary rules and templates (e.g., for password management, connection guidelines for protocols used and authorizations) are based on best practices, the BSI risk class model and the requirements of ISO27001.

Even though MDM has had a long history during war and times of high tension,  the digital era has been increasing reach and potential impact of weaponized misinformation. Sophisticated tools such as machine learning mechanisms and software bots is opening a huge battlefield for creating and spreading manipulated information at scale even for those with limited technical skills. From nation state attacks through organized crime down to that one single customer who feels treated unwell – they all can use such tools. What does this trend mean for your organization and what ist he CISO´s role combating MDM attacks? In this extra-long panel session we will try to find answers on how MDM will affect our organizations and how we can increase antoi-MDM resilience.

In this talk, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will provide insights on Digital Supply Chain Risk. He will look at the areas of risks, from secure partner onboarding to software supply chain security and others. He will look at prominent examples and common weaknesses in these areas. He then will provide insight into actions that organizations should and must take, both organizational and technical.

This presentation will explore resilience measures to be taken immediately after a major incident.

This presentation will explore the role of privacy in building enterprise resilience.

Cybersecurity reporting is a critical mechanism to ensure effective commincation of significant security issues across different levels of your organization - from software architects to the Board. Yet, reporting today is far from being a formality and does not comprehensively highlight an organization's exposure to cyber threats. Join this session to understand the factors that drive the effectiveness of a risk-based cybersecurity report and get access to best practices on communicating actionable metrics within a specific context.

Get a model and recommendations to quantify cyber security risks including the costs of fines, contractual compensations, service credits, and loss of income. The use of heatmaps with qualitative criteria and arbitrary cocktails of threat and control efficiency data prevents the secure planning of IT services and corporate defense. Learn from a demo on Monte Carlo Simulations in a native MS Excel model. It can be used from comparing service providers to calculating the coverage of cyber insurance. This session will not only allow you to avoid money holes in consultancy but also justify cyber security investments.

The European Commission is working on various legal initiatives for the European Union related to the digitial world, and they are in various states of being adopted. This presentation gives an overview on these, and a looks into the content matter they cover. What are the most important imminent EU acts, how are they related, and what could be the impact?

More organizations are now moving to the cloud.  From a security perspective – refactoring the applications provides a major opportunity to improve security posture.  This session explores how the right approach towards can save time, increase inherent security, and ensure apps are compliant.

Building and running cyber security in both worlds modern cloud security in combination and legacy on premises introduces extra complexity.  Some of the well known security patterns and models are not applicable in cloud systems while the modern security models like zero trust barely  fit in legacy systems. Based on a model for security classification we will explore some does and don’ts in modern cyber security.

The concepts behind Zero Trust and SASE are not new, but recent developments in technological capabilities, changes in the way people are working, accelerated adoption of cloud and Edge computing, and the continued evolution of cyberthreats have resulted in both rising in prominence.  

Thanks to cybersecurity technologies such as Privilege Access Management and security concepts like Zero Trust, we now have the capacity to secure all digital access, from the cloud to IoT.

Digital access in software and hardware must be secure by design to minimize risk as much as possible. We have seen official agencies including the US and UK governments signing off expansive cybersecurity executive orders to boost national security, and cybersecurity chiefs pushing for the inculcation of security by design in software.

However, the technology itself is not enough to build a trusted digital world. To cultivate this world, we need to raise general cybersecurity awareness for all citizens. This is no easy feat, so the first logical step is to focus on building knowledge and awareness in business schools, mentoring the directors of the future because they will have to learn how to deal with cyber risk daily.

To bring a trusted digital world to life, we must also disrupt the political sphere in the UK and surrounding European countries. The European continent must become a leader in digital sovereignty – where data protection and privacy are respected by all – by cross-country collaboration and the establishment of a European Business Act. European countries are democracies that produce large amounts of data, so to achieve this act, we must create a separate European model that protects and respects our valuable data.

Key takeaways:

• Educate attendees on the concept of digital sovereignty

• Build interest in the better protection of our data

• Provide attendees with the appropriate tools and knowledge to start working towards making digital sovereignty a top priority for their organisation and beyond

• Inspire attendees to collaborate with other departments and countries to create a more trusted digital sphere

This session will examine the ruling of 16 July 2020, where the Court of Justice of the European Union (the Court) in its Case C-311/18 Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (called “Schrems II case”) invalidated the EU-US Privacy Shield adequacy decision.

• GDPR / Schrems II - Cloud challenges companies facing day by day 
• Where innovation bridges the gap required for cloud adoption/migration
• How these new tools compliment and elevate existing standards in encryption/sensitive data transit/storage
• Microsharding - The answer to all hybrid and multi cloud challenges? 

How and why Microsharding was developed as a concept and a short summary of ShardSecure by Co-founder & CEO, ShardSecure - Bob Lam

Over the past two years, Siemens has been on a mission to protect a global enterprise through the highest Zero Trust standards, and this journey is far from over.

In this session, program lead Thomas Müller-Lynch share his experiences on the road to Zero Trust readiness of all assets from IT and OT.

This is the story of our journey to Zero Trust, from the initial analysis to its technical and effective implementation. As many organizations our starting point was not the best one (lack of proper asset management, mixed permissions, etc) but when we started to work on a Zero Trust implementation we were able to overcome these and also solve some unforeseen problems and offer major security also through Human Factors and Risk Management. The aim of this talk is to inspire security leaders on what is a Zero Trust Architecture (which is not an off-the-shelf solution and desn't require massive initial investments) and how they can reuse their internal knowledge and tools to deliver it.

Zero trust has been around in one shape or form in security for many years, usually under different names like the "Principle of least privilege" or "Mandatory Access Control'. It exists for a good reason, and needs to be re-enforced. But for any cloud native vendor, Zero Trust should be table stakes at this point. Zero knowledge at the organizational level, and not just Zero knowledge encryption, is the next evolution of security best practices. Join us to learn more.

With many privileges to manage within an organization, authorization within an Enterprise can be a challenge. As capabilities in any organization are often in a state of constant change and growing complexity, implied trust can easily creep into authorization frameworks and policies leading to an overly-permissive environment. Learn how an organization can layer and support Role, Attribute, and Policy-Based Access Control methodologies to avoid these pitfalls and while also preventing entitlement duplication leading to a more secure Identity perimeter for your users. 

As organizations continue to grapple with security issues, a 'zero-trust' approach to cybersecurity has been touted as a potential solution to enhance enterprise security. However, taking on Zero Trust architectures can be an overwhelming experience for even the most seasoned cybersecurity professionals. This panel session features security leaders who go beyond network principles reliant on the “never trust, always verify” philosophy to focus on effective deployment of a Zero Trust strategy at your organization.

The next generation of cyber threats have arrived and there aren’t enough security people or budgets to handle the growing volume and complexity. This presentation will explore why organizations — and not just their security teams — need security automation. We will look at the reasons why security teams utilize SOAR (Security Orchestration, Automation, and Response) to keep pace with threats and technological innovations, without their organizations needing to add headcount. Learn how when the security team automates traditional Tier 1 work, the entire organization benefits - from upskilling staff to eliminating spend on managed services. This session draws from real-world European enterprises whose adoption of NextGen SOAR was the catalyst for fundamental security and organizational improvements.