Establishing A Cyber Secure Financial Services Industry

It’s a fool’s errand to go believing that the Financial Services industry is such fertile ground for cyber threats and incidents simply because of the money. As we know, a successful ransomware attack that nets a significant sum of money for a cyber criminal is nice, but the bigger gain is understanding how your system has been breached. The IP of where future value will be is more valuable than simply securing current currency.

The greater cyber security industry is expediting a tectonic shift to meet the threats associated with a brand new mostly remote workforce. Though the industry has spent the past couple of years ensuring the front lines are aware of myriad threat vectors, awareness campaigns remain on the rise. Our
recent Cyber Security Hub survey outlined that the biggest current area of focus is in fact, security awareness.  And it’s not just time spent- asked where budget is being allocated- security awareness is a top three spend.

Compliance with regulation is the reason for some of that focus and spend and the Financial Services industry knows all about regulation. There is an evolution of cyber security regulation to speak to issues beyond privacy. The sharing of attack information, once anathema to regulators- has had a re-think as state and corporate infrastructure can only compete with malicious behavior if collaborative principles are utilized on both sides.

It’s from this brand new landscape that Cyber Security Hub is proud to launch the Cyber Security Digital Summit for Financial Services! 

Key Themes Include

Gaining an understanding of FS collaboration tools and consortiums

Realizing how far we’ve come on security awareness- and how far we have to go

How to keep the FS enterprise secure with an onslaught of remote workers

The evolution from DDoS to Credential Stuffing

Developing secure infrastructure, frameworks and standards

Preparing for the future of FS cyber security due to the coming transaction velocity tsunami

Remaining best in class in GRC while outpacing cyber criminals

Exploring the scope of the CISO role as one part Technical, one part Legal and one part Business

  • Cyber Security executives who want to hear from and engage with their peers on similar pain points/challenges faced within the Financial Services industry
  • Cyber Security executives based outside the Financial Services industry who want to learn from Financial Services case studies



Head and Directors of Cyber Security

Head and Directors of Information Security

Head and Directors of IT

Providers of cyber security solutions, services and software

What To Expect

  • Access to cutting edge content and world class speakers from the comfort of your desk
  • Video: Downloadable mp4 recordings of all presentations
  • Downloadable slides you can review again and again
  • Opportunity to meet cutting edge technology providers

Secure Your Complimentary Place Today!

Day One: September 15
Chairman´s Opening Remarks

10:00 AET
Security, Compliance and Productivity – Finding The Right Balance
Ganesh Umapathy, Product Marketing Manager, Duo Security

Protecting hybrid IT environments can be challenging. Additionally, organizations are now required to accommodate a fully remote workforce - adding a layer of complexity to information security programs. Choosing the right solution will help achieve a balance across security, compliance and productivity.
Attend this webinar to learn how you can:
  • Achieve security project goals such as getting started with a zero trust strategy or implementing a strong secure access solution for the remote workers
  • Reduce cyber risk by adopting compliance frameworks such as NIST, PCI-DSS, ACSC Essential 8, ARPA – CPS234
Improve productivity by empowering users with self-service and delivering the best user experience

11:00am SGT
Frictionless Zero Trust for Users - Why it Starts with Identity
Leigh Doddy, Zero Trust Advocate, Okta
Zero Trust has become a huge buzzword in the security world, especially with the reality of a semi-remote workforce becoming more permanent. But where do you start? In this session, we’ll be discussing why the key to a successful Zero Trust infrastructure is Identity at the core, while also looking at:
  • How to maintain a seamless experience for customers and employees from anywhere
  • Maintain security from any device, on any network
  • How to use what you currently have in your stack to your advantage when building a zero trust ecosystem
8:30am GMT
The Future Of IT Security Is SASE
Jonathan Andresen, Senior Director, Products & Solutions Marketing, Bitglass

Secure Access Service Edge (SASE) has become one of the hottest topics in the IT industry. By 2024, Gartner predicts that 40% of companies will adopt a SASE architecture. The well-defined, static, and finite network edge of the past is being replaced by business users who are working remotely and accessing business information systems beyond the corporate data centre.

But what exactly is SASE and will it make enterprise data more secure? How will organizations secure their data in a cloud-first world when the user and information are outside the traditional enterprise boundary?

This presentation cuts through the hype to explain the fundamentals of SASE and how it compares to typical network and cloud security architectures. It will also cover real-world use cases for securing SASE, and the benefits of moving to a cloud-first SASE platform.

9:00am ET
Realtime Business Continuity Management for GRC
Tom Kartanowicz, CISO Americas, Commerzbank AG

  • Realizing that plans have changed completely and understanding the current reality that regulators are interested in the plan
  • Divining your short and long term BCM plan
  • Understanding the need to now hug the probability tail
    • Preparing for the next low probability, high impact events
  • Consistently engaging in adjustment for resiliency and knowing that BCM and resiliency are joined at the hip
  • Ensuring that everyone from the C-Suite to the front lines are collaborating

10:00am ET
Trust or Zero Trust: Privileged Access Management in the Age of a Remote Workforce
Joseph Carson, Chief Security Scientist (CSS) & Advisory CISO, Thycotic

Attacks frequently start with one "low-value" endpoint or end-user credentials, and now more than ever, attacks on financial services firms are becoming more frequent and dangerous.

Locking down access to privileged accounts with access to sensitive data via a password vault (like the local Administrator and root, service accounts, domain administrators, and even standard user accounts) provides a significant security layer around the accounts most targeted by attackers. As financial services firms adopt IoT solutions, transition to the cloud, and a remote workforce, their systems become increasingly vulnerable to cyber-attacks and must lockdown privileged account access. Protecting privileged access is also an important security control required by most compliance and regulations audits.

The Principle of Least privilege is intended to prevent "over-privileged access" by users, applications, or services to help reduce the risk of exploitation without impacting productivity or involving the IT help desk. The least privilege model can also help curtail costs and increase efficiency.

Join this webinar to understand how to maximize the benefits of least privilege and learn just how much "privileged access" is too much. Join Thycotic's Chief Security Scientist Joseph Carson and learn more about:
  • The Principle of Least Privilege
  • Realities of the Zero Trust Model
  • Best practices to get back in control with a remote workforce

11:00am ET
Securing The Cloud: How Financial Services Organizations Can Protect a Disappearing Perimeter
Louis Evans, Product Marketing Manager, Arctic Wolf

Financial services and insurance firms are increasingly adopting cloud services that offer operational benefits like faster deployment and seamless scalability, while being incredibly cost-efficient and user-friendly. Unfortunately, these improvements in productivity and efficiency come with serious security concerns that are often overlooked.
In this webinar, Louis Evans, Product Marketing Manager for Arctic Wolf Networks, will cover how firms can plan to protect new attack surfaces beyond the traditional network perimeter.
Attendees will learn:
  • What your responsibilities are in a shared security model, and how to enforce security policies internally and externally.
  • Which threat vectors cybercriminals are most likely to exploit, including insecure APIs, security misconfigurations, administrator account compromise, and insider threats.
  • How to evaluate cloud partners, including questions to ask during evaluation and procurement to ensure your new SaaS vendor will keep your data secure.
  • How to monitor your cloud platforms for trademark behaviors of cybercriminals to proactively mitigate your cloud risk.

12:00pm ET
Thwarting The Threat Matrix When Transaction Velocity Increases By 40%
Nannette Cutliff, Sr. Vice President/Chief Information Officer/CISO, Pacific Service Credit Union

  • Realizing that the US Federal Reserve will in fact go to 24/7
  • The real-time payment and settlement service supporting faster payments has been pushed to 2021, but it’s coming
  • Steadily ramping up your threat intelligence and detection to ensure your defense is ready for the tsunami of offense on it’s way
  • Threading the needle on compliance to ensure a full real-time cyber security toolbox

Day Two: September 16
Chairperson’s Opening Remarks

9:00am ET
The Intersection of Crises and Regulation
Cynthia Burke, Program Manager, Capsule8

Sweeping regulation tends to occur in the wake of crises - as the world navigates tremendous financial, political and social upheaval how might this impact ‘business as usual’ when it comes to security and compliance? Schrems II and the invalidation of the EU-US Data Privacy Shield in July of 2020, accelerated migrations to the cloud with a heavily distributed workforce now working on heavily distributed systems, record-setting compliance related fines from a broad cross section of industries - these are all indicators in terms of where we may need to focus attention specifically in regards to security and compliance in the years to come.

In this session we will look at useful areas of focus for those working in security and compliance even amid so many unknown unknowns. We will discuss the increasing importance of data privacy programs, and how those programs intersect directly with your security and operation teams. As we wait on clarifying guidance in the wake of Schrems II, this session will outline some useful approaches and preparations you can begin now - there will undoubtedly be an uptick in security questionnaires, additional scrutiny leveled against your existing audit practices, reports and certifications - repeatable evidence-based outcomes to prove you are both secure and compliant will be paramount. This session will offer high level suggestions on navigating an increasingly complex Global landscape of compliance and security.

10:00am ET
Achieving Awareness Audacity
Stephanie Derdouri, Director, Information Security & Digital Risk - Risk Governance & Assurance, Fannie Mae
  • Evolving your mindset on information security and assurance
  • Diving in on the value of vulnerability management
  • Leading edge risk management realities
  • Governance beyond talking points
  • Realizing the path to security culture consciousness is straightforward and deliberate

11:00am ET
eCrime from the Front Lines
Josh Burgess, Technical Lead Threat Intelligence Advisor, CrowdStrike (Former Senior Cyber Intelligence Analyst at VISA)

Please join this session as we review the significant events and trends in cyber threat activity observed over the past year. With input from CrowdStrike’s global observations, illustrated with real-world case studies that provide insight into today’s adversaries and their tactics, techniques and procedures (TTPs), we will offer actionable recommendations that can guide your cyber security strategy and help defend against sophisticated attacks in 2020 and beyond.

Topics covered will include:
  • The latest lures and attacks revolving around COVID
  • An assessment of the most capable criminal threat actors.
  • Content on the evolution of ransomware.
  • A review of how criminal groups are successfully breaching commercial and government organizations.

12:00pm ET
Banking on Cyber AI: Neutralizing Threats Before Cyber-Attackers Strike Gold 
Justin Fier, Director of Intelligence & Analysis, Darktrace

Today, digital financial data drives global businesses and economies. With greater rewards, cyber-attackers continue to target finance industry institutions with full force - and increasingly advanced attack capabilities.
Join Justin Fier, Darktrace’s Director of Intelligence & Analysis, as he discusses the challenges that financial institutions face including insider threat, IP theft, data breaches, and compliance and regulation. There will also be special focus on the importance of AI-powered cyber defense in fighting back against the next generation of stealthier, more powerful cyber-attacks.
  • How advanced cyber defense technology protects the entire digital estate in high-risk environments
  • How Cyber AI thwarted a spoofed Chase Fraud alert aimed at gathering information for fraudulent transactions
  • How attackers are set to supercharge social engineering techniques with offensive AI

1:00pm ET
Expediting The Transformation To Universal Control Of The Infinite Perimeter
Shaju Bhaskaran, CISO, Ahli Bank QSC

  • Continuing the ongoing cloud evolution
  • Achieving true identity access management
  • Expanding endpoint security
  • Begrudgingly attaining a zero trust mindset
  • Training the culture to adapt to these changes