Establishing A Cyber Secure Financial Services Industry
It’s a fool’s errand to go believing that the Financial Services industry is such fertile ground for cyber threats and incidents simply because of the money. As we know, a successful ransomware attack that nets a significant sum of money for a cyber criminal is nice, but the bigger gain is understanding how your system has been breached. The IP of where future value will be is more valuable than simply securing current currency.
The greater cyber security industry is expediting a tectonic shift to meet the threats associated with a brand new mostly remote workforce. Though the industry has spent the past couple of years ensuring the front lines are aware of myriad threat vectors, awareness campaigns remain on the rise. Our recent Cyber Security Hub survey outlined that the biggest current area of focus is in fact, security awareness. And it’s not just time spent- asked where budget is being allocated- security awareness is a top three spend.
Compliance with regulation is the reason for some of that focus and spend and the Financial Services industry knows all about regulation. There is an evolution of cyber security regulation to speak to issues beyond privacy. The sharing of attack information, once anathema to regulators- has had a re-think as state and corporate infrastructure can only compete with malicious behavior if collaborative principles are utilized on both sides.
It’s from this brand new landscape that Cyber Security Hub is proud to launch our Financial Services Cyber Security Summit:
- Gaining an understanding of FS collaboration tools and consortiums
- True IAM purpose built for FS
- The evolution from DDoS to Credential Stuffing
- Developing secure infrastructure, frameworks and standards
- Remaining best in class in GRC while outpacing cyber criminals
- Realizing how far we’ve come on security awareness- and how far we have to go
- Preparing for the future of FS cyber security due to the coming transaction velocity tsunami
- How to keep the FS enterprise secure with an onslaught of remote workers
- Exploring the scope of the CISO role as one part Technical, one part Legal and one part Business
What to expect from CS FS Digital:
- Access to cutting edge content and world class speakers from the comfort of your desk
- Video: Downloadable mp4 recordings of all presentations
- Downloadable slides you can review again and again
- Opportunity to meet cutting edge technology providers
Who is it for?
- Cyber Security executives who want to hear from and engage with their peers on similar pain points/challenges faced within the Financial Services industry
- Attendees of IQPC Cyber Security events that missed sessions or want to re-listen
- CS professionals based outside the Financial Services industry who want to learn from Financial Services case studies
Who should attend?
- Head and directors of Cyber Security
- Head and directors of Information Security
- Head and directors of IT
- Providers of cyber security solutions, services and software
Day One: September 15
Chairman´s Opening Remarks
Realtime BCM for GRC
Tom Kartanowicz, CISO Americas, Commerzbank AG
- Realizing that plans have changed completely and understanding the current reality that regulators are interested in the plan
- Divining your short and long term BCM plan
- Understanding the need to now hug the probability tail
- Preparing for the next low probability, high impact events
- Consistently engaging in adjustment for resiliency and knowing that BCM and resiliency are joined at the hip
- Ensuring that everyone from the C-Suite to the front lines are collaborating
Trust or Zero Trust: Privileged Access Management in the Age of a Remote Workforce
Joseph Carson, Chief Security Scientist (CSS) & Advisory CISO, Thycotic
Attacks frequently start with one "low-value" endpoint or end-user credentials, and now more than ever, attacks on financial services firms are becoming more frequent and dangerous.
Locking down access to privileged accounts with access to sensitive data via a password vault (like the local Administrator and root, service accounts, domain administrators, and even standard user accounts) provides a significant security layer around the accounts most targeted by attackers. As financial services firms adopt IoT solutions, transition to the cloud, and a remote workforce, their systems become increasingly vulnerable to cyber-attacks and must lockdown privileged account access. Protecting privileged access is also an important security control required by most compliance and regulations audits.
The Principle of Least privilege is intended to prevent "over-privileged access" by users, applications, or services to help reduce the risk of exploitation without impacting productivity or involving the IT help desk. The least privilege model can also help curtail costs and increase efficiency.
Join this webinar to understand how to maximize the benefits of least privilege and learn just how much "privileged access" is too much. Join Thycotic's Chief Security Scientist Joseph Carson and learn more about:
- The Principle of Least Privilege
- Realities of the Zero Trust Model
- Best practices to get back in control with a remote workforce
Securing The Cloud: How Financial Services Organizations Can Protect a Disappearing Perimeter
Louis Evans, Product Marketing Manager, Arctic Wolf
Financial services and insurance firms are increasingly adopting cloud services that offer operational benefits like faster deployment and seamless scalability, while being incredibly cost-efficient and user-friendly. Unfortunately, these improvements in productivity and efficiency come with serious security concerns that are often overlooked.
In this webinar, Louis Evans, Product Marketing Manager for Arctic Wolf Networks, will cover how firms can plan to protect new attack surfaces beyond the traditional network perimeter.
Attendees will learn:
- What your responsibilities are in a shared security model, and how to enforce security policies internally and externally.
- Which threat vectors cybercriminals are most likely to exploit, including insecure APIs, security misconfigurations, administrator account compromise, and insider threats.
- How to evaluate cloud partners, including questions to ask during evaluation and procurement to ensure your new SaaS vendor will keep your data secure.
- How to monitor your cloud platforms for trademark behaviors of cybercriminals to proactively mitigate your cloud risk.
Thwarting The Threat Matrix When Transaction Velocity Increases By 40%
Nannette Cutliff, Sr. Vice President/Chief Information Officer/CISO, Pacific Service Credit Union
- Realizing that the US Federal Reserve will in fact go to 24/7
- The real-time payment and settlement service supporting faster payments has been pushed to 2021, but it’s coming
- Steadily ramping up your threat intelligence and detection to ensure your defense is ready for the tsunami of offense on it’s way
- Threading the needle on compliance to ensure a full real-time cyber security toolbox
Day Two: September 16
Chairperson’s Opening Remarks
Actually Conceiving Of A True GRCS Strategy
- Not getting lost in the checkboxes of G, R and C by ensuring you are actually keeping your organization secure
- Realizing how your GRCS strategy plays into the greater enterprise business vision
- Ensuring your GRCS strategy is in line with your overall organization technology strategy
- Comprehending how the corporate legal approach can inform your GRCS strategy
- Building a GRCS strategy that ensures a defense in depth model and structure
FS Endpoint Security Beyond Zero Trust
- Knowing that a lack of knowledge of incident doesn’t mean there has not been an incident
- Realizing your technology stack now lives with your employee’s kids
- Ensuring consistent an continual improved user cyber security awareness
- Scaling up your communications efforts as you ascend the privilege ladder
eCrime from the Front Lines
Josh Burgess, Technical Lead Threat Intelligence Advisor, CrowdStrike (Former Senior Cyber Intelligence Analyst at VISA)
Please join this session as we review the significant events and trends in cyber threat activity observed over the past year. With input from CrowdStrike’s global observations, illustrated with real-world case studies that provide insight into today’s adversaries and their tactics, techniques and procedures (TTPs), we will offer actionable recommendations that can guide your cyber security strategy and help defend against sophisticated attacks in 2020 and beyond.
Topics covered will include:
- The latest lures and attacks revolving around COVID
- An assessment of the most capable criminal threat actors.
- Content on the evolution of ransomware.
- A review of how criminal groups are successfully breaching commercial and government organizations.
Searching For FS SIEM Insights: Lost In The Data Warehouse, Drowning In The Data Lake
- Unpacking your on-prem SIEM protected data to find that you are data rich and insight poor
- Securely recalculating the calculated does not net your financial services organization a competitive advantage
- Identifying how to securely leverage external transaction velocity and buying propensity for your organization
- Gaining an understanding that the data conversation is a risk conversation
Expediting The Transformation To Universal Control Of The Infinite Perimeter
Shaju Bhaskaran, CISO, Ahli Bank QSC
- Continuing the ongoing cloud evolution
- Achieving true identity access management
- Expanding endpoint security
- Begrudgingly attaining a zero trust mindset
- Training the culture to adapt to these changes