Driving Cybersecurity conversations into a new decade

Day 1
15 Sep 2017

Chair’s welcoming remarks

Our regular chairman, David Bicknell, welcomes all delegates, sponsors, and speakers to our conference and sets out the day’s agenda.

David Bicknell
David Bicknell
Principal Analyst, Technology Thematic Research
GlobalData


Government Keynote – Public Sector Cybersecurity

A leading figurehead from government cybersecurity will set out the current Cyber state of play across government, highlighting key areas of focus and the impact of the pandemic.

People Matter: Why people must be part of the solution

Our people are central to the success of any organisation.

We have known for years that hackers target people before technology. For just as long, we have been repeating the mantra that a vigilant, cyber risk-aware workforce is our main defence against cyber-criminals. Yet despite all our efforts, we have still not cracked the problem.

Too many organisations still either ignore the ‘human factor’ in organisational resilience or apply out-dated or compliance, ’tickbox’ approaches to training their employees.

We need a fresh look.

This short panel discussion will discuss behavioural science and innovation that can transform the way organisations influence and sustain stronger security behaviours across their workforce.

Nick Wilding
Nick Wilding
Chief Innovation Officer
Cyber Risk Aware


Professor Phillip Morgan
Professor Phillip Morgan
Director of the Human Factors Excellence Research Group
Cardiff University


Elizabeth Murray
Elizabeth Murray
Security Culture and Awareness Lead
FNZ Group


Security in Action – Okta

This session is set aside for insight and discussion with some of the leading suppliers in cybersecurity product and services.

11:15 - 11:25

MORNING COMFORT BREAK

Ransomware: building an integrated response

It’s recently been reported that the UK has encountered nearly 15 million ransomware attacks during 2021 alone. High profile ransomware attacks have highlighted how vulnerable our critical national infrastructure is and the impact that these types of attacks can have on society, business, government services and people at large.

Ransomware is as much about manipulating vulnerabilities in human psychology than it is about our adversary’s technological sophistication. It’s a fight we need to tackle together.

More can be done in reducing the likelihood of become infected by ransomware in the first instance, in reducing the spread of the ransomware malware through any organisation and in reducing the longer-term impacts of a successful attack. But we need greater collaboration and an integrated incidence response to succeed.

It’s a challenge that crosses political, geographical and technology borders. Dealing with its increasing volume and impact needs government and the private sector to collaborate in a public/private partnership to better understand and tackle the attackers.

This panel will assess the current situation and outline ideas for what an integrated response could look like and the role that government, the private sector and people should be playing to reduce both the threat and the impact of damaging ransomware attacks.

 

Why cyber risk management is so hard

 We live in a time of unprecedented political, cultural, social and climatic dangers. Hostile states and criminals are using cyber-tools to make each of these current issues even more intractable. Around a 100 countries are now actively involved in “cyber operations” that include espionage, political influence, sabotage and extortion. The international community has made some progress at the UN, but it has been painfully slow. Matters are made worse because the border between state cyber operations and criminal activity is increasingly blurred. Unfortunately this means that the ‘bad guys’ will very often succeed. 

We all need to work hard to maximise our chances of keeping them out. We also need to ensure that we have adequate resilience, so that we can continue to function even if they penetrate our defences. 

Richard Knowlton
Richard Knowlton
Director of Security Studies
Oxford Cyber Academy


Understanding the executive cyber challenge: setting the right tone from the top

Driving transformation across government demands strong executive support. The same support is required in managing the threats that government departments and agencies face from cyber-criminals. Setting the right tone from the top – i.e., displaying effective and appropriate attitudes, beliefs and practices – is essential in establishing cultures where everyone understands the role they need to play in staying safe.

If government executives demonstrate a real commitment to protecting high-value, sensitive information and in upholding citizen trust then middle and lower ranking employees will naturally be inclined to display the same virtues.

Executives have a vital role to play in protecting their organisation. This involves communicating positive messages about how everyone can remain vigilant in the face of growing and varied attack techniques that target employees, understanding where the greatest cyber vulnerabilities lie, overseeing effective security technology investment, leading and being actively involved in incident response exercises, collaborating with all employees and the security team to manage people-centred security policies and designing and managing an integrated cyber resilience plan that balances technology, processes and people factors.

This session will illustrate what the government executive roles and responsibilities are and give practical examples of what can be done to ensure cyber security becomes an instrumental part of executive leadership and risk management.

12:45 - 13:05

LUNCHTIME BREAK

UK Cyber Security Council update

Jessica Figueras gives an update on projects and activities of the UK Cyber Security Council since it was launched earlier in 2021.

Jessica Figueras
Jessica Figueras
Vice-chair
UK Cyber Security Council


NCSC – Cybersecurity presentation

A presentation from one of the team at the National Cyber Security Centre on activity in 2021

A GENETIC APPROACH TO SUPPLY CHAIN SECURITY – UNDERSTANDING CODE REUSE

Constantly evolving attacks mean organisations should ensure that they also evolve defences. A large part of this evolution is predicated on understanding risk; how it presents and where it presents threats to your organisation. Historically there has been comfort in maintaining air gapped systems, on-premise walled gardens and staying away from the cloud. Practicality and economics make this more and more difficult to maintain and in any case, your supply chain will already be more cloudy than you think! Cloud based or not, what if the real threat to your organisation resided in software that you deemed as legitimate?   In this talk we will explore the concept of code reuse and how a genetic understanding of the software you want, as well as the malware that you don’t, can help turn your weakest links into your strongest asset in the fight against cyber threat.
Lee Beard
Lee Beard
Public Sector, Sales Manager
Intezer


How to ensure diversity in cybersecurity across the public sector

It is 2021 and cybersecurity has never been more of an issue for organisations, including government bodies. Social engineering and phishing continue to be  the weapons of choice by criminals intent on data theft, ransomware infection and general harm. Cybercriminals are naturally diverse in their scams, they do not differentiate by ethnic background, sex, gender, or sexuality. Conversely, the industry and the people devoted to mitigating the activities of fraudsters do not represent the make-up of society. A National Cyber Security Center paper “Decrypting Diversity” still show numbers of females in the sector are too low and members of the LGB community are under-represented. This panel will look at the blocks to minorities and women entering cybersecurity and how these blocks can be removed.
14:40 - 14:50

Afternoon comfort break

What cyber lessons can government learn from listening to the private sector?

This session explores insight from the supplier community on lessons that have learned in their cybersecurity battles away from the public sector.

Chris Green
Chris Green
Head of PR and Communications EMEA
(ISC)2


How can the government step up to the challenges it faces from the modern cybercriminal?

A look at all of the various aspects of modern cybercrime and government. What parts of government are most at risk? As we build better and more omni-channel government services does the risk profile change? How can government use resources best to fit the ever-changing needs of the cybersecurity landscape?

Jill Trebilcock
Jill Trebilcock
Director
Chartered Institute of Information Security


Chair’s Summary

Our chair, David Bicknell, summarises some of the of the sessions that you have heard throughout the event.

David Bicknell
David Bicknell
Principal Analyst, Technology Thematic Research
GlobalData