Driving Cybersecurity conversations into a new decade

Our regular chairman, David Bicknell, welcomes all delegates, sponsors, and speakers to our conference and sets out the day’s agenda.

Paul McKay, Senior Analyst – Security and Risk at Forrester takes a look at Cybersecurity across the public sector from the outside in, comparing it with activity across the private sector and suggesting potential focuses and areas of concern for the years ahead.

A leading Cybersecurity figurehead from the UK Government will set out the current Cyber state of play and outline plans for activity as the public sector moves into the 2020’s.

Operational resilience and security against growing cyber-attacks really is a team sport. The great majority of successful cyber-attacks succeed because of our human error. Everyone has their role to play in protecting our information and systems. Annual information security awareness training does little to build the right culture and environment for behaviour change. It’s all about making sure we are providing our people with the appropriate digital skills that will instil and sustain the right behaviours – whatever their role or responsibility – on a continuing and engaging basis.

This presentation will outline what a people centric security culture might look like and outline some core principles to guide you on your journey.

Examples of Cybersecurity implementation, delivery and the lessons learned from projects across the public sector.

Legacy IT can leave gaps in your security defences. What are these gaps and how can you manage them? Can the cost be offset against the use of, for example, managed services? Is there an ROI for cybersecurity investment?

More examples of Cybersecurity implementation, delivery and the lessons learned from projects across the public sector.

Cybercriminals are always upping their game to outwit us. What tools are available to help us combat the sophisticated tactics used in modern cybersecurity attacks? A talk which will explore the landscape of the cybersecurity professional’s toolkit, from the more traditional to new AI-based measures.

Zero trust is a model that Is based on using identification and authentication of devices and people.; where IAM meets security. But what is it and how easy is it to put in place in an extended network? How does the principle of least privilege fit with a Zero Trust model of security?

Is the darknet where all of the stolen data ends up? The darknet is the cybercriminals equivalent of Harrods. Cybercrime starts and ends in the darknet. From darknet marketplaces selling malware-as-a-service to hacker forums that build up intelligence on the weaknesses within a business; are there ways that we can use the darknet to help government fight back.

A Proofpoint report found that 99% of cyber-attacks required human intervention. The human in the  machine is used by the cybercriminal to make cyber-attacks successful. This is based on the manipulation of human behaviour. In the fight back against this most fundamental of vectors, comes Security Awareness Training. Can government take the best of awareness training packages and create a government wide program that covers all government employees and that is cost-effective and works?

A case study on a recent Cybersecurity based project from a central government department.

The management of cybersecurity threats is a costly game. It requires specialist personnel and specialist tools. Is the use of a third-party service in the form of a Managed Security Service Provider (MSSP) the way forward for government? What are the impediments to the use of an MSSP? Can an MSSP bridge the skills gap in government?

A look at all of the various aspects of modern cybercrime and government. What parts of government are most at risk? As we build better and more omni-channel government services does the risk profile change? How can government use resources best to fit the ever-changing needs of the cybersecurity landscape?

Our chair, David Bicknell, summarises some of the highlights of the day and invites delegates into the drink’s reception and final networking session of the day.