Registration and Networking
Chair's opening address

Colonel (Retd) John Doody FBCS FCMI CITP IISP MIOD

Security in 2023

  • The changing face of cyber crime: 2023 cyber threats and new methods to protect against them
  • The risks and costs of cybercrime to businesses
  • Cyber skills: The importance of education and hiring the right people
  • Outlooks on AI & IOT
Supply chain security: How to manage and mitigate the risks

Supply chain security has never been more important as the area becomes a key part of a large number of cyber-attacks. The risks inherent in the supply chain were highlighted by the SolarWinds breach, as well as the Log4Shell vulnerability, and the Okta hack – which impacted hundreds of customers after an attack via a third-party provider.

Meanwhile, the NCSC has warned the public sector, critical infrastructure and similar organisations to consider the potential risks associated with Russian-controlled parts of their supply chain.

This talk will cover the supply chain risk including:

What is a supply chain cyber-attack

  • Examples of supply chain hacks, and how they happened
  • How do supply chain attacks penetrate defences?
  • What are the consequences of supply chain attacks, and how can these be avoided?
  • How to identify the risks in your supply chain
  • Tips to protect against supply chain weakness eg procurement processes and identifying weaknesses, technical and strategic defences.
Tackling the insider threat

The insider threat has never gone away, but 70% of organisations lack an insider risk strategy, according to Imperva and Forrester. According to the study, insider threats caused 59% of incidents impacting sensitive data in the past 12 months.

This talk will detail:

  • The insider threat: How insider breaches can be malicious or accidental
  • Examples of breaches that took place as a result of an insider
  • Tactics and tools to tackle the insider threat: Training, monitoring and encryption
  • Creating an insider risk strategy
What to do if you are breached: Incident response strategies and techniques

Security breaches are no longer a matter of if, but when. Companies are constantly advised of breach prevention techniques, but what about what happens if you are actually hacked?

Taking into account regulatory obligations such as reporting to the ICO, this feature will cover:

  • How the breach itself isn’t the biggest risk, it’s how the company handles it
  • Incident response: What is it, why firms need it, and how to do it (and how to budget for it). How to get everyone in the company on board
  • Regulatory challenges: What does regulation require you to do when you are breached?
  • PR in the event of a breach: How PR plays a key part of incident response
Cybersecurity training in 2023: How to make it work for your business

Cyber security training is not a one-size fits all exercise. Although training modules can be useful, today’s threat landscape requires a more individualised approach. This talk will look at:

  • The evolution of cyber security training: What’s wrong with it, and what works
  • How hybrid and home working affects training
  • Increasing diversity in the workforce and the impact this has on training
  • Creating an approach that works for each individual employee
  • The importance of investment and the financial rewards
Assessing the threat from Russia

The Russia cyber security threat isn’t going away as the war continues in Ukraine. What do UK businesses need to take into account?

This session will look at:

  • The threat posed to UK businesses
  • Active Russian APT groups, and recent attacks attributed to them
  • What Russian attackers want: Types of attacks to be aware of
  • How to manage and act on threat intelligence
  • Essential tools to help mitigate attacks
  • Other threat actors to be aware of: How China is a growing threat to UK businesses
The evolution of phishing

Phishing attacks have been ramping up over the pandemic, to reach the dizzy heights of today. Beyond simply sending out huge numbers of links or attachments, attackers are becoming more sophisticated and targeted. This session will examine:

  • The evolution of phishing: What attacks used to look like, and how they are performed today.
  • How social engineering lays the groundwork for phishing attacks
  • Vishing: The growing threat and how it impacts your business
  • Phishing mitigation: Policies and strategies to ensure your business doesn’t become a victim
The cyber security threats faced by UK SMBs and how to mitigate them

UK SMBs are faced with multiple cyber security threats, which increasingly limited budgets make it difficult to address. This session will cover:

  • The cyber security threats facing SMBs eg ransomware, targeted attacks, supply chain attacks
  • Factors adding risk: eg outdated operating systems, irregular patching
  • Skills within the business: How to access cyber security skills with limited budget
  • How to create a cyber security strategy that works for your business: Points to take into account. Technology to support this
  • NCSC advice to take into account
Protecting customer data in a privacy-conscious world

Many companies rely on the data they collect to gain insights on customers to serve them better. But data privacy is now on the agenda, so what can be done to balance customer service with increasingly regulated data protection needs? This session will look at:

  • The types of companies collecting and analysing “big data” eg retail and how privacy awareness affects them
  • Data privacy as a unique selling point: Apple has done it, so how can your business do the same?
  • Data privacy culture: How consumer culture has changed the way customers think about privacy.
  • Increasing regulation: the EU GDPR and UK DPA
Coffee and Networking
Choose from one of three Seminar Sessions

Click HERE to view stream options

Seminar Change Over
Choose from one of two Seminar Sessions
Lunch and networking
Choose from one of two Seminar Sessions
Chairs Opening Address

Colonel (Retd) John Doody FBCS FCMI CITP IISP MIOD

Ransomware trends and mitigation techniques

Ransomware continues to be a major concern for all governments and businesses. The data-locking malware is continuing to proliferate, and it’s becoming more sophisticated. This talk will cover.

  • Recent ransomware attacks on business and government, and what can be learned from them
  • How ransomware infiltrates businesses
  • Which APTs use ransomware and how to avoid their attacks
  • Ransomware-as-a-service: A big business
  • Ransomcloud: How attackers are increasingly targeting cloud based applications and cloud providers, and the implications
  • Business strategy and future ransomware trends
The rise of social engineering

Hotel chain Marriott has been hit by another data breach through social engineering, which led to the exfiltration of 20GB of data from the firm. Social engineers are becoming more sophisticated and targeted in their approach, so how can firms prevent themselves from becoming a victim? Delivered by a seasoned “white hat” social engineer, this talk will look at:

  • How social engineering is changing: What to look out for
  • What kind of tricks do hackers use to get information?
  • Who in the business is most at risk?
  • What technical and policy based controls will help prevent these attacks?
  • How staff training can help
DDoS explained

DDoS attacks are often seen as rudimentary, but they can cause a lot of damage. DDoS attacks are also getting bigger, reaching 500mbps according to latest figures.

This talk will cover:

  • The Size of DDoS: Some stats demonstrating how big attacks have grown and why that matters
  • Why you shouldn’t ignore DDoS: the threat to your business
  • Who is at risk from DDoS and what’s at stake
  • How to protect from and mitigate DDoS attacks
Spyware: What is spyware and who is at risk?

In July, it was revealed that Apple’s next operating system iOS 16 will include Lockdown Mode to protect iPhones from spyware. It follows a series of so called zero-click attacks that have hit targeted individuals over the last year – including the infamous Pegasus attack.

This talk will cover:

  • What is spyware: Its role in the murder of Jamal Khashoggi
  • Types of Spyware and signs it could be on a device
  • Which businesses are at risk, and how to include this in your security strategy
  • What can be done to protect against it: Is Apple’s Lockdown Mode an effective mitigation for at risk business users?
Security 101: Doing business in the Metaverse

The Metaverse is on its way, led by companies including Facebook. There are multiple predictions for the new technology, including benefits for businesses, but there are also cyber security and privacy risks. This session will cover:

  • What is the Metaverse and how will it impact businesses eg meetings in the Metaverse
  • What are the security risks for businesses?
  • The privacy risks: What you need to know about employees’ privacy in the Metaverse
  • What businesses should be doing now and when it arrives
Coffee and Networking
AI in cyber security: A 2023 outlook

AI is already being used in cyber security, as part of systems able to catch and mitigate attacks. But what does the future hold for this technology? This session will examine:

  • What is AI in cyber security and how has it developed?
  • AI in cyber warfare: Future predictions
  • AI used by adversaries: As defenders use AI to protect, criminals are using the technology to attack businesses. What can businesses do to respond?
Live ‘Fireside Chat’ Q & A with Louis Theroux
Chairs Closing Remarks