Conference Chairperson
Sridhar Sidhu, Senior Vice President and Head of Information Security Services Group, Wells Fargo
Conference Co-Chair
Jacxine Fernandez, VP – Information Security & ICT Governance, Bangalore International Airport Ltd.
Advisory Members
Elavarasu A K, Senior Vice President & CISO, Mphasis
Kumar KV, Group Chief Information Officer, Narayana Health
Manoj Kuruvanthody, CISO & DPO, Tredence Inc.
Ratan Jyoti, Chief Information Security Officer (CISO), Ujjivan Small Finance Bank Ltd.
Visagan Subburayalu, Sr. Director-Technology, Cybersecurity, Target
The big challenge impacting enterprise security today is the dark web - a seemingly ungovernable subset of the internet where you can browse and communicate with complete anonymity. Through the use of the dark web and cryptocurrencies, criminals have been able to successfully run the “crime-as-a-service" model. However, businesses and the security agencies have been able to make very little, if any, impact.
How can you make your enterprises cybercrime-resilient, and how should law enforcement respond to this menace? How do security practitioners leverage threat intelligence capabilities to navigate through the dark web?
The session will cover:
Challenges posed by the dark web and cryptocurrencies for enterprise security
How is law enforcement responding to the investigation process and building technical capabilities?
New techniques and approaches used to combat security threats from the dark web
Actionable threat intelligence capabilities in understanding the enemy
The macroeconomic uncertainty has put pressure on security practitioners with the daunting task of protecting critical infrastructures from ransomware attacks and managing the cybersecurity programs to support business growth, besides building innovations and counter strategies to fight evolving threats.
The keynote will cover:
Challenges and opportunities for enterprise security during the economic uncertainty
New lessons for the CISOs based on past and new strategies to respond to the challenges
New technologies to bolster cyber defenses
Statistics say over 90% of organizations have migrated to cloud, and this voluminous momentum has led to new risks with the challenge of limited visibility. This has made it more difficult for security and network operations to detect and respond to security threats. The public cloud providers also offer limited security controls, making it easier for threat actors to find and exploit vulnerabilities.
Application insecurity continues to pose risks to organizations around the world, especially those that use weak credentials or do not patch vulnerabilities immediately.
What should be the right move to secure applications and critical assets on cloud that has less visibility? Are CISOs and cloud service providers on the same track in deploying the right tools?
The session will cover:
Building a comprehensive security strategy that includes security controls, monitoring and incident response capabilities
How to fix cloud misconfigurations, which is the primary cause of a data breach?
Building visibility into the hybrid and multicloud environment
As automation and cloud adoption become priorities, security teams are modernizing their security operations center. Legacy and outdated technologies like SIEM are being replaced with security orchestration, automation and response or SOAR.
The two technologies share some common components but serve different purposes. What are the key things to consider before adopting SOAR?
As automation and cloud adoption become priorities, security teams are modernizing their security operations center. Legacy and outdated technologies like SIEM are being replaced with security orchestration, automation and response or SOAR.
The two technologies share some common components but serve different purposes. What are the key things to consider before adopting SOAR?
The cyber insurance industry has been challenged by the rising costs of cybercrime. The element of the unpredictability of the cybercrime world does not work well for the industry. New coverage and rising renewal rates are significant concerns. Premiums are rising by 10- to 20-fold. Recent research reports show that 70% of cybersecurity professionals believe insurance payments to companies that have paid a ransom exacerbate the problem and cause more attacks. Moreover, cyber insurance companies are targets themselves. The question on everyone's mind is, “to what extent is cyber insurance fueling ransomware attacks”?
A debate between a data privacy officer, a CIO and a CISO on how to juxtapose privacy and security to achieve total compliance.
The session will cover:
Establishing compliance with complex regulations along with privacy and security
Privacy by design in security controls
Privacy journey from legacy to controls
The Reserve Bank of India has been holding discussions to understand the scope of cryptocurrency in the Indian economy and to formulate regulations and a proper system to govern this. It is also warning cryptocurrency users and traders about the risks associated with the system.
However, experts say bitcoin usage by Indian companies is gaining momentum, and cryptocurrency now has more than five million users in the country.
Reports say over 3,000 investments in India were being done with bitcoin daily.
The panel will discuss:
Assessing the risks associated with the use of bitcoin
Are security leaders prepared for the bitcoin regime?
Establishing secure transactions using bitcoin
The primary challenge with zero trust is keeping it simple, operationally efficient and easy to understand, with predictably positive outcomes. This is achieved across various systems, not with different solutions, policies, and technologies, but with an effective strategy to ensure minimal friction.
Operationalizing zero trust is critical for adding a layer of agility to modern networks that otherwise seems impossible in traditional network designs.
Zero trust is said to deliver a security strategy that helps secure access in a way that frustrates attackers, not users.
The session will cover:
How zero trust will transform your network security and function as a business enabler by focusing on the top business objectives
How to achieve tactical and operational goals with zero trust
How to measure the success metrics of zero trust implementation
The increasing attacks on ICS networks are a threat the industry can no longer ignore. Organizations in the industrial sector, particularly manufacturing, need to re-evaluate and strategize on how they protect ICS, especially industrial controllers.
The panel will discuss:
Typical attack forms on the ICS (OT-IT convergence, increased/accelerated digitalization, digital twin)
Traditional approaches to securing ICS networks (like air gapping) - and why they are inadequate for protection in a converged world of OT and IT
New approaches and best practices to securing ICS networks
As organizations embrace (and accelerate) digitalization to offer new and innovative services, the vulnerabilities associated with data and technology will increase. According to research, cybercrime damage is expected to reach $8 trillion in 2023. Almost every organization will be impacted by a cyberattack this year, and it is crucial for businesses to rethink their risk management and incident response strategies.
In the face of an increasing threat landscape, with the growing volume and sophistication of attacks, companies need more than a security solution or governance policy to be prepared for these attacks.
They need a proactive and integrated approach with threat monitoring, threat intelligence, and end-to-end managed services.
That's where cyber resilience comes in. It is not an afterthought, but needs to be built by design.
The panel will discuss:
The importance of cyber resilience in today's context, and how do you achieve it in your organization
Cyber resilience versus cybersecurity
How to create a bullet-proof incident response plan
The need for cyber resilience solutions and frameworks
The cyber insurance industry has been challenged by the rising costs of cybercrime. The element of the unpredictability of the cybercrime world does not work well for the industry. New coverage and rising renewal rates are significant concerns. Premiums are rising by 10- to 20-fold. Recent research reports show that 70% of cybersecurity professionals believe insurance payments to companies that have paid a ransom exacerbate the problem and cause more attacks. Moreover, cyber insurance companies are targets themselves. The question on everyone's mind is, “to what extent is cyber insurance fueling ransomware attacks”?
The session will also cover:
Will ransomware ultimately lead to the fall of cyber insurance companies?
How the cyber insurance industry must approach the problem of ransomware
The growing influence of insurers on the security programs for enterprise
Cybersecurity has evolved from securing siloed endpoint devices with EDR solutions to securing users, devices and workloads in a perimeter-less world. With employees working from multiple locations and workloads on multicloud, visibility has become a core challenge for CISOs. From EDR, we moved to managed detection and response to manage tens of thousands of endpoints, which helped in the face of cybersecurity skill shortages.
The increased rate and sophistication of threats call for a more proactive approach with continuous monitoring, threat prioritization, and threat hunting. There is a need for threat response, immediate remediation and preventing breaches from spreading laterally. And this is what an XDR platform can offer.
The session will cover:
How to make a transition from EDR to XDR - the challenges
Aligning XDR with the existing detection tools - use case
Leveraging XDR to its fullest capabilities
More than 90% of consumers around the world rely on online payments, according to a research study. This, however, brings with it an increase in transaction fraud. Fraudsters are relying on synthetic IDs to carry out various card-related frauds.
Social engineering is also increasingly becoming a deceptive tactic to trick people into divulging information. With so much going on, how can the payment industry tackle the new-age methods to reduce fraud?
The session will cover:
• The new forms of fraud tactics
• The shortcomings of the current defensive approach
• What needs to change in 2023
We are living in a VUCA world – a world that is volatile, uncertain, complex and ambiguous. As per India’s policymakers, VUCA is nothing but the AAJA world - Asthirata, which means volatility or a high rate of change; Anishchita, which means uncertainty and lack of clarity about the present and the future; Jatilata, which means complexity concerning multiple factors that impact critical decisions; and Aspashtata, which means ambiguity about the unprecedented and challenging times in the industry.
We are into 2023, and are witnessing growing chaos in the cybersecurity domain with multiple forms of attacks targeting enterprises.
What kind of conversations do the security teams need to have, what should be their strategies and what is their focus area?
The panel will discuss:
Cybersecurity lessons learned from economic uncertainty
New forms of security defenses enterprises have adopted in 2023
What’s top of mind for CISOs in tackling this situation
Conference Chairperson
Sridhar Sidhu, Senior Vice President and Head of Information Security Services Group, Wells Fargo
Conference Co-Chair
Jacxine Fernandez, VP – Information Security & ICT Governance, Bangalore International Airport Ltd.
Advisory Members
Elavarasu A K, Senior Vice President & CISO, Mphasis
Kumar KV, Group Chief Information Officer, Narayana Health
Manoj Kuruvanthody, CISO & DPO, Tredence Inc.
Ratan Jyoti, Chief Information Security Officer (CISO), Ujjivan Small Finance Bank Ltd.
Visagan Subburayalu, Sr. Director-Technology, Cybersecurity, Target
The big challenge impacting enterprise security today is the dark web - a seemingly ungovernable subset of the internet where you can browse and communicate with complete anonymity. Through the use of the dark web and cryptocurrencies, criminals have been able to successfully run the “crime-as-a-service" model. However, businesses and the security agencies have been able to make very little, if any, impact.
How can you make your enterprises cybercrime-resilient, and how should law enforcement respond to this menace? How do security practitioners leverage threat intelligence capabilities to navigate through the dark web?
The session will cover:
Challenges posed by the dark web and cryptocurrencies for enterprise security
How is law enforcement responding to the investigation process and building technical capabilities?
New techniques and approaches used to combat security threats from the dark web
Actionable threat intelligence capabilities in understanding the enemy
The macroeconomic uncertainty has put pressure on security practitioners with the daunting task of protecting critical infrastructures from ransomware attacks and managing the cybersecurity programs to support business growth, besides building innovations and counter strategies to fight evolving threats.
The keynote will cover:
Challenges and opportunities for enterprise security during the economic uncertainty
New lessons for the CISOs based on past and new strategies to respond to the challenges
New technologies to bolster cyber defenses
Statistics say over 90% of organizations have migrated to cloud, and this voluminous momentum has led to new risks with the challenge of limited visibility. This has made it more difficult for security and network operations to detect and respond to security threats. The public cloud providers also offer limited security controls, making it easier for threat actors to find and exploit vulnerabilities.
Application insecurity continues to pose risks to organizations around the world, especially those that use weak credentials or do not patch vulnerabilities immediately.
What should be the right move to secure applications and critical assets on cloud that has less visibility? Are CISOs and cloud service providers on the same track in deploying the right tools?
The session will cover:
Building a comprehensive security strategy that includes security controls, monitoring and incident response capabilities
How to fix cloud misconfigurations, which is the primary cause of a data breach?
Building visibility into the hybrid and multicloud environment
As automation and cloud adoption become priorities, security teams are modernizing their security operations center. Legacy and outdated technologies like SIEM are being replaced with security orchestration, automation and response or SOAR.
The two technologies share some common components but serve different purposes. What are the key things to consider before adopting SOAR?
As automation and cloud adoption become priorities, security teams are modernizing their security operations center. Legacy and outdated technologies like SIEM are being replaced with security orchestration, automation and response or SOAR.
The two technologies share some common components but serve different purposes. What are the key things to consider before adopting SOAR?
The cyber insurance industry has been challenged by the rising costs of cybercrime. The element of the unpredictability of the cybercrime world does not work well for the industry. New coverage and rising renewal rates are significant concerns. Premiums are rising by 10- to 20-fold. Recent research reports show that 70% of cybersecurity professionals believe insurance payments to companies that have paid a ransom exacerbate the problem and cause more attacks. Moreover, cyber insurance companies are targets themselves. The question on everyone's mind is, “to what extent is cyber insurance fueling ransomware attacks”?
A debate between a data privacy officer, a CIO and a CISO on how to juxtapose privacy and security to achieve total compliance.
The session will cover:
Establishing compliance with complex regulations along with privacy and security
Privacy by design in security controls
Privacy journey from legacy to controls
The Reserve Bank of India has been holding discussions to understand the scope of cryptocurrency in the Indian economy and to formulate regulations and a proper system to govern this. It is also warning cryptocurrency users and traders about the risks associated with the system.
However, experts say bitcoin usage by Indian companies is gaining momentum, and cryptocurrency now has more than five million users in the country.
Reports say over 3,000 investments in India were being done with bitcoin daily.
The panel will discuss:
Assessing the risks associated with the use of bitcoin
Are security leaders prepared for the bitcoin regime?
Establishing secure transactions using bitcoin
The primary challenge with zero trust is keeping it simple, operationally efficient and easy to understand, with predictably positive outcomes. This is achieved across various systems, not with different solutions, policies, and technologies, but with an effective strategy to ensure minimal friction.
Operationalizing zero trust is critical for adding a layer of agility to modern networks that otherwise seems impossible in traditional network designs.
Zero trust is said to deliver a security strategy that helps secure access in a way that frustrates attackers, not users.
The session will cover:
How zero trust will transform your network security and function as a business enabler by focusing on the top business objectives
How to achieve tactical and operational goals with zero trust
How to measure the success metrics of zero trust implementation
The increasing attacks on ICS networks are a threat the industry can no longer ignore. Organizations in the industrial sector, particularly manufacturing, need to re-evaluate and strategize on how they protect ICS, especially industrial controllers.
The panel will discuss:
Typical attack forms on the ICS (OT-IT convergence, increased/accelerated digitalization, digital twin)
Traditional approaches to securing ICS networks (like air gapping) - and why they are inadequate for protection in a converged world of OT and IT
New approaches and best practices to securing ICS networks
As organizations embrace (and accelerate) digitalization to offer new and innovative services, the vulnerabilities associated with data and technology will increase. According to research, cybercrime damage is expected to reach $8 trillion in 2023. Almost every organization will be impacted by a cyberattack this year, and it is crucial for businesses to rethink their risk management and incident response strategies.
In the face of an increasing threat landscape, with the growing volume and sophistication of attacks, companies need more than a security solution or governance policy to be prepared for these attacks.
They need a proactive and integrated approach with threat monitoring, threat intelligence, and end-to-end managed services.
That's where cyber resilience comes in. It is not an afterthought, but needs to be built by design.
The panel will discuss:
The importance of cyber resilience in today's context, and how do you achieve it in your organization
Cyber resilience versus cybersecurity
How to create a bullet-proof incident response plan
The need for cyber resilience solutions and frameworks
The cyber insurance industry has been challenged by the rising costs of cybercrime. The element of the unpredictability of the cybercrime world does not work well for the industry. New coverage and rising renewal rates are significant concerns. Premiums are rising by 10- to 20-fold. Recent research reports show that 70% of cybersecurity professionals believe insurance payments to companies that have paid a ransom exacerbate the problem and cause more attacks. Moreover, cyber insurance companies are targets themselves. The question on everyone's mind is, “to what extent is cyber insurance fueling ransomware attacks”?
The session will also cover:
Will ransomware ultimately lead to the fall of cyber insurance companies?
How the cyber insurance industry must approach the problem of ransomware
The growing influence of insurers on the security programs for enterprise
Cybersecurity has evolved from securing siloed endpoint devices with EDR solutions to securing users, devices and workloads in a perimeter-less world. With employees working from multiple locations and workloads on multicloud, visibility has become a core challenge for CISOs. From EDR, we moved to managed detection and response to manage tens of thousands of endpoints, which helped in the face of cybersecurity skill shortages.
The increased rate and sophistication of threats call for a more proactive approach with continuous monitoring, threat prioritization, and threat hunting. There is a need for threat response, immediate remediation and preventing breaches from spreading laterally. And this is what an XDR platform can offer.
The session will cover:
How to make a transition from EDR to XDR - the challenges
Aligning XDR with the existing detection tools - use case
Leveraging XDR to its fullest capabilities
More than 90% of consumers around the world rely on online payments, according to a research study. This, however, brings with it an increase in transaction fraud. Fraudsters are relying on synthetic IDs to carry out various card-related frauds.
Social engineering is also increasingly becoming a deceptive tactic to trick people into divulging information. With so much going on, how can the payment industry tackle the new-age methods to reduce fraud?
The session will cover:
• The new forms of fraud tactics
• The shortcomings of the current defensive approach
• What needs to change in 2023
We are living in a VUCA world – a world that is volatile, uncertain, complex and ambiguous. As per India’s policymakers, VUCA is nothing but the AAJA world - Asthirata, which means volatility or a high rate of change; Anishchita, which means uncertainty and lack of clarity about the present and the future; Jatilata, which means complexity concerning multiple factors that impact critical decisions; and Aspashtata, which means ambiguity about the unprecedented and challenging times in the industry.
We are into 2023, and are witnessing growing chaos in the cybersecurity domain with multiple forms of attacks targeting enterprises.
What kind of conversations do the security teams need to have, what should be their strategies and what is their focus area?
The panel will discuss:
Cybersecurity lessons learned from economic uncertainty
New forms of security defenses enterprises have adopted in 2023
What’s top of mind for CISOs in tackling this situation
April 12 - 13, 2023
Cybersecurity Summit: Bengaluru