The summit's objective is to provide education and exclusive networking opportunities to the participants with peers and subject matter experts. The program has been carefully designed with the support and guidance of the 'editorial advisory board,' including senior thought leaders from the region, to capture the regional security challenges that resonate with their current concerns. The summit editorial advisory board includes:

Conference Chair: Dr. Yask, CISO, IOCL 

Conference Co-Chair: Dr. Pavan Duggal, Advocate, Supreme Court of India

Advisory Members: 

• Ashish Khanna, CISO, Evalueserve
• Amandeep Singh, CISO, Amazon Pay
• Kapil Madaan, Global Head-Information Security, Risk and Compliance, Max Healthcare
• Bithal Bhardwaj, Group CISO, GMR Group

It’s no longer a matter of if, but when you’re going to be the victim of a cyberattack. Are the organizations prepared? With the increasing attacks on critical infrastructure, securing it is no longer a theory. Post SolarWinds, Colonial Pipeline, Log4j and Ukraine, it’s a different world today. Hence, a different cybersecurity strategy is needed to fight hybrid warfare.   

Do you think yesterday’s cyber strategy will apply and work well for 2022? What needs to change in how CISOs conduct business and secure digital assets from ever-evolving, ever-automating cyber adversaries?   

The plenary session will cover:   

• What are the new cyber defenses required to fight evolving threats?   
• How much does automation help in enhancing your security posture?
• What is the CISO’s role in a war zone?

It has been predicted that public cloud services will grow and reach a record $420 billion by 2022. The massive increase in cloud adoption has motivated cybercriminals to target the cloud environments where most data resides now. Around mid-last year, IDC surveyed 200 CISOs and reported that nearly 98% of the companies had experienced at least one cloud security breach. What is the best way to secure your cloud without disrupting the user experience? 

The session will also discuss: 

• The state of cloud security in 2022.
• Does zero trust in the cloud need a different approach?
• The roadmap for the zero trust journey.

With the ongoing hybrid cyberwar, cyberattacks are at an all-time high and have become a permanent and persistent threat for cybersecurity teams. Cybersecurity leaders are under constant fear of how to fend off an attack by a well-equipped nation-state.  

Given the situation is “not if a cyberattack will happen, but when” anymore, the security leaders need to revisit their strategy and revise their action plans to build a resilient and agile digital organization and maximize resilience. There is a constant need to adopt new technologies to combat the inevitable threats. 

The keynote will cover: 

• How to maintain cyber resilience in wartime 
• Understanding potential risks and enterprise preparedness as wartime CISOs 
• Accelerating response to growing threat activity

In the face of skyrocketing cyber risk, detecting and responding to attacks is no longer enough. Still, hardening systems is essential to a proactive approach to preventing threats. Darktrace presents an ambitious new security vision with a Self-Learning feedback ‘loop’ enabled by AI technology to prevent, detect, respond and heal from threats. Beyond this, enhancing the security posture with the right technology and tools is crucial in turning the tables on cyberattackers. 

The session covers:  

• How self-learning AI helps to protect against the full range of cyberthreats
• How the cyber AI Loop delivers autonomous, always-on cybersecurity in a continuous feedback cycle
• Real-world case studies and attack scenarios

The capabilities of quantum computers are advancing rapidly. Quantum algorithms running on quantum computers are likely to be beneficial in enhancing R&D in several technology domains. However, they are a potential threat to security systems since they increase the probability of classical cryptography algorithms getting broken.

What cyberthreat does quantum computing pose, and why is there a need for new cryptography techniques based on the paradigm of post-quantum cryptography?

The session will cover:

• How potential threats to cryptography from quantum computers are real
• Why there is a need to plan quantum-safe migration of the existing security applications and networks
• Why is it good to have a quantum risk management approach and planning than regret the loss of sensitive data

How do you go from password to passwordless in today's business when 80% of breaches are due to passwords? 

People's password practices remain the weakest point in a company's security and may put sensitive data at risk. While employees want to work efficiently from anywhere, businesses must ensure security controls are in place. Passwords allow employees, partners and customers to access a broad range of tools and systems that enable them to work, collaborate and transact. However, they are also notoriously weak as a security tool, and their problems remain at an all-time high unless proper steps are taken to manage and protect them adequately. 

The session covers: 

• How organizations manage passwords and reduce human behavior risk, given that humans are the weakest link.
• Practical steps to deal with the human element of digital access at home and at work.
• How password management solution can fit seamlessly into your cybersecurity strategy without complicating the current systems or compromising what is at stake.
• Going beyond SSO and MFA to help enhance your cybersecurity posture.

The digital attack surface continues to expand, leaving the entire organization or systems susceptible to hacking. This results in an increased risk for the organization, which cannot be mitigated by just identifying threats or having preventative tools in place.   

The complexity further increases with the advent of many devices, web applications and network nodes to usher in more threats. While enhancing the security posture, it is also critical to control the chaos that the complex attack surface creates for security teams.  

The session covers:  

• Need for establishing visibility and control across the systems  
• Bridging the silos to building a single pane of glass  
• A practical approach to effective integration and consolidation of tools

The darkweb has become a well-traveled marketplace for data exfiltration from breached organizations, and organizations must understand the myths and realities about it. 

Through the use of the darkweb and cryptocurrencies, cybercriminals have been able to successfully run the “crime-as-a-service" model. The enterprises and the security agencies have been able to make little, if any, impact.   

How can enterprises become cyber-resilient, and how can law enforcement play a crucial role in incident response?    

The fireside chat between a CISO and a law enforcement professional will demystify: 

• How new techniques and approaches are being used to combat security threats from the “darkweb”
• How is law enforcement responding to the investigation process and adapting to online technologies
• How to determine and enforce access control to minimize potential security risk

Some experts say technology can promote accountability and anonymity. The computer systems and applications require ‘proof’ of identity — for every function within an organization— before allowing access to the user. The question it raises is whether the newly deployed technologies for threat detection in an enterprise will play hard on privacy? 

The session will cover: 

• Defining privacy and technology landscape in 2022 
• Impact of increasing detection tools on privacy 
• A collaborative approach to fuel privacy and tech innovation 

The critical components of an IAM strategy, experts say, are to capture the data domains, engage using MFA, manage by providing user attributions and administer managing identities from unauthorized sources.   

Some say implementing an IAM framework is complex, and integrating with security is a big task and expensive too. Enforcing centralized granular password policies across active directory and cloud applications is a Herculean task.   

The session covers:  

• Building a framework for managing identity that supports ‘zero trust’ and writing actionable playbooks  
• Applying adaptive MFA to elevate trust in identities and mitigate user impersonation   
• Using automation to eliminate redundancy and human errors in enhancing business processes

Most security leaders believe that they are not protecting technology but people. The fundamental questions that arise are: Is privacy a CISO’s problem, and how to operationalize privacy in the context of security and data protection issues?   

Some experts say anything new that gets integrated into the organization — any new system, technology, or vendor onboarding — must go through a review process to check for any risks. This will ensure the risks are identified at the initial design phase so that the finished product has all the mechanisms built in by default to comply with GDPR.  

Many organizations fail to understand the intersection between security and privacy. How are privacy-by-design strategies meeting the legal mandates while promoting a free flow of data that powers digital business models? 

Against this, how are organizations trying to apply privacy principles by design in its true sense? How is security and privacy being built in and not bolted on, and what should be the standard operating procedure?  

The session will cover:   

• Implementing the privacy policy at the design stage
• Essential steps to rebuild the architecture or the platform
• Use-case scenario in how privacy is embedded into the design of products or solutions

Organizations that depended upon traditional, centralized networks and designated offices found themselves suddenly in a highly distributed world, with employees working from anywhere. Application migration to the cloud in the form of SaaS from third-party providers or as a private cloud with AWS or Azure became the new norm — with data traversing extensively. The primitive way of managing information by IT and security in this perimeter-less environment has fallen short of the expected results.    

Against the growing complexities, the new approach will help solve the challenges of securing your remote workforce and overcome the shortcomings of a traditional method.  

The session will cover:   

• How to protect remote workers on the web and cloud with continuous monitoring  
• How to control access to cloud and private apps without VPNs  
• How to implement “zero trust” content delivery to establish a 100% malware-free environment and protect distributed data

The cyber insurance industry has been challenged by the rising costs of cybercrime. The element of unpredictability of the cybercrime world does not work well for the industry. New coverage and rising renewal rates are major concerns. Premiums are rising by 10- to 20-fold. Recent research reports show that 70% of cybersecurity professionals believe insurance payments to companies that have paid a ransom exacerbate the problem and cause more attacks.  Moreover, cyber insurance companies are targets themselves. The question on everyone's mind is “to what extent is cyber insurance fueling ransomware attacks”?  

The session will also cover:  

• Will ransomware ultimately lead to the fall of cyber insurance companies? 
• How the cyber insurance industry must approach the problem of ransomware 
• The growing influence of insurers on the security programs for enterprises

As per CERT-In's mandates, Indian enterprises must inform the agency within six hours of discovering a cybersecurity incident. In case of non-compliance, the company is liable to pay a maximum penalty of about $1,324. 

However, there is certain ambiguity surrounding the mandate as security practitioners seek more details about what happens once an organization reports a breach. Are enterprises in a state of readiness to report a breach?  

The panel discussion will cover: 

• The mandate for third-party breach incident reporting 
• Implications of breach reporting   
• CERT-In's support for breached entity and remedial measures