Among other things, 2022 will be remembered for the Russian invasion of Ukraine and the cyberwarfare that transpired between the two nations. There has also been a significant increase in ransomware attacks on critical infrastructures globally in 2022, including AIIMS, one of India’s leading medical institutes. Following cyberattacks on its critical infrastructure, the Costa Rican government had to declare a national emergency.  

Given the sophistication of the threat landscape, how must India be prepared? What are the new security challenges and opportunities in 2023? 

 The keynote will cover: 

• What global partnerships can we form to strengthen our cybersecurity policies?  
• What plans does the government have for securing critical infrastructure?  
• What are the key takeaways CISOs need to learn to respond to the challenges?  
• Consolidation/rationalization of regulation  

With the RBI announcing its central bank digital currency (CBDC) pilot project, steps need to be taken not only to scale the infrastructure but also to secure it. However, there still are many unanswered questions. Do we have to build everything from the scratch or can existing security infrastructure be leveraged? How are CBDCs different from UPI? How will the government build trust for mass adoption of this project and what are some of the bottlenecks?  

This session will deep dive into the changing nature of banking, including the risks and the security innovations, to support organizations in protecting the transactions ecosystem and establishing digital business. 

 The session will cover:  

• CBDCs as a conditional secure payment service 
• Using blockchain in securing the digital payments system 
• Security-by-design approach to secure CBDC 

To get the zero trust strategy right, it is important to know what exactly to protect, identify your crown jewels, understand what zero trust means to CISOs and security, and evaluate how to implement it faster without disrupting the business. However, unless you deal with the reality of a compromise, you do not know what is of value to you. It is important to know what your assets are and, among them, which is the most important asset.  

The session will cover: 

• A case study on building a zero trust strategy 
• Understanding the core components of a zero trust architecture 
• Increased visibility options and implementing them quickly and efficiently

As automation and cloud adoption become priorities, security teams are modernizing their security operations center. Legacy and outdated technologies like SIEM are being replaced with security orchestration, automation and response or SOAR. 

The two technologies share some common components but serve different purposes. What are the key things to consider before adopting SOAR? 

The session will cover: 

• Has SIEM lost its relevance? 
• Can SIEM and SOAR coexist in a hybrid cloud environment? 
• How can cloud adoption help in better SOAR adoption? 

The critical components of an identity strategy, experts say, are to capture the data domains, engage using MFA, manage by providing user attributions, and administer managing identities from unauthorized sources. But are they adequate? Are you taking a piecemeal approach that does not help in compliance? Any written IM policy that can’t be enforced becomes ineffective. 

The session will cover: 

• Components of a comprehensive identity management program  
• How to balance between authentication and user experience 
• How to manage the identity of your vendor partners 

In the current threat environment, SOC teams continue to face the pressure of detecting intrusion as quickly as possible before it becomes a significant security incident. With so many point products in use in a typical organization, it is often time-consuming and challenging for the SOC team to search through the noise to find important alerts that may indicate the presence of a threat in the environment. 

SecOps is more difficult today than it was two years ago. Improvements are ongoing as teams adopt future-forward practices, including XDR deployment.  

However, it is critical to understand what XDR is, what it is not, and how it’s increasing SecOps efficiency and enabling the SOC team to detect, respond, and remediate threats across all attack channels in real time. 

The session will cover: 

• Popular myths and realities about XDR  
• How to embed XDR into the existing threat detection framework to enhance SOC capabilities 
• Understanding the critical pieces of the XDR puzzle 

When it comes to cybersecurity, the CEO matters. Today, CEOs are recognizing the CISO’s role because it includes revenue protection, brand resilience and employee security. Cyber is an operational and existential risk for a business. How senior management provides support can impact how well an organization is protected from pervasive cyberthreats. The goal is to make sure the CEO understands the threat well enough to be able to mitigate it. It is imperative to use business language and shift the conversation away from technology and cyber language. But 2023 will be the year for CEOs to ask their CISO "what more can we get from what we already have?" Maximizing the coverage and protection of your existing tools and team and not letting your guard down must be the focus in 2023. 

The session will cover: 

• Experience sharing 
•  Criminal liability 
•  Bridging the gap of cost and investment in cybersecurity 

According to a recent report on cloud security, 27% of organizations have experienced a security incident in their public cloud infrastructure within the last 12 months. Of these, nearly a quarter (23%) were caused by security misconfigurations in cloud infrastructure. As organizations shift to the cloud, achieving, maintaining and demonstrating regulatory compliance in this different IT environment is a significant challenge. Regulations on data localization and data sovereignty are being formalized. However, designing and implementing compliance policies for cloud environments is different from those of on-premises systems.  

The session will cover:  

• How to deal with cloud misconfigurations 
• How to automate cloud security around deployment, monitoring and recovery 
• Lessons learned on cloud security 

Ransomware attacks are becoming inevitable as bad actors exploit the weakest link of cyber defense - humans. The goal of cyber resilience is to transform business expectations and guarantee that businesses face a less-than-significant impact from a cyberattack. NIST defines cyber resiliency as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, and attacks by cyber resources. The recovery process needs to ensure not only a quick recovery but also a quicker return to business. What is your current cyber recovery strategy? What challenges are you facing under recovery? 

The session will cover: 

• How much to rely on backups 
• Practicality of creating an alternate environment 
• Leveraging cloud for better resilience 

Experts say technology can promote accountability as well as anonymity. The computer systems and applications require proof of identity of the user before allowing them access to every function in an organization. Detection technologies, including XDR, could pose a challenge to privacy and security. Enterprises, thus, will have to strike a balance to protect data.  

The session will cover: 

• Defining privacy and technology landscape in 2022 
• The impact of increasing detection tools on privacy 
• A collaborative approach to fuel privacy and tech innovation 

India has released its fourth draft bill on data protection. Although hailed as straightforward by the industry, many privacy proponents claim the Digital Personal Data Protection Bill 2022 is a lighter version of the original and takes away the focus from putting users’ or data principals' privacy rights at the center. With many things still vague, how can the bill ensure proper privacy rights without compromising the ease of doing business?  

The panel will cover: 

• What can CISOs expect from the revised draft bill? 
• Data localization conundrum 
• What to protect

The demand for innovative financial services has never been stronger, with consumers testing new solutions from traditional banks, fintech firms, technology companies and other non-traditional players. Contactless, bots, blockchain, biometrics, AI and cloud are some of the digital innovations in the financial services industry. 

With third-party-sourced breaches regularly making the headlines, most companies have become aware of the risks created by this extended attack surface - often because they have been victims themselves. By following the right path, security and risk leaders can feel confident in their approach to managing the cyber risk posed by third parties.  

The session will cover: 

• How third-party risk environment has evolved 
• What is needed for an effective risk management program 
• The challenges of implementing third-party risk program 

Darkweb is a lifeline for many living under oppressive regimes. However, the anonymity of cryptocurrencies has led to a boom in cybercrime, and in turn, led darkweb to flourish.  

The darkweb is a marketplace for exfiltrated data from breached organizations, and it is critical for organizations to understand the myths and realities about it.  

Criminals have been able to successfully operate the "crime-as-a-service" model using darkweb and cryptocurrencies. However, businesses and the security agencies have been able to make very little, if any, impact.   

How can enterprises become cyber resilient, and how should law enforcement respond to this menace?     

The session will cover:    

• New techniques and approaches used to combat security threats from the darkweb 
• How is law enforcement responding to the investigation process and adapting to online technologies? 
• Establishing access: venturing behind enemy lines 

Compliance and regulations are often seen as a necessary evil in the world of cybersecurity. While too many regulations can make a CISO's life tough, not complying with them is not an option anymore. Moreover, with IT Act getting changed to Digital India Act, what are the new aspects that CISOs need to consider? What are the various legal requirements under Data Protection Bill? 

The cyber insurance industry has been concerned with the rising costs of cybercrime. The element of the unpredictability of the cybercrime world does not work well for the industry. New coverage and rising renewal rates are significant concerns. Premiums are rising by 10- to 20-fold. Recent research reports show that 70% of cybersecurity professionals believe insurance payments to companies that have paid a ransom exacerbate the problem and cause more attacks. Moreover, cyber insurance companies are targets themselves.   

The question on everyone's mind is - to what extent is cyber insurance fueling ransomware attacks, or is it the best defense against fighting ransomware?    

The session will cover:   

• Changes in the cyber insurance sector   
• Questions to ask before seeking insurance   
• The role of MDR/XDR in making companies more attractive to insurers

The rapid evolution and sophistication of cyberattacks, and the migration of assets to hybrid multi-cloud, is creating a complete storm. It’s time to move past siloed security to a more collaborative and flexible approach to security. Organizations are trying their hands at cybersecurity mesh architecture designed to make security more composable and scalable by modularizing security functions and enabling them to interoperate through a set of supportive layers. Like zero trust, the cybersecurity web is focused on reimagining the boundaries of the identity layer and bringing together disparate security tools into a single, interoperable ecosystem.  

The session will cover: 

• How to secure more with less 
• Establishing intelligent security by design 
• Enhancing security collaboration and integration 

Passwordless has become the holy grail for user authentication. But there are different interpretations of what passwordless is and is not. Passwords are less common than ever, but they are still used around the world.  With weak passwords often being the primary reason behind cyberattacks, companies are increasingly investing in biometrics and adaptive authentication.   

The session will cover: 

• How open identity management is evolving 
• How identity can cater to various risk profiles 
• What needs to change in 2023? 

As the threat landscape continues to deteriorate, criminals learn and use new techniques, and devastating attacks such as ransomware surge, security leaders struggle to fill a critical shortage of skilled talent. With the lack of sufficiently skilled security professionals to meet the needs to protect organizations, industry leaders must look for new ways to recruit and retain talent - who leverage next-generation technologies like automation - to close gaps before it's too late. 

The panel will discuss: 

• How smart CISOs are closing the cybersecurity skill gap 
• Initiatives to retain top-notch employees during the current cybersecurity workforce shortage 
• Reskilling and upskilling of existing workforce versus hiring 

Ransomware, insider threat, phishing, supply chain attacks, cryptojacking and social engineering attacks have seen an unprecedented surge. The CISOs have a list of issues to tackle. It would not be a surprise to say that the enterprises are experiencing a vendor sprawl. How do they strategize their plans and what tools are they betting on to take on the adversaries head-on? They have a daunting task of building a cyber-resilient enterprise against the backdrop of a continuously evolving global threat landscape.  

The panel will discuss:     

• CISO technology priorities in 2023   
• Key tactical and strategic approaches to tackle threats in 2023   
• Essential components to building a cyber-resilient enterprise