September 26, 2024

Cybersecurity Summit:
Canada East

8:00 AM - 4:00 PM EDT | Toronto, on

Event Overview

Experience the pinnacle of cybersecurity expertise at ISMG’s Cybersecurity Summit: Canada East. Here, we bring together leading cybersecurity professionals to delve into the most recent industry trends and address critical challenges. Attendees will benefit from networking opportunities with key figures in the field, fostering the exchange of transformative ideas.
Explore in-depth sessions on vital topics such as executive liability, cybersecurity & privacy laws, innovations in AI-driven cybersecurity, and advanced techniques to counteract ransomware.

Don’t miss the featured session of the day – an engaging tabletop exercise on deep fakes, providing practical skills to tackle new threats. Stay at the forefront of the industry with the knowledge and connections gained at this exclusive event.

View our ISMG Event Experience video to see what your peers are saying about their participation. 

Venue

Sheraton Centre Toronto Hotel

123 Queen Street West, Toronto, ON, Canada

NOTE:  All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

Highlight Topics

  • Ransomware – Navigating Threats and Responses
  • Navigating the Complexities of Cybersecurity & Privacy Laws
  • Executive Liability – Improving Existing Programs & Strengthening Defenses
  • Overcoming Challenges of AI Adoption
  • Deepfake Drama – An In-Depth Tabletop Simulation

Craig Peppard

CISO, ivari Canada

Surinder Lall

Imran Ahmed

Partner/Canadian Head of Technology, Norton Rose Fulbright

Ruth Promislow

Partner, Bennett Jones LLP

Robert Knoblauch

Denny Prvu

Director of Architecture: Innovation & Technology, Fortune 500 Financial Services Company

Carl Montreuil

Director, Federal Policing Criminal Operations - Cybercrime, Royal Canadian Mounted Police

Goran Novkovic

Director, Industrial Cybersecurity, Toronto Transit Commission

June Leung

Director Identity and Access Management, Mackenzie Investments

Priya Mouli

Head of Information Security & Compliance, Sheridan College

Deniz Hanley

Canada CISO & Head of Technology Risk, Morgan Stanley

Gennady Duchovich

Head of Cybersecurity, Haventree Bank

Elena Carroll

CISO, Davies Ward Philips & Vineberg LLP

Speakers

Thought Leaders on Stage and Leading Deep Dive Discussions

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, at interactive workshops and networking events. Learn from the who’s who in the cybersecurity industry, passionate about the latest tools and technology to defend against threats.

Agenda

You can now view or download a PDF version of the attendee guide.

Registration & Breakfast

Opening Remarks

Ruth Promislow

Partner, Bennett Jones LLP

Deniz Hanley

Canada CISO & Head of Technology Risk, Morgan Stanley

Imran Ahmad

Partner/Canadian Head of Technology, Norton Rose Fulbright

Navigating New Cybersecurity and Privacy Laws in Canada: National and Provincial Perspectives for 2024

This session will provide a comprehensive overview of new laws at both the national and provincial levels in Canada. We will examine the implications of the Critical Cyber Systems Protection Act (CCSPA), the Enhancing Digital Security and Trust Act, 2024 (Bill 194) in Ontario, and other significant legislative updates. Attendees will gain detailed insights into these laws’ requirements and learn practical strategies for compliance and risk management.

Key Points:

  • Bill C-26: Critical Cyber Systems Protection Act (CCSPA): Explore the provisions of Bill C-26, which mandates critical infrastructure operators to identify and mitigate cybersecurity risks, report incidents to the Canadian Security Establishment (CSE), and comply with protective measures.
  • Enhancing Digital Security and Trust Act, 2024 (Bill 194): Understand Ontario’s new legislative framework aimed at enhancing digital security and trust in the public sector, including cybersecurity requirements, privacy impact assessments, and breach notifications.
  • Mandatory Incident Reporting: Discuss the new federal requirements for reporting ransomware and other cyberattacks, and learn how to prepare your organization to meet these obligations.

Ruth Promislow, Partner, Bennett Jones LLP

Deniz Hanley, Canada CISO & Head of Technology Risk, Morgan Stanley

Imran Ahmad, Partner/Canadian Head of Technology, Norton Rose Fulbright

Kush Sharma

Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario

Denny Prvu

Director of Architecture: Innovation & Technology, Fortune 500 Financial Services Company

Harnessing AI in Cybersecurity: Lessons from the C-Suite

Our keynote panel of leading CISOs will offer an unfiltered glimpse into the strategic deployment of artificial intelligence by information security practitioners. These industry leaders will share their direct experiences, focusing on the transformative role AI plays in enhancing security measures, the challenges of integrating AI into existing frameworks, and the innovative strategies developed to mitigate associated risks.
 
Attendees will leave with a comprehensive perspective on strategic AI integration, including:
 
  • Real-World Deployment: Delve into how top organizations have successfully integrated AI into their security operations, highlighting the decision-making processes, implementation strategies, and adjustments made to align AI initiatives with security goals.
  • Navigating Challenges: Unpack the hurdles encountered by CISOs in adopting AI, from overcoming data bias and ensuring privacy to securing AI systems against adversarial attacks, and the practical solutions that were employed.
  • Mitigating Risks: Gain actionable insights into the risk management practices refined through firsthand experiences, including the development of robust frameworks to assess and mitigate the unique risks posed by AI.
  • Adapting to an AI-Driven Security Landscape: Learn from the foresight and adaptability of leading security practitioners as they prepare their organizations for the future, ensuring resilience against the evolving threat landscape influenced by AI.

Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information

Systems Association, Ontario

Denny Prvu, Director of Architecture: Innovation & Technology, Fortune 500 Financial Services

Company

Networking & Exhibition Break

Craig Peppard

CISO, ivari Canada

Fernando Montenegro

Senior Principal Analyst, Omdia

June Leung

Director of Identity and Access Management, Mackenzie Investments

Securing the Supply Chain: Responding to Zero-Day Vulnerabilities and Beyond

This session will shine a light on advanced strategies for securing supply chains against zero-day vulnerabilities and other emerging threats. By examining recent incidents such as the MOVEit Transfer breach, the Desjardins Group data breach, and the Suncor Energy cyber incident, we will explore how to implement robust security measures, conduct thorough risk assessments, and establish resilient monitoring systems. Participants will gain actionable insights needed to construct a comprehensive framework for supply chain security, ensuring that both preventive and reactive measures align with the dynamic landscape of modern supply chains. Join us to learn how to fortify your defenses and protect your organization from potential disruptions and security breaches.

Key Points:

  • Responding to Zero-Day Vulnerabilities: Understand the nature of zero-day vulnerabilities within supply chains and explore strategies to detect and respond to these threats swiftly and effectively.
  • Comprehensive Vendor Risk Assessments: Learn how to evaluate the security posture of suppliers and third-party vendors through rigorous risk assessments and continuous monitoring. Real-world examples from Canadian companies will be discussed.
  • Implementing Advanced Security Controls: Discover best practices for deploying security controls such as code signing, software integrity verification, and secure boot mechanisms to safeguard supply chain components.
  • Monitoring and Incident Response: Gain insights into setting up effective monitoring systems to detect signs of compromise or suspicious activity in the supply chain, and develop robust incident response plans to mitigate the impact of breaches.

Craig Peppard, CISO, ivari Canada

 

Fernando Montenegro, Senior Principal Analyst, Omdia

 

June Leung, Director of Identity and Access Management, Mackenzie Investments

Aniket Bhardwaj

Vice President, Global Incident Response & Cyber Threat Operations, Charles River Associates

Priya Mouli

Head of Information Security & Compliance, Sheridan College

Eric Charleston

Partner, National Co-Leader, Cybersecurity at Borden Ladner Gervais LLP

Ransomware Realities: Defending Canada Against the Surge

This session will focus on extracting valuable lessons from recent significant cyber incidents within Canada, particularly the rise of Ransomware-as-a-Service, to inform and enhance future cybersecurity strategies. Ransomware attacks have surged significantly, with Canadian companies now facing average ransom demands exceeding $1 million CAD—an increase of almost 150% in the last two years. Join our expert panel as they analyze key takeaways from recent major breaches affecting North American organizations, including LockBit’s recent attack against London Drugs, the 2023 Ontario hospital breaches, among others. These incidents highlight vulnerabilities in critical infrastructure and the extensive impact such breaches can have on operations and public trust. Our discussion will highlight common vulnerabilities exploited, effective response strategies, and the importance of proactive measures to build robust, resilient systems capable of withstanding sophisticated attacks expected in 2025 and beyond.

Key Takeaways:

  • Understanding Attack Patterns: Identify common tactics, techniques, and procedures (TTPs) used by cybercriminals, especially focusing on the RaaS model.
  • Effective Response Strategies: Learn from the immediate and long-term response actions taken by affected organizations to contain and mitigate damage, including regular security audits and incident response planning.
  • Proactive Measures: Discuss the importance of employee training and adopting a zero-trust architecture to enhance cyber resilience.

Aniket Bhardwaj, Vice President, Global Incident Response & Cyber Threat

Operations, Charles River Associates 

 

Priya Mouli, Head of Information Security & Compliance, Sheridan College

 

Eric Charleston, Partner, National Co-Leader, Cybersecurity at Borden Ladner Gervais LLP

Robert Knoblauch

Former Deputy CISO & VP of Global Security Services, Scotiabank

Imran Ahmad

Partner/Head of Canadian Technology, Norton Rose Fulbright

Navigating Executive Liability: Safeguarding CISOs in the Age of Accountability

This concern has been realized in stark terms for executives in both EMEA and North America in recent years, including high-profile cases against the former CIO of TSB and CSO of Uber respectively.
 
 In this highly-pressurized environment, it becomes imperative for CISOs to understand and mitigate their personal liability before an incident occurs. This session will provide an in-depth exploration of the evolving landscape of executive liability for CISOs, focusing on the implications of recent legal cases and regulatory developments. Drawing insights from recent incidents and expert recommendations, this session aims to equip CISOs with the knowledge and strategies needed to protect themselves while effectively managing their organization’s cybersecurity posture.
 
Key Takeaways:
  • Understanding the Current Legal Landscape: Explore the implications of recent cases and regulatory changes that have increased the personal liability of CISOs, including the impact of GDPR and other data protection laws.
  • Proactive Measures to Mitigate Liability: Learn practical steps to safeguard against personal liability, such as maintaining thorough documentation, ensuring timely breach disclosures, and implementing robust security measures.
  • Building a Culture of Accountability: Discover how fostering a culture of transparency and accountability within your organization can help mitigate risks and protect both the CISO and the company.
  • The Role of Insurance and Legal Counsel: Understand the importance of cyber insurance and regular consultations with legal counsel to ensure you are adequately protected.

Robert Knoblauch, Former Deputy CISO & VP of Global Security Services, Scotiabank

 

Imran Ahmad, Partner/Head of Canadian Technology, Norton Rose Fulbright

Carl Montreuil

Director, Federal Policing Criminal Operations - Cybercrime, Royal Canadian Mounted Police

Josh Iroko

Managing Consultant, Mandiant, Google Cloud

Deep Fakes, Real Stakes: Unmasking Cyber Deception in a High-Stakes Tabletop Simulation

It aims to bolster strategic response capabilities and enhance operational readiness against the backdrop of advanced cyber threats. The focal point of this exercise is a strategically crafted deep fake incident targeting a corporate executive, weaving together elements of social engineering, financial fraud, and the challenges posed by emerging technological threats.

What You Will Gain From This Experience

  • Enhanced Organizational Readiness: To critically assess and improve organizational preparedness in responding to intricate cyber incidents involving deep fake technology and social engineering.
  • Interagency Collaboration and Knowledge Exchange: To strengthen the partnership and information sharing between the sponsor and leaders in the private sector cybersecurity community.
  • Strategic Response Development: To create all-encompassing incident response strategies that cover legal, technical, and communicational facets, while also identifying and rectifying weaknesses in existing cybersecurity policies and governance.

Carl Montreuil, Director, Federal Policing Criminal Operations – Cybercrime, RoyalCanadian Mounted Police

Josh Iroko, Managing Consultant, Mandiant, Google Cloud

Networking & Exhibition Break

Aniket Bhardwaj

Vice President | Global Incident Response & Cyber Threat Operations, Charles River Associates

Goran Novkovic

Director, Industrial Cybersecurity, Toronto Transit Commission

Gennady Duchovich

Head of Cybersecurity, Haventree Bank

Resilience of Critical National Infrastructure to Cyber Threats

This session will explore the vulnerabilities of CNI and the strategies countries, particularly Canada, are employing to enhance their defenses. We will delve into the primary actors posing cyber threats to CNI, including state and non-state actors, and analyze the evolving tactics they use to disrupt vital sectors such as nuclear, energy, and electricity.
 
Exemplified by the 2021 ransomware attack on the Newfoundland and Labrador healthcare system, persistent threats critical infrastructure illustrate the high stakes when critical systems are compromised and the need for a resilient security strategy. Participants will gain insights into how Canadian businesses and governments are adapting to these threats and the potential for international collaboration to bolster CNI protection across borders. Through a comprehensive assessment of interrelated threats, we aim to uncover feasible approaches to strengthening CNI resilience globally.
 
Key Takeaways:
 
  • Understanding Threat Actors: Identify and analyze the primary cyber threats to CNI, their methods of disruption, and specific cases such as the Newfoundland and Labrador healthcare system attack.
  • Strategic Responses: Learn about the measures Canada and other countries are taking to mitigate vulnerabilities and enhance CNI security.
  • International Collaboration: Explore the feasibility and benefits of cross-border cooperation in protecting CNI from cyber threats.

Aniket Bhardwaj, Vice President | Global Incident Response & Cyber Threat Operations, Charles River Associates

Goran Novkovic, Director, Industrial Cybersecurity, Toronto Transit Commission

Gennady Duchovich, Head of Cybersecurity, Haventree Bank

Closing Comments

Don’t miss your chance to attend this dynamic impactful event

#ISMGSummit

@ISMG_News

Sponsors

The Summit Experience

CPE Credits

ISMG Summits offer Continuing Education Credits. Learn informative and engaging content created specifically for security professionals.

Upcoming ISMG Events

Decemebr 5-6, 2024

Virtual IoT/OT Summit

December 10, 2024

State of Identity: Protecting Identities in the Modern Climate

December 10, 2024

Transformez vos Opérations avec l'IA Générative Avancée d'Elastic et Google Cloud Paris

december 12, 2024

Revolutionizing AppSec with Multi-AI Agent Approach

February 11-12, 2025

Virtual Summit: Cybersecurity Implications of AI

Upcoming ISMG Events

Decemebr 5-6, 2024

Virtual IoT/OT Summit

December 10, 2024

State of Identity: Protecting Identities in the Modern Climate

December 10, 2024

Transformez vos Opérations avec l'IA Générative Avancée d'Elastic et Google Cloud Paris