Hybrid work models, cloud migration and new digital channels are highlights of the past two years of aggressive digital transformation. But what does the future bring in terms of how we work, conduct commerce and secure our digital assets from ever-evolving, ever-automating cyber adversaries?
Join RBC CISO Adam Evans for a thoughtful discussion on securing the future, with focus on:
- How we will work;
- Turning cybersecurity investments into business value;
- The role of cybersecurity in customer relationships.
-
09:00 AM
-
09:29 AM
When CNA Financial - a top U.S. insurance company - was struck by ransomware a year ago, it reportedly paid $40 million in ransom to restore access to its network and data. How does that fact that ransomware incidents - and ransoms - are now at record highs affect the cyber insurance sector? What are the emerging standards for coverage, as well as legislative trends, affecting the practice?
This exclusive panel tackles these questions as well as:
- Proving cyber insurance value;
- The rising bar for entities to qualify for cyber insurance;
- The growing role of cyber insurance companies in incident response.
-
09:30 AM
-
10:01 AM
-
10:00 AM
-
10:30 AM
Digital identities control access to an ever-growing number of applications, services and critical systems. This makes identity an interesting attack vector for threat actors and highlights the importance of authentication and authorization in preserving trust and security.
The Auth0 State of Secure Identity report highlights the latest trends in identity security, including the types of attacks Auth0 has observed, the characteristics of these attacks, what industries are most affected and the adoption rates for identity protection technologies.
During this session, we’ll provide greater insight into which industries are:
• Most highly targeted by credential stuffing attacks;
• Most highly targeted by SQL injection attacks;
• Leading the way in MFA adoption to improve overall security posture.
We’ll also shed light on fake account creation, MFA bypass attacks and what defensive measures are being adopted to combat these identity security threats.
-
10:00 AM
-
10:32 AM
It’s no longer a matter or if, but when, you’re going to be the victim of a ransomware attack. Are you prepared? Learn from Securework’s Tony Kirtley, Director of Incident Command, how to prepare for an attack, but more importantly what to do immediately following with tales from the trenches.
-
10:30 AM
-
10:44 AM
Cloud infrastructure is extremely complex, with thousands of workloads and data resources, service and human identities, and policies and configurations. With so many moving parts, it’s nearly impossible to clearly see or understand what is going on in your AWS, Azure and GCP environments - let alone control it. Efforts are exacerbated by the rapid pace of development, shortages in cloud expertise, and the number of stakeholders.
Ultimately the most important questions are: Is my data exposed? Who can access it? Only with clear, contextual, actionable risk insight into all identities, configurations and resources can you begin to grasp effective access and the risk to your data. Find out how an identity-first approach to cloud security can help you reduce your cloud attack surface and blast radius - and stay compliant.
-
10:30 AM
-
10:44 AM
Fast-moving cyberattacks can strike at any time, and security teams are often unable to react quickly enough. Join to learn how Autonomous Response takes targeted action to stop in-progress attacks without disrupting your business. The discussion includes real-world threat finds.
Explore today’s threats and challenges and learn how advances in AI have been leveraged to allow for very surgical actions to be taken autonomously - where humans can no longer react fast enough.
-
10:45 AM
-
11:14 AM
The Log4shell vulnerability found in the Log4j logging framework has been recognized as one of the most critical vulnerabilities ever, open source or otherwise. And while the dangers of the Log4j vulnerability remain high, the situation has highlighted an even bigger issue that is plaguing security professionals and developers: If you don’t know what’s in your software supply chain, you’re already behind.
When a flaw is disclosed, companies are instantly thrust into a race against time to fix it before it can be exploited by an attacker, meaning every minute counts. If you don’t know what’s in your software, you’re effectively giving hackers a huge head start.
While this outlook might seem bleak, there are easy steps you can take to significantly mitigate risk. This session will help you do that by answering:
- Why the Log4j vulnerability is so severe and common remediation measures companies took to secure their code
- How you can improve your security posture with automation and SBOMs, and better prepared for the inevitable next open source vulnerability that comes along
-
10:45 AM
-
11:14 AM
A ransomware attack strikes every 11 seconds.
Despite thick firewalls, the bad guys will get through. Some businesses pay the ransom but most want to recover, so they don’t let the bad guys win.
A payout isn't the only way out.
If hackers exploit your backups, you pay the ransom. If your backups survive, you need to know what to recover and how long it will take. If you don't, you pay the ransom. But even with a decryption key, recovery takes days or weeks and the hackers may not return all the data.
Recovery from a clean backup is the only way to beat hackers. Data managed by Rubrik can’t be encrypted after the fact. Once ingested, no external or internal operation can modify it. So, your data is immune to ransomware. Since data can’t be overwritten, even infected data ingested by Rubrik can’t infect existing files/folders.
We'll discuss how to:
- Analyze backup metadata for unusual behavior;
- Quickly identify what data was encrypted and where it lives;
- Locate PII that may have been exposed to a data exfiltration attack;
- Automatically protect new workloads and lock retention to prohibit deletion of backup data.
-
11:15 AM
-
11:47 AM
Is XDR a technology or a capability? Is there one reference architecture, or is there a set of capabilities that define Extended Detection and Response? Gaining a better understanding of threat actor activity requires telemetry and analysis from multiple tools combined with advanced analysis capability. XDR promises to increase detection fidelity and reduce containment and response times while automating and orchestrating key security processes. But is your organization ready to adopt XDR? Do you have the necessary components and capability to be truly effective with XDR? Join our discussion to learn what it takes to begin a journey to XDR and assess your readiness.
-
11:15 AM
-
11:44 AM
As Canada continues to shift towards digital, fraudsters are following. In this session, LexisNexis Risk Solutions reveals proprietary cybercrime analysis conducted on over 3B Canadian transactions, as well as industry insights from leading Canadian fraud and risk management executives. With a double-digit increase in both human-initiated and bot attacks, is your organization prepared for an evolving Canadian fraud landscape?
Kim Sutherland and Alanna Shuh of LexisNexis Risk Solutions will have a discussion with Tom Fields, Editor for ISMG on:
- Canadian fraud trends and cyber risk insights
- How leading organizations are focusing on customer experience by leveraging a dynamic, multi-layered fraud prevention strategy and using risk-appropriate friction for authentication
Well, of course one can outsource cybersecurity operations. The questions are: What's your business case? What is your vendor selection process? What’s in your contract - and how will you monitor the relationship?
Join this diverse panel for a free-ranging discussion on a variety of topics, including:
- Why outsource?
- How do you right-size the engagement to meet your needs?
- What are the key SLAs to write into the contract?
-
12:00 PM
-
12:32 PM
-
12:30 PM
-
12:59 PM
Cloud migration, IoT deployment and zero trust architecture have been paradigm shifts for enterprises and their information security teams. But what about the impact on identity and access management? "It's big," says Marco Lattavo, director of IAM at Economical Insurance and a panelist in this session.
Join to learn more about the impending IAM paradigm shift and how to prepare. Discussion points include:
- The nonhuman identity challenge;
- Clearing the MFA hurdles;
- The future of passwordless authentication.
-
12:30 PM
-
12:59 PM
It's among the critical infrastructures one thinks of first re: a cybersecurity incident. The North American power grid has been described as "the world's largest connected computer." But how does it function, and what are some of the glaring myths and surprising realities about its cybersecurity capabilities and vulnerabilities? This expert panel discusses:
- The grid's role as a critical infrastructure
- Top threats and risks
- The roles of threat intelligence, information sharing and incident response planning in grid security
Cloud security, supply chain security, third-party risk - it’s a broad and rich risk management surface for cybersecurity and risk leaders in 2022. And prioritization is a key challenge: Which are the top risks demanding the most resources and talent? Join this panel of risk and security leaders for a discussion about prioritization, as well as:
- How to assess business risk;
- Asset management in the cloud;
- A fresh look at third-party risk management.
-
01:00 PM
-
01:30 PM
Data security was challenging enough when all your crown jewels were locked within a single castle. Now that they are on disparate devices, in home offices and in the cloud, it's a game-changing discussion. Join this panel of experts to discuss the new challenges of data security, including:
- Identifying your most high-value data assets - they might not always be what you think they are;
- Defining your appetite for sharing data - which may change;
- Tackling data sprawl.
-
01:30 PM
-
01:59 PM
Heightened third-party risk, unrelenting ransomware attacks and a shifting regulatory landscape. These are boom times for cybersecurity and privacy attorneys, but difficult times for non-legal executives trying to make sense of it all.
Join this session and hear straight from two leading attorneys about:
- Negotiating the tricky ransomware landscape;
- Emerging regulatory concerns;
- What non-lawyers need to know about cybersecurity and privacy legal issues.
-
02:00 PM
-
02:29 PM
Remember when people worked together in central offices, "digital transformation" was a marketing pitch, and cyberattacks on critical infrastructure were far more theory than practice?
That was only two years ago. Today, post-SolarWinds, Colonial Pipeline and Ukraine, it's a different world - and it requires a different cybersecurity strategy.
In this closing keynote, Martin Dinel , CISO of the Government of Alberta, outlines his efforts to update his cyber strategy, including:
- Digital services by default;
- Hybrid work as the norm;
- Potential risks from nation-state actors.
-
02:30 PM
-
02:59 PM
All content from Day 1 will be available on demand from 9 AM - 5 PM ET on Day 2, Wednesday, March 9th. Don’t miss the chance to log-in and consume any content you may not have had the chance to see at your own convenience.
-
09:00 AM
-
04:59 PM
