ISMG Cybersecurity Summit: London

17th September 2024

Cybersecurity Summit: London

8:30 BST - 17:45 BST | London, EN

Event Overview

The Cybersecurity Summit in London, hosted by ISMG, is the ultimate gathering of elite cybersecurity practitioners, distinguished by its laser focus on the latest industry developments and toughest challenges. This exclusive event offers unparalleled networking opportunities with industry leaders, fostering an exchange of groundbreaking ideas. Dive deep into specialized topics such as the latest NIS2 Directives, DORA resilience strategies, AI-driven cybersecurity innovations and sophisticated ransomware combat techniques.

The highlight? A hands-on tabletop exercise on deepfakes, equipping you with practical skills to tackle emerging threats head-on. This summit ensures you stay ahead, armed with the knowledge and connections to lead the field.

View our ISMG 2023 London Summit Experience video to see highlights and what is in store for 2024!

Venue

Andaz, Liverpool Street, London

40 Liverpool Street, London, EN

EC2M 7QN, United Kingdom

NOTE: All requests to attend will be reviewed by event staff and

approved based on and event capacity.

Highlight Topics

DORA – The Promise of Cyber Resilience Across the Financial Sector
AI Act – Is the EU Putting AI in a Time Out Until It Learns to Share and Play Fair?
NIS2 – The Impact on EU Member States
Deepfake Drama – An In-Depth Tabletop Simulation
Ransomware – Navigating Threats and Responses

Speakers

Thought Leaders on Stage and Leading Deep Dive Discussions

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in Cybersecurity passionate about the latest tools and technology to defend against threats

Ian Thornton-Trump

CISO, Cyjax

Surinder Lall

SVP, Global Information Security Risk Management, Paramount

Brian Brackenborough

CISO, Channel 4

Heather Lowrie

Former CISO, University of Manchester

Jon Davies

Senior Director, Media Company - Confidential

Victor Murineanu

Information Security Manager, Chelsea Football Club

Dom Lucas

Head of Security, British International Investment

Angus Clarke

VP, BSO, Mastercard

Jonathan Armstrong

Partner, Punter Southall Law

Martyn Booth

CISO, dunnhumby

Jon Staniforth

fmr. CISO, Royal Mail

Rory Alsop

Head of Information Security & Cyber Risk, Tesco Bank

Speakers

Thought Leaders on Stage and Leading Deep-Dive Discussions

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage for knowledge-sharing discussions. Know what is on the minds of leading security experts as they share insights and challenges of the ever-evolving threat landscape.

Agenda

You can now view or download a PDF version of the attendee guide.

Registration & Networking Breakfast

You can now view or download a PDF version of the attendee guide.

Opening Remarks

Ian Thornton-Trump

CISO, Cyjax

Jon Staniforth

Former CISO, Royal Mail

Heather Lowrie

Former CISO, University of Manchester

Deep Insights From Three CISOs Who Battled Ransomware Attacks and Have the Scars to Prove It

Join an exclusive session with the former CISOs of Royal Mail and The University of Manchester as they share candid and highly relevant insight drawn from their personal experiences managing major ransomware attacks.

Discover how to strengthen your organization’s resilience by learning directly from those who have navigated these intense challenges, offering you practical strategies and invaluable lessons for future preparedness.

This session will:

Explore the speaker’s firsthand experience in managing a significant ransomware attack compared to prior training.
Highlight the importance of communication and showing empathy in incident response.
Discuss the personal and financial implications of a cyber incident for CISOs, their organizations and customers.
Emphasize the need for collaboration among legal, compliance and communication stakeholders.

Moderated by Ian Thornton-Trump, CISO, Cyjax

Jon Staniforth, Former CISO, Royal Mail

Heather Lowrie, Former CISO, University of Manchester

James Maude

Field Chief Technology Officer, BeyondTrust

Ian Thornton-Trump

CISO, Cyjax

Victor Murineanu

Information Security Manager, Chelsea Football Club

Hackers Don’t Hack in – They Log In. How to Combat the Threat of Identity Compromise

The world of cybersecurity is changing, with more dynamic highly connected systems than ever. With an explosion of apps, accounts and access, the battleground has shifted from traditional perimeter and endpoint security into the world of identity security, effectively meaning the hacker has been replaced by the credentials thief.

With identity compromise common to almost every cyberattack, distinguishing between how a legitimate user is leveraging an identity and the misuse of that identity by an unauthorized user is difficult. This leaves the door open for threat actors to use impersonated identities to access resources, compromise systems, move laterally and achieve their illicit objectives. Today, this is effectively making identity the new security perimeter.

Join the discussion with our esteemed panel of experts as they share what is driving this paradigm shift, and how attackers are successfully exploiting the gaps in visibility between IAM and security tools.

This session will cover:

How the threat landscape is evolving.
Real-world examples of identity breaches.
How attackers are exploiting hidden paths to privilege.
How controlling identities and privileges can be your greatest defense.

James Maude, Field Chief Technology Officer, BeyondTrust

Ian Thornton-Trump, CISO, Cyjax

Victor Murineanu, Information Security Manager, Chelsea Football Club

Steve Jackson

Senior Vice President of Growth, Binalyze

Resolving Incident Response Challenges in Your SOC With Automation

In an "assume breach" world with increasing regulatory burden, incident response investigation capability is critical to protecting enterprise resiliency.

In this session, we will explore the specific challenges around operational security, SOC resources and welfare and the regulatory landscape, and how these challenges can be met head-on through automation, collaboration and greater speed of investigation.

Steve Jackson, Senior Vice President of Growth, Binalyze

Networking & Exhibition Break

Nathan Swain

CISO, Binance

Max Kington

CISO, Global Markets, BNP Paribas

Surinder Lall

SVP, Global Information Security Risk Management, Paramount

A Double-Edged Sword: Guarding Against AI’s Expanded Threats

Artificial intelligence has become increasingly ubiquitous, and its capabilities are being exploited not only for innovation and efficiency but also by threat actors aiming to refine their methods and probe vulnerabilities.

This panel discussion will explore how cybercriminals are leveraging AI to conduct sophisticated attacks, such as automated phishing, deepfake generation and AI-driven malware. We will examine these real-world cases, discuss their implications for U.K. organizations, and provide strategies for mitigating these advanced threats.

Join us to gain a deeper understanding of the evolving threat landscape and to equip your organization with the knowledge to stay ahead of AI-powered cyberthreats. We will dissect specific AI-driven attacks, analyzing the methodologies used by cybercriminals and offering insights on how to bolster your cybersecurity posture against such advanced tactics.

This session will cover:

Understanding AI-enhanced threats: Gain insights into how AI is being utilized by cybercriminals to execute more sophisticated and harder-to-detect attacks, including phishing and malware.
Real-world case studies: Learn from real-world examples of AI-driven cyberattacks, such as the AI-powered spear-phishing attack on Metro Bank and the deepfake fraud case targeting RWE.
Mitigation strategies: Explore effective strategies and best practices for defending against AI-powered threats, including enhancing threat detection capabilities and improving incident response protocols.

Nathan Swain, CISO, Binance

Max Kington, CISO, Global Markets, BNP Paribas

Surinder Lall, SVP, Global Information Security Risk Management, Paramount

Lance Moraitis-Jones

Senior Presales Engineer, Recorded Future

Reducing Risk Through Automated Threat Profiling

In today's fast-pacedcyber threat landscape, reducing risk through automated threat profiling is essential for maintaining robust security postures.

This session will delve into the benefits of automated threat profiling, exploring why it is crucial and the challenges it presents. Attendees will learn how to prioritize threat actors and malware more dynamically and in real time, and discover methods to operationalize the output to further protect their organizations. Join us for an in-depth discussion with experts who will share their insights and strategies for leveraging automated threat profiling to enhance cybersecurity defenses.

This session will cover:

Benefits of automated threat profiling: Understanding why automated threat profiling is crucial for modern cybersecurity and the challenges it presents.
Dynamic prioritization: Exploring methods to prioritize threat actors and malware dynamically and in real-time to stay ahead of evolving threats.
Operationalizing threat profiling: Discussing how to effectively operationalize the output of automated threat profiling to enhance organizational protection and response strategies.

Lance Moraitis-Jones, Senior Presales Engineer, Recorded Future

Richard Meeus

Director of Security Technology and Strategy, EMEA, Akamai

Illuminating the Shadows: Enhancing Discovery and Visibility for Robust Operational Resilience

In today's digital world, operational resilience plays a vital function in supporting business continuity.

IT security leaders must focus on the essential roles of discovery and visibility to strengthen their organization’s defenses and ultimately protect against evolving cyberthreats

This session will highlight how comprehensive discovery and visibility across IT infrastructure, data streams, applications, APIs and operational technology can strengthen your organization’s defenses. Learn to identify and inventory digital assets, integrate visibility for better monitoring, and apply simple practical steps for continuous resilience against cyberthreats.

Richard Meeus, Director of Security Technology and Strategy, EMEA, Akamai

Lunch & Exhibition Break

Dom Lucas

Head of Security, British International Investment

Brian Brackenborough

CISO, Channel 4

Every Link Counts: Third-Party Risk and Emerging Supply Chain Threats

Supply chain vulnerabilities present a critical challenge to organizational security, especially in light of recent high-profile breaches impacting UK organizations. This session will shine a light on advanced strategies for securing supply chains and mitigating risk among third-party partnerships. Panelists will provide practical insights into implementing robust security measures, conducting thorough risk assessments, and establishing resilient monitoring systems.

Recent incidents such as the 2024 breach of the U.K. Ministry of Defence, which involved a third-party payroll system managed by SSCL, highlight the significant risks posed by third-party software providers. This breach exposed personal data of nearly 270,000 current and former staff, underscoring the necessity for rigorous supply chain security and the adoption of comprehensive risk management frameworks. By joining the discussion, attendees will acquire actionable strategies to fortify their supply chains against emerging threats and ensure no stone is left unturned in their risk management strategy.

This session will cover:

Proactive risk management: Learn how to integrate comprehensive threat intelligence and adopt best practices for evaluating third-party vendors, drawing lessons from recent high-profile breaches.
Advanced security controls: Discover best practices for deploying security controls such as code signing, software integrity verification, and secure boot mechanisms to safeguard supply chain components.
Continuous monitoring and incident response: Gain insights into setting up effective monitoring systems to detect signs of compromise or suspicious activity in the supply chain, and develop robust incident response plans to mitigate the impact of breaches.

Dom Lucas, Head of Security, British International Investment

Brian Brackenborough, CISO, Channel 4

Richard Cassidy

Field CISO, Rubrik

Achieving Predictive Resilience With AI: Safeguarding Critical Business Operations

In the age of cyber warfare, we’re all on the front lines, facing unprecedented data breach attempts. With the rising challenge of having to somehow manage exponential data growth, our risk surface is increasing at a rate many businesses are struggling to mitigate.

Organizations must adapt their cyber resilience and cybersecurity strategies to ensure their critical business operations remain uninterrupted in case of worst-case scenarios.

This session will explore how businesses can leverage latest technology capabilities – many of which are already embedded into existing operations and services ecosystems – to not only respond to threats in real time, but also predict and mitigate operational risks proactively.

Join us as we delve into the transformative role of artificial intelligence in enhancing cyber resilience. Discover how AI-driven insights can help organisations understand their current resilience posture, predict likely points of failure, and integrate seamlessly with existing security platforms to combat the threats we’re now facing to our critical business operations.

This session will cover:
• The integration of AI with data-at-rest solutions to provide deeper insights and predictive capabilities.
• Strategies for maintaining continuous business operations amidst rising cyberthreats.
• Approaches for the successful application of AI in predicting and mitigating cyber risks.
• Collaborative approaches to building a resilient security ecosystem that leverages the strengths of AI and existing cybersecurity tools.

By attending this event, you will gain valuable knowledge on leveraging AI for predictive resilience, ensuring that your organisation can withstand and quickly recover from cyber incidents to maintain operational continuity in an increasingly hostile digital landscape.

Richard Cassidy, Field CISO, Rubrik

Afternoon Break

Jonathan Armstrong

Partner, Punter Southall Law

Declan Burke

CISO, NorthStandard

Rory Alsop

Head of Information Security & Cyber Risk, Tesco Bank

Cross-Channel Resilience: Ensuring Compliance With EU Regulations

In light of the EU's AI Act and the impending NIS2 and DORA directives, U.K. CISOs face an increasingly complex regulatory landscape. NIS2 aims to strengthen the security of network and information systems across critical sectors, including energy, transport, banking, health and digital infrastructure. This session provides a comprehensive overview of these critical regulations and their implications for U.K. organizations post Brexit.

Additionally, we will discuss the DORA directive, which focuses on digital operational resilience in the financial sector, and the EU AI Act, which introduces comprehensive measures to regulate AI technologies.

Join our panel of experts as they delve into practical strategies for compliance

Key takeaways:

NIS2 Compliance: Understand the critical steps for aligning with the NIS2 directive to enhance the security of network and information systems across multiple sectors.
DORA and AI Act Insights: Gain insights into the requirements of the DORA and the EU AI Act, focusing on digital operational resilience in financial services and ethical AI deployment.
Future Trends: Explore the future of cybersecurity regulation in the UK and EU, considering the evolving regulatory landscape and emerging technologies.

Jonathan Armstrong, Partner, Punter Southall Law

Declan Burke, CISO, NorthStandard

Rory Alsop, Head of Information Security & Cyber Risk, Tesco Bank

Martin Peters

Detective Superintendent, City of London Police -- NPCC National Cybercrime Programme

Phillip Davies

CISO, Equifax UK

Deepfakes, Real Stakes: Unmasking Cyber Deception in a High-Stakes Tabletop Simulation

Join us for this collaborative tabletop exercise, hosted by CyberEdBoard. This interactive session is meticulously crafted to mimic a sophisticated cyberattack.

It aims to bolster strategic response capabilities and enhance operational readiness against the backdrop of advanced cyberthreats.The focal point of this exercise is a strategically crafted deepfake incident targeting a corporate executive, weaving together elements of social engineering, financial fraud and the challenges posed by emerging technological threats.

This session will cover:

Enhanced organizational readiness: To critically assess and improve organizational preparedness in responding to intricate cyber incidents involving deepfake technology and social engineering
Interagency collaboration and knowledge exchange: To strengthen the partnership and information sharing between the sponsor and leaders in the private sector cybersecurity community.
Strategic response development: To create all-encompassing incident response strategies that cover legal, technical and communicational facets, while also identifying and rectifying weaknesses in existing cybersecurity policies and governance.

Martin Peters, Detective Superintendent, City of London Police – NPCC National

Cybercrime Programme

Phillip Davies, CISO, Equifax UK