The majority of today's high profile breaches come down to poor cyber hygiene such as unpatched flaws, insecure APIs, misconfigured servers or compromised passwords. How can security leaders build the teams and resources they need in order to fully focus their efforts on the 80% of what they can control? 

Join Shefali Mookencherry, CISO, Edward-Elmhurst Health; Erik Hart, CISO, Cushman & Wakefield; and Paolo Vallotti, CISO & VP of Operations, Tate & Lyle to discuss:

• The 80% of what you can control;
• Tackling patching, passwords and misconfigurations;
• Getting the resources you need on a limited budget.

We know that security teams should look to collaborate and work closely with privacy teams for the benefit of both departments and yet the notion of them being unrelated still exists. The DPO can help the CISO secure data more efficiently by collating only the most necessary data and keeping customers well-informed about the transfer and usage of data.

So, what are some best practices to improve collaboration? 

Join this Ashley Huntington, Chief Compliance Officer, Cook County Health and Karen Habercoss, Chief Privacy Officer, U. Chicago Medicine to discuss:

• Similarities and differences between security and privacy risk;
• Where security and privacy teams can leverage each other;
• How to quantify and qualify data risk.

Today’s software-driven organizations know they need to keep innovating, but traditional software development models and release frequencies simply can’t keep up with seemingly ever-increasing demand. Clearly, Modern Application Development, or MAD, processes and innovative, cloud-native approaches are critical for organizations to stay viable.  

Not surprisingly, leadership support for MAD initiatives is building - and quickly. But MAD comes with cultural changes and some inherent application security challenges that need to be addressed proactively.

In this live session, we’ll cover what you’ll need to know about MAD, including:

• Expected benefits and outcomes;
• Likely hurdles and bumps you’ll run into; 
• MAD’s expanding risk landscape;
• Solutions and approaches you’ll need to properly secure MAD.

Enhance your Summit experience by visiting the Sponsors’ Interactive Booths. Chat with Representatives at each Booth, access valuable resources, schedule a demo and more!

Stop by the Expo Hall.

The Apache Log4j zero-day that struck the world last December may have been the biggest incident of the year, but hardly the only one. SolarWinds, Microsoft Exchange and Kaseya all came prior. And it won't be the last. At a time when enterprises are increasingly vulnerable through their software supply chains, you know the next Log4j is far more "when" than "if."

So, how prepared are you for the next Log4j fire drill? Join this CISO panel to discuss:

• Lessons learned from the first Log4j;
• Questions to ask your critical vendors about preparedness and response;
• How to make response and resiliency a part of your standard operating procedure.

The more data you use, the more data you find you’ll need. This leads to hard decisions about what investments to make in data projects, technology and personnel - with a limited budget. Cybersecurity teams need processes and tools to measure ROI and manage data sprawl. What are the best ways to think about optimizing your existing and upcoming data investments, and how have others approached the issue?

In this panel, Randy Lariar, practice director with Optiv’s Big Data and Analytics, discusses what he sees in the market and challenges organizations faced with rationalizing data investments. Top business leaders join Lariar to discuss what has worked for their organizations and their perspectives on how others can successfully decide what data investments are right for them.

Legacy software supply chain "exploits" prey on publicly disclosed open-source vulnerabilities left unpatched in the wild. Next-generation software supply chain "attacks" are more sinister because bad actors don't wait for public vulnerability disclosures. Instead, they take the initiative and actively inject malicious code into open-source projects that feed the global supply chain.

By shifting their focus "upstream," adversaries can infect a single component that is then distributed "downstream" using legitimate software workflows and update mechanisms.

Next-generation cyberattacks targeting open-source software projects have increased 430% year-over-year. The attacks are possible because:

• Open-source projects rely on contributions from thousands of volunteer developers and discriminating between those with good or malicious intent is difficult, if not impossible. 
• Open-source projects incorporate hundreds to thousands of dependencies from other open-source projects, many of which contain known vulnerabilities. 
• The ethos of open source is built on shared trust between a global community of individuals, which creates a fertile environment for bad actors. 
  

When adversaries deliberately and secretly inject malicious code into open-source projects, they can surreptitiously "set traps" upstream and then carry out attacks downstream. This session explores: 

• The evolution of software supply chain attacks; 
• Their impact on open-source ecosystems; 
• How companies can proactively protect themselves. 

View our CyberEdBoard Profiles in Leadership Interviews with Marene Allison, CISO at Johnson & Johnson, Diego Souza, Global CISO at Cummins, Nicole Ford, VP & CISO at Carrier and more.

Business Email Compromise (BEC) and related email account compromise scams resulted in nearly $2.4 billion in reported losses from victims in 2021, the most of any category disclosed to the FBI’s Internet Crime Complaint Center (IC3.) In this presentation and fireside chat, Special Agent Cody Majerus will outline the anatomy of a BEC scheme, share insights into criminals' methods - and why they're working, and provide techniques to prevent these crimes.

Join Special Agent Cody Majerus to learn about:

• The reality of BEC scams today - and how the criminals are succeeding;
• Best practices to prevent BEC scams;
• Ways to report cyber-enabled financial fraud cybercrimes.

Critical resources need defense in depth beyond validating identity. Certificates provided a method to establish this trust. It is time to remove the calendar reminder for our certificate renewal. Duo’s Device Health Application can verify enrollment into corporate management systems without deploying certificates. Learn how this is done with some common asset management solutions.

When CNA Financial - a top U.S. insurance company - was struck by ransomware a year ago, it reportedly paid $40 million in ransom to restore access to its network and data. How do record-high ransomware incidents - and ransoms - affect the cyber insurance sector? What are the emerging standards for coverage and the legislative trends affecting the practice?

This exclusive panel tackles these questions as well as:

• How to be a better partner to buyers;
• The rising bar for entities to qualify for cyber insurance;
• The growing role of cyber insurance companies in incident response.

The Zero Trust framework is based on the principle of "never trust, always verify." Join us to learn about Zero Trust, how to adopt it for applications, and the technologies you need to take control of your environment in the fight against ransomware.

Enhance your Summit experience by visiting the Sponsors’ Interactive Booths. Chat with Representatives at each Booth, access valuable resources, schedule a demo and more!

Stop by the Expo Hall.

The vulnerabilities are old, the tactics are predictable and the potential impacts are crippling. The subject is ransomware, and this panel intends to breathe new life into the urgent topic by discussing key points, such as:

• How to be a less likely victim;
• How the threat has morphed - and how our response must change;
• The true costs of "just pay the ransom."

The growth in information production appears unstoppable: Businesses recognize data as a guide to strategic decision-making and a way to garner better business results. This also means that the demand for robust regulatory data governance has never been so great. 

How confident are you in determining the right roles, processes, policies, standards, and metrics to guarantee the efficient and effective use of information for your organization to reach its goals?

Join this panel to learn how to build a comprehensive data governance valuation program - regardless of whether your organization has a data governance officer or not.

Fred Kwong, CISO & VP, DeVry University; Bonnie Goins, Adjunct Professor, Illinois Institute of Technology; and Karen Habercoss, Chief Privacy Officer, U. Chicago Medicine discuss:

• Misconceptions about data governance;
• Best practices to build a data governance valuation program;
• Why communication is key to ensure efficient and effective use of information.

All content from Day 1 will be available on demand from 9 AM - 5 PM CT on Day 2, Wednesday, March 9th. Don’t miss the chance to log-in and consume any content you may not have had the chance to see at your own convenience.