4 & 5 SEPTEMBER 2018

DAY ONE

Welcome Address:

2018 OUTLOOK-WHAT IS DRIVING SECURITY AGENDAS?

Cybersecurity affects the security, stability and progress of country nations. Nations with strong cybersecurity capabilities will succeed and lead in the future whereas others will be left behind.  The same is true for organizations large and small as they compete in an ever competitive global economy denominated by high technology, allowing them to scale while protecting their brand and customers. Nations, organizations, schools and indeed society at large will have to realign quickly to the new world order to ensure their survival and growth into the next century.


Dato’ Dr. Amirudin Abdul Wahab, CEO, CYBERSECURITY MALAYSIA

Opening Keynote:

OH WHAT A TERRIFYING WORLD WE WEAVE

In this keynote, 12 year old Reuben Paul aka “RAPst4r” aka “The Cyber Ninja” will introduce you to the different aspects of the Ultra Connected World we live in Connectivity without security can be dangerous and terrifying as it applies to places, products and people. Using interactive engagements, real world scenarios, and hacking demonstrations, he will cover how connected technologies can be exploited by a hacker.  He will then propose what he thinks, it will take to be safe and secure in cyber space. Come for a exciting talk weaved with entertainment and be educated, equipped, empowered to face the cyber terrifying world we live in.


Reuben Paul, Founder & Cyber Security Ambassador, CYBERSHAOLIN, USA

Panel Discussion:

SECURITY-PRIVACY: HOW DO WE GET THE RIGHT RISK-REWARD BALANCE?

  • What is the latest in global security regulation, compliance and legislation?
  • How is the relationship between compliance and security changing?
  • How do we achieve the right balance between protecting the organization and running the business?
  • Examine the key differences of the GDPR compared to other Asian laws and the implications of cross- border processing.
  • Predictions on the future of privacy

Moderator:
Dr. Ken Baylor, President, VENDOR SECURITY ALLIANCE

Panelist:
Sazali Sukardi, SVP Strategic Research, CYBERSECURITY MALAYSIA
Kevin Duffey, MD, CYBER RESCUE ALLIANCE
Abhijeet Mukherjee, Group Information Security Architect, DOWNER GROUP
Ruzita Rashid, VP, Operational Risk Management, MUFG BANK

DELIVERING CYBER SKILLS OF THE FUTURE

Building a culture of cyber security is critical for any organization as is creating advocates in functions beyond the security team. Industry and government can help by partnering with learning institutions to raise awareness and promote available opportunities to train IT and security professionals, as well as the general public. Educators must continuously develop creative new training approaches that will prepare the next-generation workforce for the cyber security needs of the future. In preparing for the future, we also need to resolve two factors that hinder our ability to fight the good fight: drive greater opportunities for diversity in cyber security and fill the skills gap. Today, there are more than 1 million global cyber security jobs unfulfilled. We need diverse thinking, diverse candidates, and a diverse workforce to fill these roles.


Mary –Jo de Leeuw, Associate Partner, REVNEXT, President, Platform Internet of Toys & Vice President, WOMEN IN CYBER SECURITY FOUNDATION

RETHINKING THE HUMAN FACTOR : BUILDING A STRONG CYBER SECURITY CULTURE

With human errors being the #1 cause of cyber incidents and data breaches, it is now a CISO imperative to tackle behavioural change and focus on building a cyber risk aware culture. There are multiple drivers behind the rise of cyber security culture as a recognised need within organisations. It reflects the acceptance that how an organisation behaves is dependent on the shared beliefs, values and actions of its employees, and that this includes their attitudes towards cyber security. There is the recognition that traditional awareness raising campaigns (e.g. CBT, phishing simulations) are not, in themselves, affording sufficient protection against ever evolving cyber-attacks. Your organisation can only be secure if you strengthen the human firewall and make people your strongest defence. Key topics covered in this presentation:

  • People-related challenges and frustrations the industry is facing
  • Why a new approach to awareness and culture is required
  • Innovative approaches adopted by leading organisations
  • How to turn your “weakest link” into your biggest advantage in cyber security

Flavius PlesuHead of Information SecurityBANK OF IRELAND

EXECUTIVE SIMULATION OF A CYBER ATTACK

This dynamic session helps Executives to lead business recovery during a major data breach. In an ultra-connected world, no business is completely safe from cyber attack.  So directors must be ready for the cascade of commercial consequences that arrive when security fails.

This session demonstrates how the shock, speed and ambiguity of a major data breach can paralyze large organizations.  Kevin will lead the simulation and show executives how to engage with their Board about the need for better security, before a real data breach makes the case for them.

During the simulation, an expert panel will explore how reputations and revenues can be best protected during a cyber attach, through the series of Executive Decision Points that confront operational leaders.
The audience will be invited to consider real-life issues and to learn from mistakes others have made, in areas such as:

  • Triage: Where to deploy limited resources during a cyber crisis
  • Collaboration: Who to involve and call on for support
  • Values: How to make urgent decisions during extended uncertainty

The panel will be chaired by Kevin Duffey of Cyber Rescue, the leading European specialist in executive response to cyber attack.


Kevin DuffeyManaging Director, CYBER RESCUE ALLIANCE, UK

TRANSFORMING RISK & SECURITY IN A GLOBAL ORGANIZATION

Large global organizations handle cyber security risks every day. While they constantly need to deliver high quality services as part of their business portfolio, they are required to keep a constant vigil on their cyber security measures. This session will cover the approach such organizations could embark on, to understand the risks and structure of its cyber security investments in people, process and technology, and continue to meet its critical business objectives through a robust cyber security strategy.

This session discusses:

  • The risk and security challenges of a 24-hour business operating globally.
  • Approaches to identify the scope and building the business case for cyber security change.
  • The fundamentals of the transformation program to uplift technology and human aspects of risk and security.
  • Keep security top of mind within a major organizational transformation.
  • Executing the program and creating a culture of preventative security across the organization.

Manoj Kuruvanthody, Cyber Security Strategy & Governance HeadINFOSYS

MERGING CYBER SECURITY & PRIVACY: REAL WORLD EFFECTS

Privacy and data protection are among the biggest challenges for businesses today. Data breaches and privacy missteps can lead to costly, unanticipated expenses and business disruptions, as well as regulatory enforcement actions and class-action lawsuits.

Cyber risk affects every industry and business. The accelerating pace of technology evolution is raising new concerns around data privacy and creating more opportunities for cyber crime.

In this session Ken shares:

  • The latest issues and trends in data privacy and cyber security practices.
  • Complication of GDPR and Data Protection Officers (DPOs)
  • What do you need to watch out for?
  • What can you implement for your organization today?

Dr. Ken Baylor, PresidentVENDOR SECURITY ALLIANCE

Platinum Sponsor

 


Panel Discussion:

MEASURING AND MINIMIZING THE IMPACT OF CYBER CRIME ON THE ECONOMY

  • Define and accept: Understanding both our individual and collective responsibilities
  • How can we organize continued, sustained and close collaboration between government, industry, academic and international partners?
  • Can we truly separate business and political relationships?
  • How to exercise diplomacy to ensure the strength of the national economy

Moderator:
Chris Cubbage , Director & Executive Editor, MY SECURITY MEDIA, AUSTRALIA

Panelist:
Keyun Ruan, Computer Scientist & Author, LONDON
Ira Wrinkler, President, SECURE MENTEM, USA
Shahmeer Amir, CEO, VEILIUX, PAKISTAN
Tony Chew, former Global Security Advisor, CITIBANK | Chief Strategy Officer, V-KEY

USING BLOCKCHAIN IN SECURITY

As well as being an enabler of the highly valuable bitcoin, Blockchain is being used beyond just the financial services industry. It is said the distributed ledger could also be useful in general, for areas such as authentication and protection from data theft.

It has also been suggested that blockchain could help to secure the internet of things (IoT). According to Deloitte, Blockchain technology could “enable the creation of IoT networks that are peer-to-peer (P2P) and trustless; a setting which removes the need for devices to trust each other and with no centralized, single point of failure”.

This session will:

  • Uncover how blockchain works, looking into how it can be used in security and for which sectors
  • Examining the risks in adopting the technology

Shahmeer Amir, CEO & Bug Bounty Hunter, VEILIUX | Advisor, HACKEN

CASTLES IN THE SKY: ACHIEVING TRUST IN THE CLOUD

A significant issue for enterprises moving to private or public clouds is how to trust the infrastructure and providers with their sensitive workloads. Customers need the ability to assess security standards, trust security implementations, and prove infrastructure compliance to auditors. Trusted geo location allows organizations to establish security and physical boundaries that limit which systems process and store sensitive information and applications in the cloud. This session will highlight:

 

  • Issues with cloud architectures and discuss ways to achieve visibility, compliance, and security.
  • Examine solution stacks that enable trusted computing and illustrate several usages that demonstrate policy enforcement, compliance, and end-to-end trust in the cloud.
  • How organizations can monitor and enforce geo location restrictions, ensuring that their workloads in the cloud are deployed on trusted hardware in known locations to meet security policy compliance.

Adnan Hendricks, CEO, MICROSPECILIST, DENMARK

DAY TWO

HOW TO DESIGN A SMART NATION SECURELY

The recent cyber attack on Singhealth, Singapore’s largest group of public healthcare institutions has prompted Singapore’s Prime Minister to called for a complete review of all Smart Nation projects so as to “tighten up their defences and processes across the board”. So what is in the heart of the design thinking for a safe and secure Smart Nation? What can we learn from this attack, that could be incorporated into the security thinking for all Smart Nation projects? Are current security practices sufficient to address and arrest any current and future threats to any city or country’s bid to be “smart”? What are the emerging concerns that we must take heed and plan for the future? Join this session and explore avenues to be “Smart” and secure.


Aloysius Cheang, Board member & Executive Vice President, Asia Pacific, CENTRE FOR STRATEGIC CYBERSPACE + SECURITY SCIENCE (CSCSS)

ARTIFICIAL INTELLIGENCE & BIOMETRICS: KEYS TO STRONGER DIGITAL SECURITY IN ONLINE & MOBILE BANKING

The recent spate of cyber attacks on commercial banks and central banks should have jolted every bank in the world from their complacency and inertia in their reliance on passwords to protect their accounts and payments. But sadly, the stark lessons are frequently and doggedly ignored or dismissed until they themselves become the next big victim or casualty. Many banks will continue to be gripped by apathy and prevarication. The folly of single factor authentication will continue to plague the banking industry.

To protect their customers, maintain trust and confidence in their online and mobile banking services as well as reinforce their own reputation for safety and soundness, banks should consider the following security enhancement solutions:

  • Implement biometrics, dynamic OTP and artificial intelligence.
  • Enhance their level of digital security by adopting 2FA and stronger threat and vulnerability risk assessment to protect their customer accounts as well as their own domestic and international interbank payment transactions.

Tony Chew, Chief Strategy Officer, V-KEY | former Global Head of SecurityCITIBANK

THE INTERNET- BUILT TO OUTLAST NUCLEAR WAR BUT FAILS AT SMALL TOASTERS

The existence of botnets like Mirai or VPNFilter shows that attackers have now begun to use the Internet of Things for their own purposes. They are on fertile ground because millions of devices are exposed on the Internet and waiting to be hacked. We have automatically analyzed the firmware of thousands of IoT devices, looking at various security issues. Vendor backdoors, embedded cryptographic keys, and outdated software versions are commonplace. In this talk, the results of the “large-scale” firmware analysis will be presented. In addition, vulnerabilities found in device types that are in the focus of attackers are highlighted.


Florian LukavskyMD, SEC TECHNOLOGIES

THE TRUTH ABOUT HACKING : FROM HOLLYWOOD TO RUSSIA

In the last twenty years or so it’s no secret that we have built a world that is radically different from what came before and that we are in the middle of some sort of technical curve to an unknown destination. The whole world is more concerned about privacy and security today than ever before. Our entire lives are tracked in cyberspace. We now live in clouds, grids and the ever growing internet of things. What happens when we don’t understand the meaning of this transition into the digital Pangea, much less the meaning of security? Hacking is in the news everyday and there is no end in sight as the risks to individuals and businesses continue to grow. From Hollywood, politics, the economy and other influences, our lives are being shaped by how we use technology. We have seen a great deal of sacrifice in the name of security, but it seems pertinent that we do not even have a robust philosophical definition for what ‘cyber security’ actually is. This keynote will discuss and demonstrate the vast misunderstandings of security today and what we can do to better equip ourselves to handle the threats to the present and future of how we function. Be prepared to be informed, scared and maybe even amazed on this issue and it’s impact on our global marketplace, consumption and collective evolution.


Ralph Echemendia, The Ethical Hacker & CEO, SEGURU

DETECTING AND PREVENTING ATTACKS EARLIER IN THE KILL CHAIN

Most organizations place a strong focus on tools and technologies. Prevention of malicious attacks is ideal with timely detection is mandatory in combating cyber threats.  However, in a world where cyber criminals first device a strategy before launching an attack and targeting an organization, what do you think the key ingredient of a pervasive cyber-defense should be?  Security vendors will only provide you with tools and technologies but best of the guns are of no use if there’s no effective and clear strategy. This session provides a look at a strategy that can be used to improve the detection of attacks at every phase of their attack chain. The learnings from this strategy can be used to proactively defend against known or unknown attacks for an effective cyber defense. This talk will look at the thought stimulating ways to push your cyber-defense ahead of the curve while flexibly using different types of technologies using open-source, network and host IDS capabilities and other analysis tools to look at preventing and detecting attacks earlier in the cyber kill chain without impacting your organization adversely.


Abhijeet Mukherjee, Group Information Security Architect, DOWNER GROUP, AUSTRALIA

MITIGATING RISK FROM YOUR SOCIAL MEDIA & MOBILE APPS

Mobile devices are potentially becoming the weakest point of any security system, particularly as more work is done on the go. Join us to learn more about how to protect your organization and employees through:

  • The frequency and impact of mobile malware
  • Understanding the current threats
  • The impacts of a potential mobile attack
  • Strategies you should be implementing to protect your business?

Jacqui McNamaraHead of Cyber Security Services, TELSTRA

“CYBERNOMICS: DIGITAL ASSET VALUATION & CYBER RISK MEASUREMENT”

  • Overview of Cyber’s current position in the business
  • Establishing traceability for better risk management
  • Analyzing the attacker’s role in cyber risk
  • Outlook for the future of cyber risk quantification

Dr. Keyun Ruan, Computer Scientist & Author “Digital Forensics”, UK

BEST PRACTICES OF RED TEAMING AND THREAT EMULATION

Gone are the days where typical penetration test would give your organization sense of security. With the emergence of Red Teaming and its process of successfully emulating a realistic threat, red team ensures that their results exceed a typical penetration test. Red Teaming not just act as a key player for deciding organization cyber security strategy but also gives complete security posture of organization from an adversary or competitor’s perspective. Red teaming requires different approach from penetration testing and it revolves around well-defined TTPs (tactics, techniques and procedures).
This session will take you in-depth into:

  • investigative work of red team, revealing the best practices, most common pitfalls, and most effective applications of these modern-day Devil’s Advocates.
  • understand how red teaming acts as a mature method of assessing an organization’s ability to tackle cyber threats

Aatif Khan, Cyber Security Strategist, LONDON

Panel Discussion:

HACKER CULTURE AND THE NEW RULES OF INNOVATION

Running a startup and trying to bake innovation culture into the foundations of the entreprise? Trying to inject more creativity and agility into your company and running up against bureaucratic mindsets and barriers to change? Companies need a radical solution thus building a hacker innovation culture .

This interactive panel discusses:

  • Examines how to build a culture of hacking and experimentation in your company
  • Role of hacking in the design and startup industries
  • Share key concepts and practical insights

Moderator:
Dhillon Kannabhiran, CEO, HACK IN THE BOX ( HITB)

Panelist:
Florian Lukavsky, MD, SEC TECHNOLOGIES
Zoe Rose, Ethical Hacker, BARINGA PARTNERS
Shahmeer Amir, CEO & Bug Bounty Hunter, VEILIUX
Ralph Echemendia, CEO, SEGURU
Aatif Khan, Cyber Security Strategist, LONDON

PRISONERS, HERD IMMUNITY & BEES- WHAT INFOSEC CAN LEARN ABOUT COLLABORATION FROM THE WORLD AROUND US

Ever wondered why companies spend vast amount of money solving the same problems as everyone else, or worse, making the same mistakes as everyone else? Or why collaboration in the hacker community isn’t reflected in ‘the real world’? Enterprise InfoSec has much to learn from the natural world – there are plenty of examples in nature as to how and why collaboration is beneficial for all involved, and how those that don’t play by the unstated rules are quickly punished by the community.


Craig Searle, Chief Apiarist & Managing Director HIVINT

FORGET THE O-DAYS; LETS TALK ABOUT THREATS & ISSUES THAT REALLY MATTER

Humans are social beings, we have an intrinsic need to come together, whether to celebrate our  achievements or support those in need. The Internet has been fundamental in helping societies connect and our communities grow throughout the world, but this hasn’t come without cost.

Our world has become rapidly dependant on technology and connectivity, that has led to a common need for things ‘just to work’, anytime, and anywhere.  On the other side, this seemingly insurmountable expectation, manufacturers, software vendors, service providers and alike, do everything it takes to remove unnecessary overheads in order to get-to-market quickly, and at low cost. In the centre of all of this, is a growing threat that is seeking to take advantage of these two opposing forces. In this talk, we will look at how we ensure cyber security is seen as a business imperative and not an unnecessary bolt-on, and how we can embed security by design into our business processes.


Zoe RoseEthical Hacker, BARINGA PARTNERS, LONDON

CLOSING KEYNOTE:

INCORPORATING SECURITY PRACTICES INTO BUSINESS PROCESSES

When there are security problems, there is a natural tendency to look to apply blame to some person or process.

The underlying problem is however that security is proverbially bolted onto an organization, instead of being built in. Every critical process in mature organizations is defined in detail by procedures or guidelines. If something goes wrong, they are typically able to point to a specific procedure that was not followed. However, security is rarely embedded into such procedures. This presentation defines the issue and goes into detail to define a process to evaluate organizational procedures and guidelines and determine how to embed security. This also has specific implications for how awareness programs are designed and implemented. In this exciting session, Ira will discuss:

  • How current awareness programs focus on the wrong things.
  • Understand why practices should be embedded into procedures and guidelines.
  • Learn how to embed security practices into business processes.

Ira WinklerPresident, SECURE MENTEM, USA