In this talk, we will explore the evolving landscape of cybersecurity threats as observed through Cloudflare's extensive network in 2024. Attendees will gain a deep understanding of emerging attack vectors and sector-specific threats, with a particular focus on the alarming year-over-year increase in DDoS attacks. By exploring key trends across Web Application Firewalls (WAF), bot management, threat hunting, and threat events, we will highlight the critical importance of tailored security strategies. Participants will leave equipped with actionable insights and strategies to fortify their defenses against the ever-changing cybersecurity challenges.

• Learn the art of prioritisation to ensure your team focuses on high-impact activities, protecting critical assets without burning out or overspending

• Explore the hidden costs in your security stack to determine what to keep, cut, or combine for maximum efficiency.

• Boost your defences without breaking the bank: What does it take to stay ahead of attackers and build better lines of defence with limited resources?

ThinkCyber’s CEO Tim Ward will delve into the reasons for implementing security awareness programs within organisations. Is it purely a matter of compliance or does it serve a deeper purpose of empowering employees to protect sensitive information and themselves?

Tim will explore the fundamental question: why invest in security awareness training? He will examine how to ensure these programs work—focusing on the science behind how people learn and retain security knowledge. By applying behavioural science principles, Tim will discuss how organisations can effectively change employee behaviours, reducing operational risks and enhancing overall security posture.

The session will also address key metrics for success. Tim will explore the importance of measuring not attendance or click rate, but the effectiveness of security awareness efforts. Are you measuring performance or real impact? He will share real-world examples from some of ThinkCyber’s clients to illustrate how to assess the effectiveness of security training and discuss the best practices for ensuring lasting behavioural change.

Deepfakes are getting easier to make but how can they be used in crime? Are they the next tool in the social engineer’s toolkit? From hacked CCTV to cloned RFID cards and quality deepfakes, Jake will uncover what is currently possible when breaking into a business with a little help from AI. Plus learn what happens when you experiment the spread of misinformation and how it can be used in financial crime.

Developing a robust security culture within an organisation is a critical challenge in today's threat landscape. Traditional security awareness programs often struggle to drive lasting behavioural changes. This session explores the power and role of "nudges" – subtle environmental cues and design elements that can positively influence employees' security-related behaviours.

Changing behaviours is a challenging task, changing your organisational culture can be even more difficult. Understanding why social engineering works, or how errors are so frequently made needs a better understanding of oneself. Grounded in the principles of behavioural economics and mindsets, attendees will learn practical strategies to educate, inform, nudge, and ultimately influence the culture of their workforce towards better security practices.

Click here to see the full schedule of streams on offer

Click here to see the full schedule of streams on offer

We as an industry have been heavily focused on the ransomware threat. A loud and dramatic threat that commands the attention of security professionals, governments and CEO’s globally but has possibly diverted some of our resources away from another increasingly concerning threat. Hacktivists seem like an old adversary that are the concern only of big banks and extractive industry organisations. This is a dangerous assessment. In this talk we will look at the rapid increase in their number, capability and motivation. Who are they? How do they select targets? How are they funded? Why do they pose a threat to you? What discussions do we need to have in 2025 to combat them?

Discover how to align your security investments with real-world threats. Amir Khan, Head of Sales at Zivver, presents exclusive insights from Zivver’s latest independent research revealing how IT leaders across industries perceive and prioritize email security. Gain a unique perspective on your peers' biggest challenges and plans for ensuring their email security strategies meets compliance and learn what’s driving their focus for 2025 and beyond. Amir shares practical steps to future-proof your organization with a holistic approach to email security.

A Kudelski Security Incident Response expert shares stories of what happens behind the scenes while learning tips from someone that sees these attacks happen on the daily.

The talk explored the transformative potential of AI in redefining how humans interact with technology, emphasizing the principle of AI-assisted human progression. Central to the discussion was the recognition that while we often refer to "artificial intelligence," AI is not truly intelligent in the human sense. Instead, it is a combination of advanced machine learning and automation, designed to process data, recognize patterns, and execute tasks at unprecedented speed and scale.

Picture this: You arrive at work, coffee in hand, only to find your screen frozen with a ransom note. The message is clear: “Pay up millions, or your data vanishes forever.” It’s not a distant nightmare, it’s happening every day, and in 2025, the risks have never been higher. With growing reliance on technology, widespread cryptocurrency, and tougher economic times, ransomware is thriving. In this session, we’ll uncover the dark history of ransomware, explore the anatomy of an attack, and look at what’s coming next in the threat landscape. Most importantly, you’ll leave with practical tips, tricks, and tools to protect yourself, your team, and your organisation. Because when it comes to ransomware, preparation isn’t optional - it’s survival.

In the past, compliance efforts have largely centred around providing a snapshot of security at a specific moment. However, with evolving regulations like DORA, NIS2, CRA and others, this approach is becoming outdated. These new standards demand a more dynamic and continuous view of security.

If raw, thought-provoking conversations about the biggest challenges in global security sounds like your thing, we’ve got something brewing that you won’t want to miss. Join Lisa Forte and Sarah Armstrong-Smith for an exclusive session as they reveal what they've been working on in partnership with CNG.

This promises to be a session not to be missed