Programme:

Sarah Armstong-Smith

A look back over the first half of 2024 - how attackers are evolving their tactics and techniques
 

In this session, we'll reveal the often-overlooked inefficiencies in your security stack and discuss strategies for streamlining without sacrificing coverage. Are you overspending without knowing it? Explore the art of prioritisation to ensure your team focuses on high-impact activities, protecting critical assets without burning out and how you can boost your defences without breaking the bank.

In this session, we explore how Edgescan is transforming the cybersecurity landscape through the integration of AI Insights into our platform. As organisations face increasingly complex threats, the ability to extract actionable intelligence from vast amounts of vulnerability data has become crucial. This presentation will highlight the evolution of AI within Edgescan, showcasing how AI Insights has been designed to enhance the precision, relevance, and effectiveness of vulnerability management.

We will walk through the journey of developing AI Insights, from its initial concept to its current capabilities, which include providing tailored recommendations in key areas such as ransomware, remediation, compliance, and training. The discussion will also cover the technical setup, including data integration and prompt engineering, that ensures the highest levels of accuracy and client-specific relevance.

Jonathan Mattey

Lee Morton

Jonathan Concannon

Focusing on resilience, risk and regulation; we will discuss our opinions on the impact of third party outages, quantifiable risk and regulatory impact across the next year.

Web applications and APIs are integral to modern society, facilitating communication, essential services, and business operations. They generate revenue, enhance efficiency and provide valuable customer insights. However, they also present significant security challenges due to their expanding attack surface. Vulnerabilities can lead to business disruptions, financial losses, and infrastructure failures. The rapid implementation of new features, especially those driven by generative AI, exacerbates these security risks.

The Cloudflare Application Security Trends Report, derived from extensive data  and observations across Cloudflare’s global network, provides security practitioners and leaders with critical analysis of threats such as bots, volumetric attacks, CVE exploitation attempts, API exposure, and supply chain risks. In addition to highlighting attack trends, the report offers insights into organisational defences against these threats. For example, it notes the continued use of outdated API security measures like relying solely on WAFs for public-facing APIs, which is no longer recommended.

As application risks surpass the capacities of dedicated security teams, there is a growing need for innovative approaches. This report aims to assist organisations and security practitioners in prioritising effective controls that enhance resilience without hindering digital innovation.

Why anticipate the impact?
Techniques effective in healthcare
Benefits and outcomes
 

Ellie Dowsett

"Forget the Framework, Systems, Policies and Procedures, if you haven't got the right culture, the rest of it won't matter." Says Ellie Dowsett

Many small businesses are attempting to solve their cyber security challenges by investing in software and tools. Is this really the best approach for managing security risks?

•            The common pitfalls in over tooling

•            How to invest smartly

•            How to ensure value from the tools being purchased

•            An alternative approach

Developing a robust security culture within an organisation is a critical challenge in today's threat landscape. Traditional security awareness programs often struggle to drive lasting behavioural changes. This session explores the power and role of "nudges" – subtle environmental cues and design elements that can positively influence employees' security-related behaviours.
Changing behaviours is a challenging task, changing your organisational culture can be even more difficult. Understanding why social engineering works, or how errors are so frequently made needs a better understanding of oneself. Grounded in the principles of behavioural economics and mindsets, attendees will learn practical strategies to educate, inform, nudge, and ultimately influence the culture of their workforce towards better security practices.
 

Click here to see the full schedule of streams on offer

Click here to see the full schedule of streams on offer

Sarah Armstong-Smith

A Kudelski Security Incident Response expert shares stories of what happens behind the scenes while learning tips from someone that sees these attacks happen on the daily.

Purvi Kay

Amanda Crossley

Cyber is predominantly perceived as a technical field hence a huge emphasis is placed on recruiting technical professionals and training is also mostly focused on technical qualifications. In doing so are we underestimating the need for soft skills in cyber and if so what can we do to change that?
 
Join us for a fireside chat with Purvi Kay and Amanda Crossley where they will cover:
1. What are the soft skills necessary in Cyber and why?
2. Why do we think cyber professionals lack soft skills?
3. What can we do about it? Top tips.

Threat Intelligence is at a critical juncture where traditional methods of threat analysis must evolve to address emerging threats. The challenge lies in determining the best path forward

Holly Foxcroft

Engaging the wider business and stakeholders in supporting cyber security culture can be challenging. In this talk, Holly will reflect on how storytelling and sharing her knowledge on consulting can help you engage with all areas of the business, promote clear communication, build cyber resilience as part of ongoing business resilience and ensure by-in from senior stakeholders

Each year, a team within Synopsys work with 130 firms who participate in an annual study, called BSIMM. In this study, we monitor 126 unique activities that make up companies’ software security initiatives. Since its launch in 2008, the world has changed. Software has changed. And this study has tracked those changes. Sometimes to look forwarded we need to look back.
Join Adam Brown, as he draws from his experience as a BSIMM assessor and software security consultant. In this talk discover some of the current and future trends of software security. And yes, AI will be discussed, though not FUD and hype. Just real security challenges that may arise and how we might deal with them.
 

This presentation explores the relationship between cyber resilience and cyber insurance, but not in the way you'd think! Rather than looking at the benefits of risk transfer through insurance, we will study real life examples of how intel or requirements from the insurance world has helped organisations improve their maturity and shape cyber risk services on the market.

Join Mimecast’s Saiyid Mansoor as he present’s the human risk playbook, detailing essential moves to secure your cyber defences. You will learn strategies to manage human risk and strengthen overall security.

This promises to be a session not to be missed

Sarah Armstong-Smith