The fourth annual FT Cyber Security Summit Europe discussed the seriousness of the cyber threat facing Europe and explored the solutions. Moderated by Financial Times journalists, this event provided a thorough assessment of the dangers in cyberspace and how businesses and governments are investing in better defences for a more secure future.
FT Cyber Security Summit Europe 2017
Dangers in Cyberspace – is Europe Doing Enough?
Sir Julian King
“I got inputs that allow me to verify current state of cybersecurity concerns addressing on the Banking and corporate environment"
- Pedro Cunha, Credibom S.A.
“I was able to network with numerous representatives from different industries around Europe. Also, I got to hear about current events and thinking from a range of industries around Europe.”
- Jeff Day, BT plc
“To hear insights and identify gaps and vulnerabilities in this sector”
– Dr Sally Leivesley, Newrisk Limited
“Amazing job team! Another great year of relevance and engaging talks!”
– Jennifer Arcuri, Hacker House
“Interesting update for the financial world”
– Andy Taylor, ASMG Interational
“Quality delegates and very topical high level subjects”
– Roger Whitehead, ASO Casaire (cyber security)
The cyber onslaught continues, from all directions. Denial-of-service hackers, financial fraudsters, organised criminal gangs, terrorists, unfriendly states – wherever the attacks come from, they are increasing in number and becoming more difficult to defend against.
Hardly a day goes by without news of another cyber breach. A British bank is hacked and £2.5m is stolen from 20,000 customers. A hoax press release is emailed from a French construction company and briefly wipes €6bn off its share value. A US server company is attacked and millions of people are denied access to major websites.
Businesses are having to invest more money and effort to make cyberspace safer for themselves and their customers. Governments are ramping up the defences too. The European Union’s Network and Information Security (NIS) Directive, which will be transposed into the national laws of all member states by the spring of 2018, is intended to boost the overall level of cyber security in the EU. Individual states are taking additional measures, as exemplified by the UK which in 2016 extended its National Cyber Security Strategy for another five years with a budget of £1.9bn. Brexit also throws up some big questions. Will Britain continue to comply with the NIS Directive and other EU legislation in this area? And if Britain leaves Europol, the EU’s law enforcement agency, will that degrade Europe’s cyber defences?
Keynote Speakers (3)
Sir Julian King
Sir Julian King was appointed European Commissioner for the Security Union in September 2016. Prior to that he was the British Ambassador to France, February 2016 to September 2016. His previous positions were: Director-General of the Northern Ireland Office, 2011-2014; British Ambassador to Ireland, 2009-2011; on loan to EU Commission, Chef de Cabinet to British Commissioner (at DG Trade, responsible for EU multilateral, regional and bilateral trade negotiations) 2008-2009; UK Rep Brussels, UK Representative on EU Political and Security Committee, 2004-2008; UK MIS New York, Counsellor responsible for UN Security Council negotiations, 2003-2004; UK Rep Brussels, UK Representative on Enlargement Group throughout Central European/Cyprus/Malta accession negotiations, and also responsible for European defence 1998-2003; Foreign & Commonwealth Office (FCO), Private Secretary to Permanent Under-Secretary of State, 1994-1998; FCO, Second later First Secretary working on NATO, European defence and CFSP, including spells in Luxembourg, The Hague and Lisbon, 1990-94; Ecole Nationale d’Administration, Paris, and Third later Second Secretary, Private Secretary to the British Ambassador to France, 1987-1990; joined FCO, working on Latin America, 1985-1987. Sir Julian was knighted in 2014. He has a BA Hons from Oxford University.
Robert Hannigan was Director of GCHQ, the UK’s largest intelligence and cyber security agency, from 2014-17 and recently retired from Government after 20 years in national security roles, including Prime Minister’s Security Adviser. Robert established the UK National Cyber Security Centre in 2016, and was responsible for the UK’s first cyber strategy in 2009. Robert is now Chairman of BlueVoyant International, a global cyber security services company, and a Senior Adviser to McKinsey & Co. He Chairs the Industry Advisory Board of LORCA, a UK Government backed accelerator for cyber security start-ups. He is a Senior Fellow at the Belfer Center, Harvard, Fellow of the Institute of Engineering and Technology and RUSI, London, and Honorary Fellow of Wadham College, Oxford. He writes regularly on cyber issues in the Financial Times and other publications.
As Chief Executive Officer of BT Group since 2013, Gavin Patterson has led the continued rollout of superfast broadband – the fastest rollout in the world. He has also led the acquisition of EE, which will enable BT to combine the best fixed network with the best mobile network to create the UK’s leading converged communications provider. He joined BT in 2004, becoming Chief Executive Officer of BT Retail and joining the BT board in 2008.
Under his leadership, BT Retail cemented its market-leading position launching BT Infinity fibre broadband, BT TV and BT Sport; driving growth in IT services and building the largest wi-fi network in the UK and Ireland. Prior to this Mr Patterson was at Telewest and Procter and Gamble. He is currently a Non-Executive Director at British Airways; Trustee of the British Museum; Vice President of the Royal Television Society; a fellow of the Institute of Telecommunications Professionals; a member of the CBI President’s Committee, and a member of the Executive Committee of the World Business Council for Sustainable Development (WBCSD).
Alison Barker was appointed in 2016 as Director of Specialist Supervision, within the Supervision Division at the Financial Conduct Authority. She has responsibility for financial crime regulation, technology and cyber risk, client assets and the prudential supervision of 22,000 firms, and she leads on complex cases such as payment protection insurance (PPI) and interest rate hedging product reviews. Her division provides specialist expertise to the FCA, and engages with national and international stakeholders on related policy issues. Prior to her current role, Alison was Head of the Infrastructure & Trading Firms Department. She joined the Financial Services Authority in 2009 and was responsible for the Supervisory Oversight Function, assessing supervisory quality. She has also supervised the UK’s client money and assets regime and retail banking conduct regime. Prior to joining the FSA she spent 12 years as a consultant for KPMG in the London regulatory practice, working on a range of regulatory programmes for financial services organisations. Before joining KPMG, she worked for Lloyds Banking Group in senior compliance roles.
Dexter Casey is the Group CISO for Centrica PlC. He has 17 years of information security experience, primarily in the capital markets. He built and led the first European security team for Morgan Stanley. He has held senior security director positions at Credit Suisse, HSBC, Willis Towers Watson, Royal Mail Group and Global Blue.
Anthony Dagostino is Global Head of Cyber Risk at Willis Towers Watson. He has extensive experience in cyber risk management, mainly on related risk transfer solutions as well as cyber and privacy risk mitigation techniques in employee engagement, incident response and vendor management. Based in New York, Mr Dagostino is responsible for the company’s global cyber strategy, product development and thought leadership. He provides integrated cyber risk management to clients to help them more effectively assess and minimise cyber risk. He has a background in non-cyber financial lines insurance and alternative risk transfer programs. Mr Dagostino is a regular speaker at industry events and has had articles published in numerous periodicals. Prior to joining Willis Towers Watson, he held a variety of roles with insurers Chubb (formerly ACE Group) and Hartford Financial Products. He also has experience in private equity, focusing on emerging technology companies. Mr Dagostino has a BA in both economics and business administration from Muhlenberg College and is a member of the FBI’s Infragard program. He is also involved in various working groups with the Department of Treasury, Department of Homeland Security, and Senate Commerce Committee.
Dr Markus Dürig is Head of Division IT II (Cyber Security) at the German Federal Ministry of Interior. He has worked at the ministry since 1992, where he has been responsible for information security since 2002. He studied law at the University of Cologne, Germany, and the University of Clermont-Ferrand, France.
Paul Heffernan is the Group CISO for Unipart Group of Companies. With nine years' experience in the cyber security world, including consulting to some of the world's biggest brands, he engages with the business at board level to enable trusted secure commerce. With an “ethical hacker” background, he is able to address complex security challenges but is equally passionate about driving effective change through unambiguous leadership and communication. Mr Heffernan is a regular international speaker at industry conferences such as the e-Crime Congress, GBI CISO Summit and CISO360 Barcelona. When he isn’t keeping Unipart safe, you can find him tinkering with code and figuring out how to inspire the next generation of cyber security professionals. He was 'Highly Commended' CISO of the Year 2017 in the Cyber Security Awards.
Paul Hopkins is the Global Head of Security Architecture at Vodafone. Prior to this he was Technical Director for CGI’s UK Cyber Security Practice, and a Principal Security Architect for five years responsible for developing and delivering the Cyber Security solutions and projects. Before that he was a Principal Research Fellow at the University of Warwick for three years. Mr Hopkins was at QinetiQ for 15 years, with his first role as an information security researcher and his last role as Director for Operations & Technical Services, for a range of information security services. He is also an Oxford Martin Associate in the Global Cyber Security Capacity Centre at Oxford Martin School, University of Oxford.
Rosa Kariger is the global CISO of Iberdrola, the Spanish multinational electricity company. It employs 31,000 people in dozens of countries around the world, and is one of the world’s largest companies by market capitalisation. Ms Kariger is responsible for cyber security governance, intelligence and oversight for the IT and OT environments in all countries where the company operates – mainly Spain, UK, US, Mexico and Brazil. Since she joined Iberdrola in 1997, she has held different positions as internal consultant and global risk manager. Before being appointed as the Group’s CISO, in February 2016, she was the Group’s Deputy CRO. She holds a Master’s Degree in Industrial Engineering from the Polytechnic University of Madrid and has participated in the Executive Development Program (PDD) from IESE Business School, and the Global Leadership Program from IMD Business School.
Michael Lucas is Group Head of Risk and Compliance for Ferguson, the FTSE-50 building materials distribution company with annual revenues of £15bn and operations in North America and Europe. His role involves the leadership and direction of risk management, compliance and sustainability across the group. He previously worked at KPMG and Deloitte within their London-based risk and sustainability teams. He has worked on the design, implementation and review of governance, risk management and internal control frameworks in the industrial, financial services and energy sectors in the UK, Europe, Russia and the Middle East. Mr Lucas began his career with Marsh McLennan, developing risk finance and transfer programmes for energy companies in Eastern Europe and Russia. He has been a Lead Examiner for the UK Institute of Risk Management and has delivered presentations and training sessions on risk management and governance. He has written articles for a number of publications, including the UK’s Public Finance magazine, and the IRM’s Managing Business Risk handbook. He is an Associate of the Chartered Insurance Institute and has a BA (Hons) in French and Russian
David Martinon has been France’s Ambassador for Cyber Diplomacy and the Digital Economy since 2015. Previously he was the Special Representative for International Negotiations on Information Society and the Digital Economy from 2013 to 2015. As such, he is the chief negotiator on all cyber issues, including internet governance, cyber security, cyber criminality, freedom of expression and the fight against the use of the internet for terrorist purposes. From 2002 to 2006 he was Diplomatic Adviser to Nicolas Sarkozy at the Ministry of the Interior and the Ministry of the Economy, Finance and Industry. He was appointed Chief of Staff for Nicolas Sarkozy’s 2007 presidential campaign. After the victory in May 2007 he was appointed the Press Secretary and Communications Director to the President of the Republic. Mr Martinon was then appointed Consul-General of France in Los Angeles, California. He joined the French Mission to the UN in New-York, in August 2012.
After graduating from the Institut d’Etudes Politiques of Paris (IEP) and with a Master of Economy at Paris-Sorbonne University, he completed his studies at the French National School of Public Administration (ENA). He joined the Ministry of Foreign Affairs and became, from 1998 to 2001, Deputy Spokesperson of the Ministry and then a desk officer at the European Cooperation Directorate. Mr Martinon previously taught International Relations at the Institut d’Etudes Politiques of Paris and worked in the advertising industry. He got involved in Politics at an early age and notably worked at the office of the Ministry of Defense in 1995.
Adam Maskatiya is Managing Director, UK and Ireland for Kaspersky Lab. Prior to joining the company as General Manager in June 2017 he was a Director at KPMG UK, where he led client relationships in the technology, media and telecommunications sector in the firm’s International Markets Group business. Before that he held senior leadership positions at global software houses, including CA Technologies & Novell. Cyber security has always been at the core of Mr Maskatiya’s focus, leading transformation and change for clients as they seek to manage their risk in a rapidly evolving digital landscape. He started his career at Computacenter UK and graduated in Economics from Hull University.
As Group Chief Information Security Officer at Standard Chartered Bank, Cheri McGuire oversees information and cyber security strategy and risk management, governance, policy, training and awareness, third party security risk, red teaming, exercises, and partnerships. Prior to this, she served as Vice President of Global Government Affairs and Cybersecurity Policy at Symantec where she was responsible for its public policy agenda and government regulatory and partnership strategy, that included cyber security, critical infrastructure protection, cyber crime, data integrity, and privacy. She also has held senior cyber security roles at Microsoft, the US Department of Homeland Security Cyber Division/US-CERT, and Booz Allen Hamilton. She currently sits on the World Economic Forum Global Future Council on Cybersecurity, and on the boards of The George Washington University Center for Cyber and Homeland Security, and the UK Cyber Defence Alliance. She is a frequent presenter on cyber risk management and resilience, information sharing, and cyber crime, and has testified as an invited expert witness numerous times before the US Congress.
As a senior solution leader of the Cyber Solutions group at McKinsey, Dayne Myers helps clients’ executives understand and manage cyber security as a business risk. Cyber Solutions comprises the solutions aligned with McKinsey’s Digital and Risk Practices, including the Digital Resilience Assessment (DRA), Cyber Risk Insights (CRI), and Executive Cyber Simulation (ECS). Mr Myers’ career started as an associate in McKinsey’s Los Angeles office in the 1990s, after which he left for a career in venture management. His interest in cyber risk dates back to when he co-founded a cyber software company 15 years ago. Before returning to McKinsey, he led six technology companies, including two companies he co-founded and two others where he led successful turnarounds. He also spent several years in private equity and has significant experience in the biotechnology and consumer products industries. Mr Myers graduated from Harvard Law School, where he earned his JD, and from the University of Michigan, where he earned his BA in political science.
Danny O’Neill is the international lead for Rackspace Managed Security, responsible for strategy, planning and operational implementation of cyber security for Rackspace customers across the EMEA region. He has led RMS international operations and engagement since September 2016. Prior to Rackspace, Mr O’Neill served for over 25 years in the UK military, leading and conducting intelligence, security and cyber operations, frequently working within or alongside the UK government and with international partners. He has further experience in delivering cyber capabilities, both for specialist military organisations and in support of the UK national programme.
Yuri Rassega was appointed Chief Information Security Officer (CISO) at Enel, the large Italian gas and electricity distribution company, in June 2016. Prior to that, between 2014 and 2016, he was Enel’s Head of the ICT Global Solution Centre AFC, HR and Procurement, and between 2004 and 2014 he headed the Group’s Global ICT Audit Function. He joined Enel in 2001 as the Head of ICT Function in Enel Hydro. Before joining Enel, Mr.Rassega worked in several roles in the ICT industry. These roles involved the development of ERP, SCADA, ACS, and ICS solutions for a variety of clients and facilities. His experience in technology and telecommunication companies ranges from coding and digital electronics engineering, to consulting, entrepreneurial and senior management.
Vince Steckler is CEO of Avast, a global leader in digital security products for consumers and businesses. He has transformed Avast from a sub $20m regional company into a $750m full service global security provider that uses next generation technologies to make the internet safe and accessible. In 2016, he spearheaded Avast's acquisition of AVG to create a threat detection network powered by over 400m endpoints. A seasoned international executive and security thought leader, Mr Steckler is a passionate advocate for internet safety and the use of machine learning and artificial intelligence in the security industry.
Thomas Tschersich is Chief Information Security Officer in the Telekom Security of Deutsche Telekom, a role he has held since January 2017. He began his career with Deutsche Telekom in 1989 as a telecommunications technician. He then went on to complete his degree in Electrical Power Technology at Dortmund University of Applied Sciences. He then continued to fulfill various roles within Deutsche Telekom before becoming Assistant VP of IT Security and Information Protection for Group Security in 2000, and between 2001 and 2007 he was VP of Security Strategy and Policy for Group Security. He was then promoted to VP of Technical Security Services for Group Business Security, a role he fulfilled between 2007 and 2009. Afterwards he became the SVP of Group IT Security Service, followed by SVP of Group Security Services, before taking on his current position as CISO.
Gilbert Verdian is the CISO of Vocalink, the Mastercard-owned company that designs, builds and operates bank account-based payment systems in the UK, Singapore, Thailand and soon the US. His career has taken him from the technology sector to healthcare, government, justice and now into financial services. He began his career on the Telstra helpdesk, progressing quickly to roles in E&Y Consulting and CSC where he advised corporate and government clients on a variety of security issues. In 2007 he re-joined E&Y as a senior manager in London, advising a number of government and commercial clients such as Deutsche Bank, National Grid, Lloyds and The Crown Estate and where he was responsible for security for Arsenal FC and for the 2012 London Olympics. From there he was seconded to HM Treasury becoming Deputy CTO and CISO with responsibility for all aspects of national security across Whitehall and HMG. In 2014 Mr Verdian returned to Australia to accept the role of CISO at NSW Health and CIO of NSW Ambulance. In 2016 he went back to the UK to accept the role of CISO for Vocalink. He was recently recognised in the Cyber Security Awards when he became “CISO of the Year” in June 2017. He has a Bachelor of Business degree with a major in e-business, and an MBA majoring in strategic management, both from the University of Technology, Sydney.
Neil Walsh joined the United Nations Office on Drugs and Crime (UNODC) in January 2016 and is the Chief of the Global Programme on Cybercrime. With staff in four continents, he leads the UN’s strategic response to cybercrime by delivering technical assistance and capacity building in 70+ countries, aiding member states with counter-cybercrime policy-making and representing UNODC on cybercrime diplomacy matters globally. Prior to joining the UN, Mr Walsh served for over 15 years in the British Government countering international serious organised crime and terrorism, and had long-term postings to The Hague in the Netherlands, and Malta. His broad work experience includes senior-level diplomacy and policy-making in addition to extensive law enforcement operations with partners around the world. He has worked with senior international politicians, judges, academics and law enforcers to develop new initiatives countering cybercrime, online child sexual exploitation, drug trafficking, human trafficking, weapons proliferation and terrorism.
Steven Wilson was appointed Head of Europol (EC3) in 2016. He is responsible for the central collation of criminal intelligence on cyber crime across the EU, supporting member state investigations into online child sexual exploitation and cyber attacks on payment systems, critical infrastructure and information systems. He is also responsible for the Joint Cybercrime Action Taskforce (JCAT), a team of specialist cyber investigators seconded to EC3 from many countries, providing digital and document forensic support in complex cases across the EU, strategic analysis of threats and trends and liaison with industry, academia and on-law enforcement partners. During his 30-year career as a police officer he has held a variety of senior detective roles and was responsible for Scottish national units delivering witness protection, covert technical policing, fugitives, undercover policing, assisting offender programme and all forms of cyber crime. He has served with Strathclyde Police, Scottish Crime and Drug Enforcement Agency, Her Majesty’s Inspectorate of Constabulary and, from 2013 to 2015, with the reorganisation of policing in Scotland into a national force. Mr Wilson was also the Scottish representative on UK cyber governmental and policing groups and led on industry and academic partnership groups on cyber resilience in Scotland. He has worked in covert policing, major investigations, sex offender management, counter terrorism investigations and represented the UK on international policing matters.
Hannah Kuchler is US Pharma and Biotech Correspondent for the Financial Times, with a particular focus on how technology is transforming healthcare. For five years, Ms Kuchler served as FT’s San Francisco Correspondent where she covered Silicon Valley and technology with a focus on social media and cyber security. Ms Kuchler was previously a London-based UK news reporter for the FT, covering British politics and general UK news. Prior to this, she worked on the FT’s newsdesk, as Asia Correspondent for FT Tilt in Hong Kong, and covered US markets in New York. Before joining the FT in 2009, Ms Kuchler was the Editor of The Oxford Student and won the Guardian’s Student Reporter of the Year award in 2008. She holds a Bachelor’s degree in Modern History from Balliol College, Oxford.
Sam Jones is a senior journalist at the Financial Times and the paper's former defence and security editor. He is currently at UCL's School of Slavonic and East European Studies, studying Russian authoritarianism. His writing focuses on European security, intelligence, cyber warfare and terrorism. He has been with the FT since 2007, during which time his coverage has won several awards, including the US Oversees Press Club's Investigation of the Year for reporting on Isis's financing in 2016, and a special commendation at the British Press Awards for his work on the financial crisis in 2008. He is a graduate of the London School of Economics.
Agenda - 8th Nov
8:00amRegistration and networking
9:00amConference chair’s opening remarks
Robert Armstrong, Chief Editorial Writer, Financial Times
Sir Julian King, Commissioner for the Security Union, European Commission
Gavin Patterson, Chief Executive Officer, BT
9:50amPanel: Senior management briefing - corporate Europe under siege
Europe’s businesses continue to suffer attacks from hackers, fraudsters, and other criminal and state-linked groups. They are under virtual siege and struggling to defend themselves against assaults from all directions. Cyber security is therefore a crucial priority for senior management.
• Do CEOs, CIOs, CROs and everyone else in the senior management team/executive committee really understand the scale of the cyber threats facing them? Are they properly equipped to deal with these threats?
• Where are the attacks coming from, in terms of types of attacker and countries of origin?
• What does an effective cyber security strategy look like? Security comes at a cost, so how does the senior management team agree on a budget that is big enough? How do they maximise the return on the security investment?
• Who is responsible for cyber security in a large corporation? What are the respective roles of the CEO, the senior management team and the IT security managers? How do senior management ensure that internal silos and communications barriers do not compromise security?
• What are national governments and EU institutions doing to help businesses improve their security?
• How do the company’s leaders avoid being the weakest link? CEO email fraud – also known as business email compromise (BEC) – where a fraudster posing as the CEO or other executive committee member instructs the finance department to make a payment to an overseas account, is a growing problem. Executives themselves are being duped by fake emails and are coming under other forms of cyber attack. What must they do to protect their position and reputation?
John Noble, Director of Incident Management, National Cyber Security Centre, GCHQ
Paul Heffernan, Group Chief Information Security Officer, Unipart
Michael Lucas, Group Head of Risk and Compliance, Ferguson
Gundbert Scherf, Partner, McKinsey and Company
MODERATOR: Robert Armstrong, Chief Editorial Writer, Financial Times
10:30amPresentation: Decoding cyber risk – cyber strategies for the senior leadership
Senior management and board directors play a major role in building a corporate culture that promotes strong information security practices and policies. As threats continue to unfold, companies face a serious risk to their brand and bottom line. The 2017 Willis Towers Watson Cyber Risk Survey highlights that while three-quarters of US and UK companies believe they are highly protected and can adequately respond to threats, close to 80% of employees ranked insufficient understanding as the biggest barrier to their organisation effectively managing its cyber risk. So how do you drive a comprehensive cyber plan for managing people, capital and technology risks across your enterprise? The critical link is for senior leaders to align and integrate the relevant functions – IT security, human resources, compliance and fraud prevention, and risk management – into a cohesive, cyber-savvy workforce.
Anthony Dagostino, Global Head of Cyber Risk, Willis Towers Watson
11:10amPanel: Command and control – the role of the CISO in today’s cyber battlefield
The chief information security officer (CISO) has never been so important. Breaches are increasing in frequency and severity. The CISO plays a crucial role in protecting the company from cyber attack, and when a breach occurs, he or she must act quickly to close it down, mitigate its impact, and take steps to ensure similar breaches do not happen again.
• How serious is the cyber threat? Who are the main aggressors?
• Data integrity: how can CISOs be sure their data is correct, and has not been tampered with?
• Is today’s security technology up to the job? How do CISOs decide between the many security products and services on offer?
• Basic cyber hygiene – what are the minimum operational and technical procedures and controls that need to be in place? What industry standards should be followed? What happens when some of those standards are made obsolete by rapidly evolving threats? Could information sharing between companies, industry sectors and the public sector be improved?
• How does the CISO report to/communicate with all relevant people in the organisation, from the Board, CEO and senior management, down to frontline staff?
• Cyber resilience: what role does the CISO have in ensuring business continuity after a security breach?
• Is affordable cyber security insurance available? If so, is it worthwhile when the priority must be to maintain security and, in the event of a breach, keep operations running, rather than to seek financial compensation through an insurance claim months later?
• How closely do CISOs work with Europe’s law enforcement agencies and civilian cyber security? After Brexit, Britain may no longer be a member of Europol – would that be a problem?
Rosa Kariger, Global Chief Information Security Officer, Iberdrola Group
Cheri McGuire, Group Chief Information Security Officer, Standard Chartered Bank
Danny O’Neill, Cyber Security Operations Lead, EMEA, Rackspace
Thomas Tschersich, SVP, Chief Information Security Officer, Telekom Security, Deutsche Telekom
MODERATOR: Hannah Kuchler, San Francisco Correspondent, Financial Times
11:50amPresentation: Mass attacks on consumer products as a vector into corporations
The recent attack against CCleaner, the world’s most popular PC optimisation tool, showed it is possible for attackers to broadly attack consumer software products as a way to gain access to a small number of secure corporate networks. Hacks against multinational corporations are difficult given the layers of security and processes in place; however, since corporate devices operate on both secure company networks and less-secure personal networks, a focused attack against consumer-related products can create a backdoor into a corporate network. Recently, CCleaner suffered a “supply chain attack” and unknowingly infected 2.27m users with malware – but consumers were not the actual target. Only 40PCs used within high-profile technology and telecommunication companies were strategically targeted during this focused attack. Avast, the world’s leading consumer security company, acquired CCleaner shortly after this attack and will explain how it happened and what businesses should do to protect against this emerging threat.
Vince Steckler, Chief Executive Officer, Avast
12:05pmPanel: Addressing the skills gap
Acquiring the best technology to keep an organisation secure in cyberspace is only half the story… the other half is finding the best people. Recruitment can be a challenge at a time when the cyber threat is increasing and employers are competing fiercely with each other in the cyber security jobs market. There are simply not enough qualified experts to fill all the gaps.
• How difficult is it to recruit people for cyber security roles? Is there a shortage of people with the right skills and attitudes? What does a good CISO look like? Should they be paid more?
• What should governments and businesses be doing to encourage more people to take degrees in security-related disciplines, sign up for practical on-the-job training and acquire the relevant professional qualifications?
• Is there enough diversity among cyber security professionals, in terms of gender, disability, ethnicity and so on?
• How is artificial intelligence helping to close the skills gap? Could it replace staff, thereby reducing recruitment pressures, or will it always be purely complementary to people?
• Is the skills gap worse in some industries? Are companies in sectors such as banking paying more to attract the best talent, leaving other sectors with less choice?
Dexter Casey, Group Chief Information Security Officer, Centrica
Yuri Rassega, Head of Cyber Security (CISO), Enel
Steven Wilson, Head, European Cyber Crime Centre (EC3), Europol
MODERATOR: Hannah Kuchler, San Francisco Correspondent, Financial Times
12:45pmPresentation: Effective board reporting on cyber security
Many boards of directors are unsure how to deal with cyber security. Often, they get too much data and too little real insight. The communication they receive is not well-structured, and the metrics presented are difficult to interpret, which inhibits directors from playing the important role they should play in cyber readiness and defence. Combined with the highly-technical and constantly evolving nature of the threat, this makes them feel like they do not know the right questions to ask.
In this presentation McKinsey shares its latest thinking on how companies can make sure boards:
• Understand the real risks the organisation is facing.
• Build a structured way to understand and discuss cyber security performance.
• Measure progress against objectives and hold individuals accountable.
• Have key issues presented to them in an appropriate manner.
Dayne Myers, Leader, Cyber Solutions, McKinsey and Company
2:00pmPanel: State-sponsored cyber aggression
Government-led cyber attacks on other countries’ official institutions and businesses are common. Aggressors almost never admit their complicity, and believe they have a legitimate right to launch such attacks in defence, or promotion, of national interests. Victims sometimes complain loudly, protesting they have been maliciously and unfairly targeted – but they often keep quiet because they believe that admitting to a breach is a further security risk, or simply to protect their reputation.
• What are the most serious forms of state-sponsored cyber crime – such as corporate espionage, data theft, the disruption of critical national infrastructure and interference with elections?
• Who are the main culprits, and how strong is the evidence against them?
• What is the best way to detect and prevent state-sponsored attacks?
• How should a government or a business react to a cyber attack from an unfriendly state? How do they plug the breach and inform the public?
• Traceability and attribution: how do you correctly identify the offending state? What action should be taken against the aggressor?
• Is a retaliatory cyber attack acceptable, especially when tracing the source of the original attack is difficult and often impossible?
• Should the West, Russia, China and other countries make more of an effort to cooperate with each other on cyber security (such as sign non-aggression pacts), perhaps under the auspices of the UN?
The Rt Hon Lord Arbuthnot of Edrom, Chairman, Information Assurance Advisory Council; and Member, All Party Parliamentary Group on Cyber Security, British Parliament
Markus Dürig,Head of Division IT II 1 (Cyber Security), Federal Ministry of Interior, Germany
David Martinon, Ambassador for Cyberdiplomacy and the Digital Economy, Government of France
Neil Walsh, Chief of the Global Programme on Cybercrime, UN Office on Drugs and Crime (UNODC)
MODERATOR: Sam Jones, Former Defence & Security Editor, Financial Times
2:40pmPresentation: The building blocks of cyber resilience
Alison Barker, Director of Specialist Supervision, Supervision – Investment, Wholesale & Specialists, Financial Conduct Authority
2:55pmPanel: Protecting critical national infrastructure – and defining what is “critical
Critical national infrastructure industries such as financial services, telecommunications, energy, transport and healthcare need to be especially secure and resilient. Disruption in these industries has serious ramifications for the rest of the economy and society at large, so governments are anxious that more is done to protect them.
• What types of threat do critical infrastructure companies face, and what special measures must they take to ensure their security and, in the event of a breach, their resilience?
• How do governments define what is “critical”? Can companies in “non-critical” sectors – such as food retailing, consumer goods, restaurants and leisure – take a more relaxed attitude to security?
• Is the financial sector – such as banking, asset management and insurance – the most “critical” sector and targeted more than any other? Do financial services companies therefore generally have better cyber security than companies in other sectors?
• What is the government’s role in protecting critical infrastructure through organisations like the UK’s National Cyber Security Centre (NCSC) and Centre for the Protection of National Infrastructure (CPNI), Germany’s Federal Office for Information Security (BSI ), and Italy’s National Anti-Crime Centre for the Protection of Critical Infrastructure (CNAIPIC)?
• What are likely to be the most serious cyber risks facing critical industries in the near future? How do you protect them from the “unknown unknowns”?
Paul Hopkins, Global Head of Security Architecture, Vodafone
Adam Maskatiya, Managing Director UK and Ireland, Kaspersky Lab
Gilbert Verdian, Chief Information Security Officer, Vocalink
MODERATOR: Hannah Kuchler, San Francisco Correspondent, Financial Times
3:35pmClosing keynote address: Future cyber security challenges in Europe
Robert Hannigan, former Director, GCHQ
3:55pmChair’s summing up and closing remarks
Robert Armstrong, Chief Editorial Writer, Financial Times
4:00pmNetworking drinks reception
- Learn how CEOs are investing more time and resources in cyber security
- Hear what European governments are doing to make cyberspace safer.
- Find out more about the UK’s national cyber security strategy
- Listen to experts discuss major issues thrown up by Brexit – for example, will Britain decide to comply with the NIS Directive and the GDPR?
- Meet leading information security experts
KNOWLEDGE PARTNERS (1)
McKinsey & Company is a global management consulting firm that serves leading businesses, governments, non governmental organizations, and not-for-profits. We help our clients make lasting improvements to their performance and realize their most important goals.
In today’s interconnected, multi-device world, companies need to be more prepared than ever to protect their digital networks and assets. Cyber Solutions by McKinsey helps institutions build digital resilience, identify and prioritize critical assets for protection and investment, and build leadership capabilities to respond to an attack.
Lead sponsors (2)
Willis Towers Watson (NASDAQ: WLTW) is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. With roots dating to 1828, Willis Towers Watson has 40,000 employees serving more than 140 countries.
We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets and ideas — the dynamic formula that drives business performance.
Avast, the global leader in digital security products, protects over 400 million people online. Avast offers products under the Avast and AVG brands that protect people from threats on the internet and the evolving IoT threat landscape. The company’s next-gen threat detection network is among the most advanced in the world, using machine learning and artificial intelligence technologies to detect and stop threats in real time. Avast digital security products for mobile, PC and Mac are top ranked and certified by VB100, AV-Comparatives, AV-Test, OPSWAT, ICSA Labs, West Coast Labs and others. Avast is backed by leading global private equity firms CVC Capital Partners and Summit Partners.
Associate Sponsors (1)
Kaspersky Lab is a global cybersecurity company celebrating its 20 year anniversary in 2017. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.
Exhibiting Partner (1)
Darktrace is the world’s leading machine learning company for cyber defense. Created by mathematicians from the University of Cambridge, Darktrace’s Industrial Immune System technology uses AI algorithms that mimic the human immune system to defend industrial networks of all types and sizes. In an era where OT and IT are increasingly converging, Darktrace’s technology is uniquely positioned to provide full coverage of both enterprise and industrial environments. By applying advanced machine learning and AI algorithms, Darktrace Industrial defends critical infrastructure across the world, and is relied upon by leading energy providers, utility companies and manufacturers to secure their ICS and SCADA environments. Headquartered in San Francisco and Cambridge, UK, Darktrace has 33 offices worldwide.
Supporting Partners (7)
European Risk Management Council is a think tank of Chief Risk Officers and risk management executives from banks, insurances, asset management firms and other financial institutions, consultancies and global industrial companies operating in Europe. The Council operates in London since 2011 and representatives of more than 150 organisations participated in the Council’s think tank meetings. Focusing on the key themes in risk management, regulation and compliance, the Council provides an opportunity for industry discussions and facilitates professional communication and knowledge sharing in the risk management, regulation and compliance. The Council’s mission is to create an environment that allows effective sharing of the best industry practice in risk management and building trusted working relationships with regulators and policy makers.
Cyber Security Challenge UK is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more people to become cyber security professionals.
Working with over 80 sponsor and partner organisations, Cyber Security Challenge UK targets individuals at all ages, from students to career-changers. At a time when the threat level is ever-increasing and the skills gap widens each year, this unique programme of activities helps to tackle a global security issue.
HealthManagement.org is a comprehensive print, digital and social media platform dedicated to promoting management, leadership, best practice and cross-collaboration in healthcare. With the active engagement from thought leaders and well-respected national and international associations, HealthManagement provides comprehensive information related to clinical practice, hospital administration, latest research, technology advances, major practice challenges and valuable management tips.
PaymentsCompliance is the leading provider of independent legal, regulatory and business intelligence to the global payments industry.
We provide the critical and timely information that helps you make sense of the complex and rapidly changing global regulatory environment.
Trusted by leading names all over the world, we power more informed understanding and effective decision making.
Our analysis of legal and policy developments comprehensively covers the needs of payment industry professionals, helping them to make informed business decisions, uncover opportunities and reduce legal fees and compliance costs.
Find out more at:
The ICLG series provides current and practical comparative legal information on a range of practice areas. These comprehensive guides follow a question and answer format to ensure thorough coverage of each topic within different legal systems worldwide. Each guide draws together the collective expertise of our contributors to provide a valuable and convenient resource, updated annually.
The ICLG series provides a practical insight for general counsel, government agencies and private practice lawyers, keeping them abreast of law and policy globally.
All guides are available free to access at www.iclg.com.
FStech (formerly Financial Sector Technology) is one of the leading business websites for IT decision makers in the UK and European financial services sector. Our readership includes executives from across the continent, within banks, building societies, insurers, trading houses, exchanges and other financial institutions.
The FStech website is updated daily, supported by our e-newsletter and Twitter account. We also host the annual FStech Awards gala evening to showcase the achievements of those within the sector, as well as the Payments Awards, an event that recognises cards and payments excellence and technology innovation within the UK and EMEA.
FStech also holds a range of roundtables and conferences throughout the year, touching on issues such as payments, IT security, data compliance and omnichannel banking.
To sign up to our e-newsletter and keep abreast of all the latest industry news, reports and analysis, wherever you are – click here.