• Overview
  • Program
  • Sponsors

Enduring Strength

Trust. Transform. Together.

Stay at the forefront of trends and challenges facing the financial sector through our curated and enriched content. Our thought-provoking and interactive sessions cover relevant topics including fraud, threat intelligence, resiliency, cloud and outsourcing. Build stronger relationships over two days with around 500 thought leaders, executives and members by sharing best practices.

Uniquely designed for the financial sector, the 2019 Europe Summit will provide you with actionable information needed to address evolving threats, develop new strategies and meet changing regulations.

Sessions are grouped into tracks. This year's tracks can be found here.

Members:

  • Platinum receive ten complimentary passes
  • Gold receive five complimentary passes
  • Premier receive two complimentary passes

After all complimentary passes are utilized, additional staff may attend at a cost.
Other membership tiers can attend at a cost.

Register Now

* Interested in sponsoring? Learn more here or email sales@fsisac.com. 

Travel Information

Reserve Your Hotel Room Now

FS-ISAC has reserved a block of rooms at the InterContinental® Berlin hotel.To receive the group rate, use this reservation link.
Berlin Tegel Airport (TXL) 
Distance to hotel: 9 km  
Drive Time: 20-30 minutes

Berlin Schönefeld Airport (SXF)  
Distance to hotel: 23 km   
Drive Time: 30-40 minutes

Justify your trip    

Call for Presentations

The Call for Presentations has closed. Submit late presentation proposals here.

Program

Monday 28 October

Summit Chair

Mr. Carsten Fischer - Head of Information Security Operations, Deutsche Bank's Chief Security Office

Event Toggle Arrow

Carsten_Business_foto_Juli_2018

Carsten Fischer joined Deutsche Bank’s Chief Security Office in November 2017 as Head of Information Security Operations. Since January 2019, he also has served as Interim Head of Information Security within Deutsche Bank’s Chief Technology Office.
Prior to that role, Fischer was Regional Head of Information and Resilience Risk Management for Continental Europe and Global Head of Information Security Risk in the Chief Risk Office.
He joined Deutsche Bank in 1998, working in different IT roles supporting the Corporate Center and Group Finance through 2004.
Fischer took on a Chief Operating Officer before becoming Head of Smart Sourcing and IT Risk Management for Investment Banking IT/Global Technology Capital Markets in August 2007.
From mid-2011 to mid-2013, Fischer was head of Risk and Control for Global Technology, overseeing all aspects of IT Risk Management and Operational Risk Management for Global Technology.
Fischer was the COO and Head of Strategy & Governance in the Chief Information Security Office from October 2013 to February 2016, when he was responsible for the Chief Administration Office Function, as well as Governance, Strategy and Central Services (including Security Training and Awareness).
Fischer is on the board for the Cyber Defence Alliance and is a member of the International Banking Security Association representing Deutsche Bank.

8:30

Registration

9:00

Continental Breakfast

9:30

Opening Remarks

9:45

Opening Keynote: Building Strong Cybersecurity Sharing Networks across Borders

Mr. Arne Schönbohm, German Federal Office for IT Security

Event Toggle Arrow

One of the central tasks of the German Federal Office for IT Security, as the national cybersecurity authority in Germany, is to collaborate with and engage in numerous networks of information exchange sharing. In his keynote address, the president of the German Federal Office for IT Security, Mr. Arne Schönbohm, will present the experiences his agency has had in cybersecurity awareness and resiliency. In doing so, Schönbohm will elaborate on the characteristics of strong information networks and provide examples for cooperation through those networks, both nationally and internationally.

 

10:30

Parallels between 'Prisoner's Dilemma' and Intelligence Sharing

Mr. Joseph Woodruff, EclecticIQ

Event Toggle Arrow

Prisoner’s dilemma is one of the most famous problems in game theory where two separate parties must cooperate to gain the highest overall reward, even if it is not the highest individual reward. This session will discuss the parallels between the “prisoner’s dilemma” and sharing intelligence within a community. It will also review the importance and benefits of being an active member in FS-ISAC’s community, by not only consuming intelligence, but also producing and sharing it.

11:15

How Good Metrics Make Effective Security Measurable

Mr. Nik Whitfield, Panaseer and Mr. Adam Palmer, Santander

Event Toggle Arrow

Whether it’s for the board, regulators, auditors or holding your own team accountable, financial institutions must demonstrate security control. This session will tackle common challenges that come with implementing effective security measures. Learn what constitutes a good metric and discover the type of data necessary to gain full visibility of security controls. See what it takes to have an automated, up-to-date metrics program readily accessible when stakeholders come calling.

11:15

MISP: Enabling Practical Cyber Adversary Campaign Analysis

Mr. Shane Duignan, Fidelity Investments

Event Toggle Arrow

This session discusses how to adopt and apply the Malware Information Sharing Platform (MISP) as a threat intelligence platform solution for attribution of threat actors targeting a financial institution. Attendees can expect to learn more about the motivations for developing a threat group attribution program and how to design a playbook that captures the threat-analyst-intel-lifecycle workflow that is mapped to on-premise threat intel products and technologies. The session also covers threat intel models and frameworks that are compatible with threat intel platforms, a breakdown of the steps to perform threat attribution and issues encountered during the lifecycle operation. (NOTE: This workshop will break for lunch.)

11:15

Destructive Malware Strategies for Cyber Resilience

Dr. David Aubrey-Jones, RBS

Event Toggle Arrow

The threat of destructive cyber-attacks continues to grow and the use of crypto-ransomware has skyrocketed since 2013, when Cryptolocker first demanded ransom payments using a digital currency. In 2017 we saw another game changer, with destructive worms being created when Wannacry and NotPetya caused huge damage. More recently we are seeing ransom attacks targeting organisations with the Bitpaymer, SamSam, Ryuk and LockerGoga ransomware. In some cases, backups have also been encrypted. In the face of increased threats, cyber-resilience is gaining more attention from regulators. This session will discuss the history and evolution of threats, what may be next and strategies to address concerns.

12:00

Lunch

13:00

How a Large Bank Is Implementing Information Protection

Ms. Lisa Lee, Microsoft

Event Toggle Arrow

There’s a big difference between having a data classification policy and implementing the controls to enforce it. Where should you begin? Identify the decision-makers who will decide the classification categories and labels to use.  Attendees will review lessons still being learned as a large bank moves forward with information protection and the tools to help financial institutions meet regulatory requirements and comply with guidance. This session will also provide an overview of best practices already identified.

13:00

BCD Scholarship: A Presentation from FS-ISAC's Scholarship Recipients

Mr. John Morgan Salomon, FS-ISAC

13:00

Insurance-Sector Threat Intel Practitioners’ Roundtable Discussion

Mr. Michael Wandel, Aviva

Event Toggle Arrow

This workshop brings FS-ISAC members from the insurance sector together for a roundtable-like discussion about cybersecurity concerns specific to the insurance industry. Discussion will review new tools being developed by FS-ISAC members to address leading cybersecurity issues, as well as building threat-intelligence functions within insurance businesses, intelligence requirements, intel vendors, products, metrics, and tooling. This workshop is TLP Red. 

 
13:00

The Politics of Cyber

Mr. Ian Thornton-Trump, Amtrust International

Event Toggle Arrow

We live in a world of competing nation-states, proxies of those states and non-nation state actors. This competition manifests itself in any number of ways – conflict, sanctions, restrictions, embargoes, assassinations and much more. Clausewitz suggested, “War is politics by other means." The natural conclusion is that cyber-espionage, cyber-attacks and cyber-influence operations are merely manifestations of a policy clash between two or more competing powers or proxies. Or are they? This session explores how nation-state APT actors have embraced cyber to further their national goals through covert or overt means. 

14:00

Detecting, Analyzing & Creating Actionable Intelligence

Dr. Carsten Willems, VmRay and Mr. Adam Palmer, Santander

Event Toggle Arrow

Explore the techniques advanced attackers use to defeat common security measures and learn how security teams can effectively counter-attack evasion techniques by improving operational security practices. Attendees will gain a better understanding of how to detect such attacks and gather actionable threat intelligence.

14:00

Defending Yourself From Risks Beyond Reach

Dr. Sam Small, ZeroFOX

Event Toggle Arrow

The biggest blind spot in enterprise security architecture may be activities taking place just beyond your view. Attackers hijack company accounts, launch spear-phishing campaigns against employees, build fraudulent accounts to socially engineer executives and attack customers at scale. This session will review truths about the modern digital and social landscape and take a deep dive into major TTPs.

 

14:00

Closing the Feedback Loop Between Incidents and Hygiene

Mr. Todd James, UBS AG

Event Toggle Arrow

There are significant gaps between the findings when an incident is closed, when a red or purple team engagement has ended or when threat or open-source intelligence is distilled. Meaningful feedback is simply lost in a document or the roadblocks are so large that there is never any reduction to the attack surface. This session will review lessons learned about estate hardening and how closing the feedback loop between incidents and hygiene could help institutions prevent making the same mistakes.

14:45

Networking Break

15:15

How to Become APT-Proof in 24 Hours

Mr. Tim Ager, Cymulate

Event Toggle Arrow

Banking, financial services and insurance (BFSIs) companies are investing in information security more than any other sector. They’re doing everything right. From perimeter security and DLP to encryption and segmentation, in terms of optimizing their security posture, they’re already 80 percent there. Despite their efforts and with the risk of ATM- and ACH-related fraud, BFSIs are prime targets for advanced persistent threats (APTs). This session will review traditional and manual testing methods and explain why they fall short. Attendees will also learn how empirical risk scores can prioritize efforts and budget.

 

15:15

Threat Hunting: Taking Intelligence to The Next Level

Ms. Ria Biggs, Goldman Sachs

Event Toggle Arrow

Many financial institutions have mature cyberthreat intelligence programs but have yet to unlock the value of applying intelligence to cyberthreat hunting. This session will demonstrate how intelligence can be used to actively search for advanced persistent threats, including an explanation of Goldman Sachs’ approach to cyber threat hunting and how to turn intelligence into prioritized hunt missions with actionable results. Attendees will explore firsthand challenges and lessons learned when building a cyberthreat hunting team and advancing through the hunt maturity model.

15:15

Psychology of Social Engineering

Mr. Lance Wantenaar, Worldpay

Event Toggle Arrow

Social engineering is the biggest threat to organisations and it is being used with devastating effect in business email compromise fraud and phishing emails. This session will dive into the psychology and mechanisms of social engineering to explain how it affects a person when used to initiate phishing email link clicks or telephone social engineering of call centre staff to gain customer information. Attendees will understand how the brain processes these attacks to develop better awareness programs to protect staff and business profitability.

16:15

Silver Solutions Showcase: How to Train Your Organization to Deal with Hackers

Mrs. Lauren Koszarek and Mr. Ben Sadeghipour, HackerOne

16:15

Silver Solutions Showcase: Eliminating Credential Reuse, Fraud with True Password-less Security

Mr. George Avetisov, HYPR Corp

16:15

Silver Solutions Showcase: Disrupt Adversaries’ Pursuit of Exposed Data

Mr. Craig Barrington, Digital Shadows

16:15

Silver Solutions Showcase: Web Isolation: Enhance Business Function, Reduce Risk

Mr. Paul Branley, Lloyds Banking Group and Mr. Henry Harrison, Garrison

16:15

Silver Solutions Showcase: How Managed Intelligence Benefits FIs of All Sizes

Mr. Krijn de Mik, Fox-IT

16:15

Silver Solutions Showcase: How Financial Companies Can Starve Attackers Who Live off the Land

Mr. Wade Lance, Illusive Networks

16:15

Harnessing the Power of Behavioral Analytics

Mr. Jamie Sarakinis, Securonix

17:00

Reception

Tuesday 29 October

8:15

ETIC & ESC Breakfast INVITE ONLY

8:45

Continental Breakfast

9:15

Opening Remarks

9:30

How to Measure Anything in Cybersecurity Risk: Changing Perspectives

Mr. Adam Palmer, Santander and Mr. Doug Hubbard, Hubbard Analytics

Event Toggle Arrow

Drawing on techniques discussed in Doug Hubbard’s book, How to Measure Anything in Cybersecurity Risk, this session will change perspectives on managing risk to information security programs. Topics in this session include everything from principles of assessing and communicating risks, measuring “intangibles” like damage to reputation, measuring an expert’s skill at providing “calibrated estimates” of probabilities, and using spreadsheet-based simulations, to reviewing how some of the most popular risk assessments like heat maps and risk scores have objectively failed, and how to make the case for quantitative methods in your organization.

10:15

How Terrorist Organisations Can Impact Banks

Mr. Jason Steer, Recorded Future

Event Toggle Arrow

This discussion will examine how a recent US designation of Iran's Islamic Revolutionary Guard Corps as a terrorist organisation can impact financial institutions. The presenter will demonstrate how new global realities can impact and potentially increase threats to banks throughout the world.

10:45

Networking Break

11:15

Hidden Tactics: The Hunt is On

Mr. Jonathan Couch, ThreatQuotient

Event Toggle Arrow

The increasingly popular MITRE ATT&CK framework provides great insight into the process of the attacker and offensive operations and strategic direction for security operations. ATT&CK can be leveraged with infrastructure and threat intelligence to start hunting for adversaries in a network, based on their tactics, techniques and procedures. In this session, attendees will walk through adversary operations and the ATT&CK model and map it against security infrastructure and processes. Speakers will discuss the future of security operations and how to leverage frameworks to hunt for adversaries based on their TTPs.

11:15

Lessons Learned from CTI Sharing between Competitors

Mr. Aviram Zrahia, Tel Aviv University

Event Toggle Arrow

Cyberthreat intelligence (CTI) sharing is a collaborative effort to fight cybercrime by leveraging capabilities, knowledge and experience with and among the broader financial sector. This session will offer a unique, multidisciplinary view of the challenges of CTI and look at the relationships between cybersecurity vendors. Attendees will gain insights from the network structure formed between vendors and characterize the relationships and common properties of sharing firms.

11:15

Schuman Series Exercise/Workshop

Mr. Greg Gist, FS-ISAC and Mr. Vincent Thiele, ING BANK

Event Toggle Arrow

Join this public-private working session to discuss protocols for the financial sector in reaction to a large-scale incident. Members and public agencies in the European Union will come together to discuss crisis coordination and response and resiliency actions.

12:00

Innovation Showcase Lunch

Event Toggle Arrow

In a TED-Talk-style format, these showcase presentations will be high-level, conceptual discussions about industry advances within the financial sector.

12:00

Innovation Showcase: The Role of Automation in a Zero Trust Environment

Mr. Richard Cassidy, Exabeam

Event Toggle Arrow

A zero trust environment is built upon the premise that no asset or account has inherent access to anything, regardless of whether it exists inside or outside the network. Security practitioners have been extolling the virtues of this architecture model for a number of years; and whilst it is more complex to implement than the traditional perimeter-based defense, it certainly makes life harder for would-be attackers.To truly understand risk, organisations need up-to-date information that works in their favor. This session reviews how security automation and orchestration can truly benefit operations teams.

12:00

Innovative Showcase: Prioritize Vulnerabilities to Reduce Cyber-Risk

Mr. Jens Freitag, Tenable Network Security, Inc.

Event Toggle Arrow

Digital transformation has created a complex computing environment of cloud, development and operations, traditional compute and corporate LAN, mobility and IoT. Everything is connected as part of the new, modern attack surface, which has created a massive gap in organizations' abilities to truly understand their cyber exposure at any given time. This session reviews new approaches to effectively prioritize vulnerabilities and reduce cyber-risk.

12:00

Web Stack Attacks: Magecart and Vendor Threats

Mr. Aaron Mog, RiskIQ

Event Toggle Arrow

A new generation of attacks are emerging to take advantage of modern web development trends, including online shopping carts. Magecart is just one of several JavaScript-sniffing groups that have been stealing payment card data from online shoppers in recent years. In 2018, though, Magecart gained notoriety after hacking Ticketmaster, British Airways, and Newegg. This session explores how risks inherent in browser-based applications are creating tremendous risks across ecommerce, and reviews how threat actors are working to compromise applications and user experiences. From there, the session walks through steps organizations can take to better protect themselves now and into the future.

 
12:00

Open Banking and NextGenPSD2 to Go Beyond Compliance

Mr. Nick Coley, ForgeRock

Event Toggle Arrow

Open banking and PSD2 (the Revised Payment Service Directive) represent both regulatory challenges and competitive opportunities for banks and fintech. This session reviews how a unified and open-source solution will be key to addressing challenges in the future around customer authentication, secure APIs, customer consent and identity best practices. Banks can and should achieve more than just regulatory compliance; they also can introduce new products and services designed to meet the needs and expectations of today’s empowered consumers.

 
13:15

A Full-Cycle Investigation of Phishers Targeting EMEA FIs

Mr. Dmitry Volkov and Mr. Nicholas Palmer, Group-IB

Event Toggle Arrow

Threat intelligence has identified and analysed 2.6 million unique phishing URLs on 727, 000 domains, which is a 9 percent increase from 2018. Phishers specializing in massive cyber-attacks use so-called phishing kits. This session will review research into phishing attacks that targeted EMEA financial institutions, the infrastructure the attackers used and the full-cycle investigation into the real identities of the attackers. Attendees will learn how to automate the capture of credentials stored in phishing logs and techniques used in online investigations of cybercriminals.

13:15

Intel Sharing and The Evolution of Threat Sharing

Mr. Alex Rifman, Anomali

Event Toggle Arrow

Intelligence and indicator sharing have come a long way from the dark ages of private forums. Today, threat intelligence platforms are regularly leveraged in operations centers across the globe to triage and disseminate actionable information. This session will review the history of information sharing, the current state of today’s analysis centers and how organizations automate incident response processes. Attendees will also take an in depth look at the near-term future of information sharing.

13:15

Providing an External Intelligence Lens to the Insider Threat

Mrs. Tracy Watts, Lloyds Banking Group

Event Toggle Arrow

Learn how to communicate internally to build the entire team's knowledge of threats and how to cultivate relationships with peers cross-sector to encourage sharing. Join this session to gain an external intelligence view into insider threat strategy.

14:15

After NotPetya, BadRabbit, WannaCry, What´s the Next 'Unexpected' Threat?

Mr. Zeki Turedi, CrowdStrike

Event Toggle Arrow

In 2017, the cyberworld was hit with numerous destructive attacks from a range of threat actors. What types of attacks are striking now and what is on the horizon? This session will share alarming trends observed in the global threat landscape and highlight evolving best practices that have proved most successful against cybercriminals, hacktivists and nation-state adversaries. Attendees will review the latest threat intelligence discovered in 2018 and 2019, how to use it to shape a security strategy, and lessons learned from in-depth digital forensics, incident response and remediation.

14:15

Developing a Threat Intelligence Program - From Zero-to-Hero

Mrs. Sonia Burney, Charles Schwab

Event Toggle Arrow

To successfully build a threat intelligence team, clear goals and initiatives need to be identified and developed through a standardized workflow. For each initiative, teams need to identify intake processes, standardize procedures, identify outputs, and report actionable intel to appropriate stakeholders. Teams can then determine automation for processes and outputs to perform analytics and machine learning on data and convert metrics into intelligence. This session will go through these road mapping steps and share examples of converting metrics into intelligence. Attendees will walk through how a successful threat intelligence team was built and lessons learned.

14:15

Vendor Risks Aren’t Static: Monitoring Tips and Tactics

Mr. Ian Evans, OneTrust

Event Toggle Arrow

In today’s shifting security and regulatory environment, ongoing third-party monitoring is critical to ensure compliance. This session outlines the keys to third-party risk-management success through a modern approach to monitoring vendors. Learn more about maintaining oversight of third-party vendor risks, reassessing vendor risks on a regular basis and keeping your data-map up to date to map vendor data flows. The session also reviews the benefits of a third-party risk exchange, and how to proactively protect against third-party threats like data breaches.

15:00

Networking Break w/Raffle

15:30

Cloud Risk Assessments 2.0

Mr. Jim de Haas, ABN AMRO and Mr. Adam Palmer, Santander

Event Toggle Arrow

This session will highlight updates to cloud assessments provided by ABN AMRO's and Santander's cloud security teams. Institutions will share what they are doing from a best practice perspective, their visions for future cloud risk assessments and methods to increase the effectiveness of risk analysis. ABN AMRO and Santander plan to define next steps in the cloud risk assessment field.

15:30

Thwarting Financial Fraud with Unique Fraud Governance

Mr. Terje Aleksander Fjeldvaer, DNB Bank ASA

Event Toggle Arrow

Fraud is more than just financial loss. Powered by new technology and the use of diverse channels, such as the call center and online banking, a holistic analysis can result in a significant increase in the number of terminated fraudulent transactions and reduce the total amount lost. This session will review DNB's unique fraud governance model with an approach that focuses on first-party fraud with the same effort as third-party fraud.

15:30

How Frankfurter Volksbank Will Comply with BaFin Segmentation

Mr. Steffen Nagel, Frankfurter Volksbank and lIllumio

Event Toggle Arrow

For three consecutive years, risk acceptance has been the answer to audit findings. Visibility of application traffic was non-existent and segmentation mandated by Germany's Federal Financial Supervisory Authority, BaFin, was hard to achieve. But that is changing, as Frankfurter Volksbank proves. This session reviews how Frankfurter Volksbank is overcoming traffic visibility challenges to comply with BaFin's segmentation requirements.

16:00

Defining Security Culture: Learning from Other Industries

Mr. Sanjeev Shukla, Accenture and Mr. William Hoffman, Deutsche Bank

Event Toggle Arrow

Financial institutions have struggled to make attitudinal changes toward cybersecurity but have managed to make major improvements in handling conduct risk. This session will explore how conduct risk has been handled and the benefits for an institution’s cybersecurity program. It will also offer cross-industry insights regarding safety and security and will review aspects of behavioral sciences that can help change attitudes toward cyber-risk. Attendees will leave with a framework for influencing and changing security culture within a financial services organization.

17:15

Chairman's Reception

Wednesday 30 October [Members-Only]

9:00

Continental Breakfast & Registration

9:30

Enhancing Cyber-Resilience: An Intelligence-Led Approach to Cyberdefence

Daniel Barriuso, Global CISO Santander Group

Event Toggle Arrow

The financial sector continues to be a key target for cybercriminals in search of financial gain. A holistic, intelligence-led approach to cybersecurity is key to anticipating cyberthreats and minimising incident-response time and impact to an organisation. This session explores how and why building cross-sectorial, international intelligence exchange networks is essential in order to obtain first-hand knowledge about cyber-incidents, as well as to enhance detection and response capabilities.

10:45

How TLS 1.3 Can Coexist in Your Enterprise

Mr. Chales Bretz, FS-ISAC and Mr. Darin Pettis, US Bank

Event Toggle Arrow

Gain an understanding of the enterprise visibility problems that occur with the adoption of the cryptographic protocol known as Transport Layer Security 1.3. Serious issues have arisen because of the migration to TLS 1.3. Attendees will hear thought leadership around how TLS 1.3 can be used in conjunction with the new Enterprise Transport Security (ETS) standard. An overview will be shared along with an update about vendor adoption of ETS and timing. 

10:45

SWIFT Red Team Live Hacking Demo on a Fictitious Retail Bank

Mr. Brett Lancaster, SWIFT

Event Toggle Arrow

Join this session and witness a live cyber-attack to see how often overlooked security protocols leave the door wide open. Attendees will learn how by combining minor vulnerabilities, cybercriminals can infiltrate a business, steal data and cause untold damage to a company’s reputation. No real bank will be harmed in the process of this demonstration.

10:45

The Increasing Focus on Operational Resilience

Ms. Tara Kenny, Lloyds Banking Group

Event Toggle Arrow

Lloyds Banking Group’s (LBG) approach to enhancing operational resilience puts service continuity at the heart of its strategy. Learn how operational resilience is put into practice across a large corporate enterprise.  Attendees will be provided with insights from one group’s overarching framework, notable challenges through various stages of strategy, key successes and important lessons learnt along the way, including how to engage from the board down.

11:45

Detecting SSL C2: Data Gathering, Aggregation and Analysis

Mr. Giles Barford, Intercontinental Exchange

Event Toggle Arrow

Encrypted communications are commonly used by malicious actors for command and control (C2) channels. This session will offer a statistical technique for detecting C2 channels, using SSL/TLS JA3 fingerprints and analysis of connection intervals. Hear about the architecture needed to collect and analyse the underlying endpoint and network data, construct the model and investigate breaches. The described solution may be used by any financial institution to improve detection of commodity malware and advanced actors.

11:45

Learning by Gaming - ING's Organizational Resilience Game

Mr. Tim Jordan, ING

Event Toggle Arrow

ING has developed a physical board game to support internal learning and training of business continuity and crisis management topics. This effort to foster the corporation’s organizational resilience can be played by anyone and with no prior knowledge of the covered topics. In this session, attendees will play the game and learn how experienced business continuity and crisis management professionals use innovative tools to support awareness and competence among their teams.

12:30

Birds of a Feather Lunch

13:30

Access Management: Overview, Critical Success Factors and Best Practices

Mr. Andres Maurer, UBS

Event Toggle Arrow

Many companies still struggle to implement an effective access management system. Speakers will provide a holistic view of the access management process, critical success factors and best practices and illustrate inter-dependencies. This session will span both the business and technical aspects of access management by reviewing Zero Trust and eXtensible Access Control Markup Language frameworks. Attendees will formulate and structure their problems, contribute suggestions, share experiences and provide tips on best approaches.

13:30

Division of Labour and Cybercrime

Mr. Daniel Sierra Saavedra, Banc Sabadell

Event Toggle Arrow

Collaboration between cybergangs has increased in recent years. This session will review ways gangs such as Trickbot, Gozi and Ramnit collaborate, offering their TTPs with each other in exchange for other tools, money and/or information. Attendees will walk through the development of a conceptual map and gain an understanding of the risks and how to forecast what to expect in the near future.

13:30

Operational Resilience: Ensuring Continuity in Wake of an Attack

Dr. Jorke Kamstra, Euroclear

Event Toggle Arrow

In an interconnected ecosystem, operational resilience is a top concern for financial services. Without operational resilience, any incident internal or external can escalate into a long-term outage. Operational resilience can lead to sound practices to help absorb shocks and assure senior stakeholders that business can continue even when an incident occur. This presentation will provide an overview of operational resilience and key takeaways .

14:30

Alert - Black Swans Coming

Dr. David Aubrey-Jones, RBS

Event Toggle Arrow

The ‘Black Swan’ theory is a metaphor that describes an event that comes as a surprise, has a major impact and is often inappropriately rationalized. Most organizations are so focused on immediate threats that they often fail to see the next ‘Black Swan’ threat. Examples include the WannaCry and NotPetya events. This session will discuss possible Black Swans that could be on the horizon within the next few years, how they may occur and the best ways a company can prepare for these attacks and their risks.

14:30

The European Financial Sector Resilience and Security Coordination Group

Mr. John Morgan Solomon, Regional Director - EMEA, FS-ISAC

Event Toggle Arrow

At the 2018 EMEA Summit, FS-ISAC and several members and sector stakeholders founded European financial sector resilience group to provide strategic guidance, input and additional high-level coordination for the European financial sector. This session will seek to solicit member input into the structure and activities of this entity.

14:30

Access Management: Overview, Critical Success Factors and Best Practices

Mr. Andres Maurer, UBS

Event Toggle Arrow

Many companies still struggle to implement an effective access management system, even though identity and access management feeds and complements a number of critical areas, including behavioral biometrics and fraud analysis. This session provides a holistic view of the access management process, highlighting both critical success factors and best practices, and illustrating their inter-dependencies. This session spans both the business and technical aspects of access management, by reviewing Zero Trust and XACML (eXtensible Access Control Markup Language) frameworks. This session will allow participants to formulate and structure their problems, contribute suggestions, share experiences and provide tips about best approaches.

 
15:30

Threat-Driven Management: Building Organizations with Threats in Mind

Mr. Wade Bicknell, Deutsche Bank

Event Toggle Arrow

Financial institutions have been constructing their CISO organisations with a "compliance first" approach. While this is effective in mitigating compliance risk, it can sometimes lead to uneven and/or ineffective cyberdefense platforms that attempt to cover the full spectrum of cyberthreats. By taking a threat-based approach, organizations can better understand their cyber-exposure, and better understand. what their strategy might look like against current and emerging threats, the gaps they may have to fill and how to structure their organisation around a threat-based approach. This session will provide an overview of the cyberthreats financial institutions face globally and share best practices on how a CISO organization can be structured around them.

15:30

SWIFT's Enhanced Cyber Resilience 3 Years After the Bangladesh Attack

Mr. Brett Lancaster, SWIFT

Event Toggle Arrow

In its role in the global financial critical infrastructure, SWIFT continues to enhance its cyberprogramme to stay ahead of emerging cyber-attacks. SWIFT's internal cyber-programme is comprehensive, covering tools, processes, operations and cybersecurity teams which spans identification, protection, detection, response and recovery from cyberthreats. This session will review how SWIFT has used its Customer Security Framework to enhance security controls and resiliency three years after the attack against Bangladesh Bank. Attendees will hear firsthand how SWIFT is moving from "security built-in" to "resiliency built-in," as it adopts a layered approach to further strengthen its cyber-resilience.

15:30

Smart Contracts, Are You Sure?

Mr. Daniel Casado de Luis, Banc Sabadell

Event Toggle Arrow

This presentation will provide insight into the overall attack surface of smart contracts to evaluate their threat landscape’s ecosystem: the contracts themselves, Ethereum Virtual Machines, nodes and exchanges. Comparison between successful non-FI smart contract deployments and applicability to FIs will be analyzed. Attendees will consider or not whether the contracts are as trustworthy for financial institutions as they are for other sectors.

16:15

Reception