• Overview
  • Program
  • Sponsors

Registration is open 

Register Now

***Non-members or members without a FS-ISAC Intelligence Exchange account register here


View the full agenda.

The world is focused on the next phase of the pandemic, calling it "the new normal." We think it's going to be everything but normal.

Current risk frameworks may not be built to support the radical changes financial institutions are confronting. For example, remote work was the exception, but it has quickly become the norm.
The rapid digitization of products and services presents both business opportunities and new risks such as fraud. And the acceleration of timelines for adopting technologies like digital currencies and artificial intelligence presents novel security challenges.

Join our two-day virtual summit to stay at the forefront of these new technology trends and emerging paradigms so your firm can become a master of adaptation.

A mix of live and on-demand sessions covering relevant topics around:

  • Fraud
  • Governance, Risk Management and Compliance
  • Digital Currency
  • Advanced Technologies and Techniques 
  • Cloud/Virtual environments

***Please note that FS-ISAC members can attend at no cost. 

testimonials

 

Program

Keynote: The Future of the Dark Web: A Sneak Peek into the Criminal Underworld

Janey Young, Head of the Dark Web, European Cybercrime Centre – EC3

Event Toggle Arrow

Privacy orientated software is a key enabler of crime in the modern world. It provides criminals with shadows in which to hide, perfect platforms of anonymity to commit illicit trade and support crime and terrorism. This session will introduce the murky world of the dark web, highlighting the scope of the threat. It will also outline the international law enforcement strategy to tackling this, including the partnerships and collaborations in place. Lastly, it will identify the challenges going forward and provide a forecast for the future of the dark web.

Bio:
Janey Young is the Head of the Dark Web at Europol's European Cybercrime Centre (EC3) based in The Hague, the Netherlands. She is janeyresponsible for delivering the European strategy for a co-ordinated approach to tackling crime on the dark web. Janey has 23 years’ experience investigating a wide range of serious and organised crime across international borders, including those now committed via the dark web; drugs and weapons, cybercrime and economic crime. Before moving to Europol, Janey was a Senior Manager in the UK National Crime Agency’s National Cybercrime Unit (NCCU), responsible for the prevention and private industry relationship strategies. This experience cemented her belief in multidimensional and partnership approaches that now form the basis of the European strategy to reduce crime on the dark web.

 

Understanding the Ransomware Landscape

Eclectic IQ

Event Toggle Arrow


Ransomware has crippled business operations worldwide. But leading organizations are building resistance to such attacks in advance. Get prepared in three ways with this session. First, get the lowdown on how ransomware attackers operate, including their tactics, techniques and procedures. Second, see how cyber threat intelligence can help you mitigate and respond to ransomware risks. Third, get a walkthrough of a worst-case scenario: a successful ransomware attack. This session will provide practical tips, including how to avoid paying ransoms. And in case you ever must pay a ransom, we’ll explain how to approach the ransomware actor and start the negotiation process.

Open Banking and PSD2: Open doors and new Threats

Natwest Group

Event Toggle Arrow

Open banking rules in Europe’s Revised Payment Service Directive (PSD2) are putting customer information into the hands of more parties like new FinTech start-ups. These newcomers may not have the same security experience as traditional banking firms that have fought fraud for years. Opportunistic criminals see this trend creating an expanded attack surface with significant weaknesses. But FinTech companies, banks and other financial institutions can proactively spot and mitigate open banking security risks. In this session, learn an approach designed to help banks and customers avoid very large losses.

Technology enablement in the intelligence cycle and the role of TIPs

S&P Global

Event Toggle Arrow

Finding the right technology to support your cyber threat intelligence (CTI) analysts’ workflows and daily activities is hard. And advertising from vendors makes it even harder. This session will cut through the propaganda: providing a vendor-agnostic look at the process of selecting the right tools by providing a primer on the CTI cycle. Second, hear an overview of the current threat intelligence platform (TIP) landscape and explore the (vendor-agnostic) limitations that have been spotted by researchers and practitioners. Finally, learn tangible recommendations related to TIPs for different user groups.

Five Steps to Streamline Third-Party Financial Due Diligence and Business Continuity

OneTrust

Event Toggle Arrow

More and more, boards are worried about the financial viability of the third parties that their organizations depend on most. And so, board members are making third-party risk and business continuity top priorities. Now, organizations are learning lessons as they assess their suppliers and service providers to avoid significant operational disruptions. In this session, learn about emerging trends along with examples of actions organizations are taking to navigate market disruptions. Additionally, hear how to streamline rapid financial due diligence of suppliers and how to develop and execute business continuity plans related to third-parties.

Nation State Actors: Shifting Tides Towards Profit

Group-IB

Event Toggle Arrow

The North Korean threat actor behind the 2016 SWIFT bank heist—the Lazarus Group—is hatching new financially motivated hacking schemes. And now they are targeting e-commerce. This session will provide a close look at the group’s shift to using JavaScript sniffers (JS-sniffers) and stealing payment card details in order to profit. We’ll discuss recent tactics, techniques and procedures; infrastructure; and the attribution logic behind the analysis that links the Lazarus Group to this latest cybercrime scheme. Lastly, this session will lay out predictions about the future activities of this nation-state threat actor.

The Life of a Trade from an InfoSec Perspective

FS-ISAC

Event Toggle Arrow

The cyber risk facing the global securities market made headlines after a 2018 study by BAE Systems and SWIFT. But what does the life of a securities trade look like in Europe, the Middle East and Africa (EMEA)? U.K. authorities reminded all regulated firms to enact appropriate systems and controls to manage operational and technology-related risks after a 2019 London Stock Exchange outage. But how can you provide cybersecurity throughout the entire trade lifecycle? This session will provide those high-level answers, plus a look at the risks involved in reporting a trade.

Systemic Cyber Risk: In Theory and Practice

Tokio Marine Holdings

Event Toggle Arrow

Now more than ever, your organization needs a high-level understanding of how bad outcomes from cybersecurity incidents might snowball. Events like a wormable malware attack or an outage of a critical provider, for example, could cause systemic shocks. This session will provide a look at different ways of modeling exposures to cyber events through the use of scenarios. We’ll also discuss the challenges of collecting data, conducting analysis and identifying exposures. And we’ll share lessons banks can borrow from the insurance industry, including tips on supply chain mapping and looking at exposures for clients.

Leveraging Data Analysis to Enhance Vendor and Open-Source Threat Feeds

HSBC

Event Toggle Arrow

In cyber threat intelligence, context is key—but it’s hard to come by. Threat feeds often lack annotations on attribution. And without such context, threat feeds aren’t actionable. So HSBC developed a way to compare these poorly annotated indicators of compromise (IoCs) with our own curated and labeled threat intel data set. In this session, we’ll show how we used off-the-shelf tools to get this started. We’ll explain our custom techniques for comparing IoCs. And we’ll show a concrete example of how we used this analysis to improve a vendor threat feed and strengthen our own intelligence collection.

Ransomware Response - Best Practice

Booz Allen Hamilton

Event Toggle Arrow

Ransomware is holding data and operations hostage more and more. And leading organizations are among the targets. We’ll provide a threat overview and actionable recommendations on how to harden your network defenses and boost resiliency against ransomware. We’ll share real-world, leading practices that have helped mitigate the effects of ransomware events. And you’ll hear how to leverage endpoint and HUNT analytics to detect hidden threat actors and minimize false alarms. Lastly, we’ll discuss the dos and don’ts of ransomware negotiations, followed by Q&A.

The Ultimate Digital Experience – Customer Usability, Application Security, Compliance

Shape Security

Event Toggle Arrow

Hackers and fraudsters target online applications constantly. And they use an arsenal of new technology and timeless trickery to unlock defenses around monetary value and data. Protecting your customers while also heeding open banking rules and improving the customer experience is daunting—but not impossible. In this session, we’ll explain how threats, countermeasures and the rhetoric of application security and digital fraud are changing. And we’ll show how organizations can adjust their security postures accordingly to provide secure, compliant applications that delight customers and drive digital engagement.