• Overview
  • Program
  • Sponsors

Thank you to everyone who attended our event.

View the full agenda.

The world is focused on the next phase of the pandemic, calling it "the new normal." We think it's going to be everything but normal.

Current risk frameworks may not be built to support the radical changes financial institutions are confronting. For example, remote work was the exception, but it has quickly become the norm.
The rapid digitization of products and services presents both business opportunities and new risks such as fraud. And the acceleration of timelines for adopting technologies like digital currencies and artificial intelligence presents novel security challenges.

Join our two-day virtual summit to stay at the forefront of these new technology trends and emerging paradigms so your firm can become a master of adaptation.

A mix of live and on-demand sessions covering relevant topics around:

  • Fraud
  • Governance, Risk Management and Compliance
  • Digital Currency
  • Advanced Technologies and Techniques 
  • Cloud/Virtual environments

***Please note that FS-ISAC members can attend at no cost. 




Keynote: The Future of the Dark Web: A Sneak Peek into the Criminal Underworld

Janey Young, Head of the Dark Web, European Cybercrime Centre – EC3

Event Toggle Arrow

Privacy orientated software is a key enabler of crime in the modern world. It provides criminals with shadows in which to hide, perfect platforms of anonymity to commit illicit trade and support crime and terrorism. This session will introduce the murky world of the dark web, highlighting the scope of the threat. It will also outline the international law enforcement strategy to tackling this, including the partnerships and collaborations in place. Lastly, it will identify the challenges going forward and provide a forecast for the future of the dark web.

Janey Young is the Head of the Dark Web at Europol's European Cybercrime Centre (EC3) based in The Hague, the Netherlands. She is janeyresponsible for delivering the European strategy for a co-ordinated approach to tackling crime on the dark web. Janey has 23 years’ experience investigating a wide range of serious and organised crime across international borders, including those now committed via the dark web; drugs and weapons, cybercrime and economic crime. Before moving to Europol, Janey was a Senior Manager in the UK National Crime Agency’s National Cybercrime Unit (NCCU), responsible for the prevention and private industry relationship strategies. This experience cemented her belief in multidimensional and partnership approaches that now form the basis of the European strategy to reduce crime on the dark web.


Understanding the Ransomware Landscape

Eclectic IQ

Event Toggle Arrow

Ransomware has crippled business operations worldwide. But leading organizations are building resistance to such attacks in advance. Get prepared in three ways with this session. First, get the lowdown on how ransomware attackers operate, including their tactics, techniques and procedures. Second, see how cyber threat intelligence can help you mitigate and respond to ransomware risks. Third, get a walkthrough of a worst-case scenario: a successful ransomware attack. This session will provide practical tips, including how to avoid paying ransoms. And in case you ever must pay a ransom, we’ll explain how to approach the ransomware actor and start the negotiation process.

Open Banking and PSD2: Open doors and new Threats

Natwest Group

Event Toggle Arrow

Open banking rules in Europe’s Revised Payment Service Directive (PSD2) are putting customer information into the hands of more parties like new FinTech start-ups. These newcomers may not have the same security experience as traditional banking firms that have fought fraud for years. Opportunistic criminals see this trend creating an expanded attack surface with significant weaknesses. But FinTech companies, banks and other financial institutions can proactively spot and mitigate open banking security risks. In this session, learn an approach designed to help banks and customers avoid very large losses.

Technology enablement in the intelligence cycle and the role of TIPs

S&P Global

Event Toggle Arrow

Finding the right technology to support your cyber threat intelligence (CTI) analysts’ workflows and daily activities is hard. And advertising from vendors makes it even harder. This session will cut through the propaganda: providing a vendor-agnostic look at the process of selecting the right tools by providing a primer on the CTI cycle. Second, hear an overview of the current threat intelligence platform (TIP) landscape and explore the (vendor-agnostic) limitations that have been spotted by researchers and practitioners. Finally, learn tangible recommendations related to TIPs for different user groups.

Five Steps to Streamline Third-Party Financial Due Diligence and Business Continuity


Event Toggle Arrow

More and more, boards are worried about the financial viability of the third parties that their organizations depend on most. And so, board members are making third-party risk and business continuity top priorities. Now, organizations are learning lessons as they assess their suppliers and service providers to avoid significant operational disruptions. In this session, learn about emerging trends along with examples of actions organizations are taking to navigate market disruptions. Additionally, hear how to streamline rapid financial due diligence of suppliers and how to develop and execute business continuity plans related to third-parties.

Nation State Actors: Shifting Tides Towards Profit


Event Toggle Arrow

The North Korean threat actor behind the 2016 SWIFT bank heist—the Lazarus Group—is hatching new financially motivated hacking schemes. And now they are targeting e-commerce. This session will provide a close look at the group’s shift to using JavaScript sniffers (JS-sniffers) and stealing payment card details in order to profit. We’ll discuss recent tactics, techniques and procedures; infrastructure; and the attribution logic behind the analysis that links the Lazarus Group to this latest cybercrime scheme. Lastly, this session will lay out predictions about the future activities of this nation-state threat actor.

The Life of a Trade from an InfoSec Perspective


Event Toggle Arrow

The cyber risk facing the global securities market made headlines after a 2018 study by BAE Systems and SWIFT. But what does the life of a securities trade look like in Europe, the Middle East and Africa (EMEA)? U.K. authorities reminded all regulated firms to enact appropriate systems and controls to manage operational and technology-related risks after a 2019 London Stock Exchange outage. But how can you provide cybersecurity throughout the entire trade lifecycle? This session will provide those high-level answers, plus a look at the risks involved in reporting a trade.

Systemic Cyber Risk: In Theory and Practice

Tokio Marine Holdings

Event Toggle Arrow

Now more than ever, your organization needs a high-level understanding of how bad outcomes from cybersecurity incidents might snowball. Events like a wormable malware attack or an outage of a critical provider, for example, could cause systemic shocks. This session will provide a look at different ways of modeling exposures to cyber events through the use of scenarios. We’ll also discuss the challenges of collecting data, conducting analysis and identifying exposures. And we’ll share lessons banks can borrow from the insurance industry, including tips on supply chain mapping and looking at exposures for clients.

Leveraging Data Analysis to Enhance Vendor and Open-Source Threat Feeds


Event Toggle Arrow

In cyber threat intelligence, context is key—but it’s hard to come by. Threat feeds often lack annotations on attribution. And without such context, threat feeds aren’t actionable. So HSBC developed a way to compare these poorly annotated indicators of compromise (IoCs) with our own curated and labeled threat intel data set. In this session, we’ll show how we used off-the-shelf tools to get this started. We’ll explain our custom techniques for comparing IoCs. And we’ll show a concrete example of how we used this analysis to improve a vendor threat feed and strengthen our own intelligence collection.

Ransomware Response - Best Practice

Booz Allen Hamilton

Event Toggle Arrow

Ransomware is holding data and operations hostage more and more. And leading organizations are among the targets. We’ll provide a threat overview and actionable recommendations on how to harden your network defenses and boost resiliency against ransomware. We’ll share real-world, leading practices that have helped mitigate the effects of ransomware events. And you’ll hear how to leverage endpoint and HUNT analytics to detect hidden threat actors and minimize false alarms. Lastly, we’ll discuss the dos and don’ts of ransomware negotiations, followed by Q&A.

Application Security Beyond Effective Bot Mitigation“Playful Platforms” and Exponential Outcomes

Larry Venter – VP Customer Success & Solution Engineering, Shape Security

Event Toggle Arrow

As online activity increases and digital footprints expand, so too does the overall application attack surface. 2020 has been marked by soaring data breaches, leaks, new attack patterns and phishing scams related to COVID-19. The pandemic has compounded application fraud and abuse and greatly accelerated consumer digital adoption and consequently business digital transformation.

Truly effective digital transformation journeys should always be cross-functional and silo-busting in nature. Different departments must be encouraged to think beyond their traditional borders, interact with adjacent functions, and intimately understand how their work can both boost revenue and reduce cost. Join Shape Security as we discuss how the fraud rhetoric has adapted to encompass a newly converged approach – one that persists and correlates security defenses to better enable business results.