Janey Young, Head of the Dark Web, European Cybercrime Centre – EC3
Privacy orientated software is a key enabler of crime in the modern world. It provides criminals with shadows in which to hide, perfect platforms of anonymity to commit illicit trade and support crime and terrorism. This session will introduce the murky world of the dark web, highlighting the scope of the threat. It will also outline the international law enforcement strategy to tackling this, including the partnerships and collaborations in place. Lastly, it will identify the challenges going forward and provide a forecast for the future of the dark web.
Janey Young is the Head of the Dark Web at Europol's European Cybercrime Centre (EC3) based in The Hague, the Netherlands. She is responsible for delivering the European strategy for a co-ordinated approach to tackling crime on the dark web. Janey has 23 years’ experience investigating a wide range of serious and organised crime across international borders, including those now committed via the dark web; drugs and weapons, cybercrime and economic crime. Before moving to Europol, Janey was a Senior Manager in the UK National Crime Agency’s National Cybercrime Unit (NCCU), responsible for the prevention and private industry relationship strategies. This experience cemented her belief in multidimensional and partnership approaches that now form the basis of the European strategy to reduce crime on the dark web.
Ransomware has crippled business operations worldwide. But leading organizations are building resistance to such attacks in advance. Get prepared in three ways with this session. First, get the lowdown on how ransomware attackers operate, including their tactics, techniques and procedures. Second, see how cyber threat intelligence can help you mitigate and respond to ransomware risks. Third, get a walkthrough of a worst-case scenario: a successful ransomware attack. This session will provide practical tips, including how to avoid paying ransoms. And in case you ever must pay a ransom, we’ll explain how to approach the ransomware actor and start the negotiation process.
Open banking rules in Europe’s Revised Payment Service Directive (PSD2) are putting customer information into the hands of more parties like new FinTech start-ups. These newcomers may not have the same security experience as traditional banking firms that have fought fraud for years. Opportunistic criminals see this trend creating an expanded attack surface with significant weaknesses. But FinTech companies, banks and other financial institutions can proactively spot and mitigate open banking security risks. In this session, learn an approach designed to help banks and customers avoid very large losses.
Finding the right technology to support your cyber threat intelligence (CTI) analysts’ workflows and daily activities is hard. And advertising from vendors makes it even harder. This session will cut through the propaganda: providing a vendor-agnostic look at the process of selecting the right tools by providing a primer on the CTI cycle. Second, hear an overview of the current threat intelligence platform (TIP) landscape and explore the (vendor-agnostic) limitations that have been spotted by researchers and practitioners. Finally, learn tangible recommendations related to TIPs for different user groups.
More and more, boards are worried about the financial viability of the third parties that their organizations depend on most. And so, board members are making third-party risk and business continuity top priorities. Now, organizations are learning lessons as they assess their suppliers and service providers to avoid significant operational disruptions. In this session, learn about emerging trends along with examples of actions organizations are taking to navigate market disruptions. Additionally, hear how to streamline rapid financial due diligence of suppliers and how to develop and execute business continuity plans related to third-parties.
The cyber risk facing the global securities market made headlines after a 2018 study by BAE Systems and SWIFT. But what does the life of a securities trade look like in Europe, the Middle East and Africa (EMEA)? U.K. authorities reminded all regulated firms to enact appropriate systems and controls to manage operational and technology-related risks after a 2019 London Stock Exchange outage. But how can you provide cybersecurity throughout the entire trade lifecycle? This session will provide those high-level answers, plus a look at the risks involved in reporting a trade.
Tokio Marine Holdings
Now more than ever, your organization needs a high-level understanding of how bad outcomes from cybersecurity incidents might snowball. Events like a wormable malware attack or an outage of a critical provider, for example, could cause systemic shocks. This session will provide a look at different ways of modeling exposures to cyber events through the use of scenarios. We’ll also discuss the challenges of collecting data, conducting analysis and identifying exposures. And we’ll share lessons banks can borrow from the insurance industry, including tips on supply chain mapping and looking at exposures for clients.
In cyber threat intelligence, context is key—but it’s hard to come by. Threat feeds often lack annotations on attribution. And without such context, threat feeds aren’t actionable. So HSBC developed a way to compare these poorly annotated indicators of compromise (IoCs) with our own curated and labeled threat intel data set. In this session, we’ll show how we used off-the-shelf tools to get this started. We’ll explain our custom techniques for comparing IoCs. And we’ll show a concrete example of how we used this analysis to improve a vendor threat feed and strengthen our own intelligence collection.
Booz Allen Hamilton
Ransomware is holding data and operations hostage more and more. And leading organizations are among the targets. We’ll provide a threat overview and actionable recommendations on how to harden your network defenses and boost resiliency against ransomware. We’ll share real-world, leading practices that have helped mitigate the effects of ransomware events. And you’ll hear how to leverage endpoint and HUNT analytics to detect hidden threat actors and minimize false alarms. Lastly, we’ll discuss the dos and don’ts of ransomware negotiations, followed by Q&A.
Larry Venter – VP Customer Success & Solution Engineering, Shape Security
As online activity increases and digital footprints expand, so too does the overall application attack surface. 2020 has been marked by soaring data breaches, leaks, new attack patterns and phishing scams related to COVID-19. The pandemic has compounded application fraud and abuse and greatly accelerated consumer digital adoption and consequently business digital transformation.
Truly effective digital transformation journeys should always be cross-functional and silo-busting in nature. Different departments must be encouraged to think beyond their traditional borders, interact with adjacent functions, and intimately understand how their work can both boost revenue and reduce cost. Join Shape Security as we discuss how the fraud rhetoric has adapted to encompass a newly converged approach – one that persists and correlates security defenses to better enable business results.