The financial services industry has long been at the technological cutting edge, but as the pace of change increases and customers themselves become more digitally literate, new opportunities and new challenges are becoming apparent.
The second edition of the New Statesman Cyber Security in Financial Services, coming to London on the 26th-27th November 2019, recognises the need for resilience and security in the industry. The conference has designed a two-day program which will deliver tailored discussions on digital transformation, cloud security, APIs, Open Banking, threat intelligence, online payments and app management.
Topics of discussion will include:
Who will attend?
C-level executives from financial institutions including chief operating officers, chief information officers, chief information security officers, chief risk officers, heads of compliance, heads of Information security, heads of security and data, as well as members of associations.
This event is CPD Certified
Forcepoint is transforming cybersecurity by focusing on what matters most: people’s behaviour as they interact with critical data and systems. This human-centric approach to cybersecurity frees employees to innovate by understanding the normal rhythm of user behaviour and the flow of data in and out of an organisation.
Forcepoint behaviour-based solutions adapt to risk in real time and are delivered via a converged security platform to protect network users and cloud access, prevent confidential data from leaving the corporate network, and eliminate breaches caused by insiders. Based in Austin, Texas, Forcepoint protects the human point for thousands of enterprise and government customers in more than 150 countries.
Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology.
Its self-learning AI is modeled on the human immune system and used by over 3,000 organizations to protect against threats to the cloud, email, IoT, networks and industrial systems. This includes insider threat, industrial espionage, IoT compromises, zero-day malware, data loss, supply chain risk, and long-term infrastructure vulnerabilities.
The company has over 1,000 employees, 40 offices and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.
IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the clear, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world. IntSights has offices in Amsterdam, Boston, Dallas, New York, Singapore, Tel Aviv, and Tokyo. To learn more, visit: intsights.com or connect with us on LinkedIn, Twitter, and Facebook.
Kenna Security is the leader in risk-based vulnerability management. The Kenna Security Platform is a scalable, cloud-based solution that delivers the most informed and accurate risk prioritization available. It enables security and IT operations teams to take a risk-based approach to vulnerability management by prioritizing and proactively managing the vulnerabilities that matter most. Leveraging Cyber Risk Context Technology™, the platform combines 15+ exploit intelligence sources, 3+ billion managed vulnerabilities, global attack telemetry, and remediation intelligence to accurately track and measure real-world exploit activity across the enterprise’s global attack surface. Using predictive modeling technology, the platform can also accurately forecast the future risk of vulnerabilities the instant they’re discovered, allowing organizations to proactively manage and reduce risk. Headquartered in San Francisco, Kenna counts among its customers many Fortune 100 companies, and serves nearly every major vertical.
FraudWatch International is a leader in the Anti-Phishing and Online Brand Protection industry. Founded in 2003, FraudWatch International is a privately owned Internet Security company and is headquartered in Melbourne, Australia, with offices in San Francisco, Dubai and London.
FraudWatch International protects clients brands online providing the following services:
- Anti-Phishing Monitoring and Takedown
- Online Brand Abuse and Impersonation Monitoring and Take Down
- Social Media Impersonation Monitoring and Take Down
- Fake Mobile Apps Monitoring and Take Down
- Dark Web Threat Intelligence Monitoring
- Staff Security Awareness Training
- Targeted Malware Monitoring and Take Down
We provide the fastest take down times in the industry to protect our client’s brands, with services provided from our 24x7 Security Operations Centre in Melbourne.
FraudWatch International protects clients in over 35 countries, in a variety of industries including Financial Services, Utilities, Travel, Retail and Government to name a few.
Secarma is a leading and independent security consultancy specialist, providing assurance through a suite of services including Penetration Testing and attack simulation exercises.
Our diverse portfolio of clients spans a range of sectors, including banking and finance, telecommunications, healthcare, IT, as well as local and national government. Furthermore, our ability to create bespoke and tailored programs enables us to be the trusted provider to SMEs and multinationals alike.
At the heart of our business are our consultants, who’s wealth of experience provides our clients with confidence in our ability to deliver the highest standard. We pride ourselves on making the technical team accessible to our clients to go beyond traditional testing and instead to provide real support and value even after the assessment has finished.
This creates a truly unique opportunity for us to work with our clients to create strategic, mature, and most importantly effective risk management solutions.
OneTrust is the #1 most widely used privacy, security and third-party risk technology platform trusted by more than 3,000 companies to comply with the CCPA, GDPR, ISO27001 and hundreds of the world’s privacy and security laws. OneTrust’s three primary offerings include OneTrust Privacy Management Software, OneTrust PreferenceChoice™ consent and preference management software, and OneTrust Vendorpedia™ third-party risk management software and vendor risk exchange. To learn more, visit OneTrust.com or connect on LinkedIn, Twitter and Facebook.
Illumio, the leader in micro-segmentation, prevents the spread of breaches inside data center and cloud environments. Enterprises such as Morgan Stanley, BNP Paribas, Salesforce, and Oracle NetSuite use Illumio to reduce cyber risk and achieve regulatory compliance. The Illumio Adaptive Security Platform® uniquely protects critical information with real-time application dependency and vulnerability mapping coupled with micro-segmentation that works across any data center, public cloud, or hybrid cloud deployment on bare-metal, virtual machines, and containers.
Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk.
We empower organizations to reveal unknown threats before they impact business, and enable teams to respond to alerts 10 times faster.
To supercharge the efforts of security teams, our technology automatically collects and analyzes intelligence from technical, open, and dark web sources and aggregates customer-proprietary data. Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies. 91 percent of the Fortune 100 use Recorded Future.
For more than 15 years, customers have used Endace's 100% accurate, Network History Recording and Playback to provide definitive, packet-level evidence for investigating cybersecurity threats, quantifying data breaches and troubleshooting network or application performance problems. Playback integrates with commercial, open-source or custom analytics applications to streamline and automate issue investigation. Network History can be played back through hosted or external analytics solutions for automated, back-in-time investigations.
Endace Network Recording and Playback scales to meet the needs of some of the largest, most complex networks on the planet. Global customers include banks, hospitals, telcos, broadcasters, retailers, web giants, governments and military.
Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents and email. Menlo Security's cloud-based Isolation platform scales to provide comprehensive protection across enterprises of any size without requiring endpoint software or impacting the end user experience. Menlo Security is trusted by major global businesses, including Fortune 500 companies and financial services institutions, and backed by American Express Ventures, Ericsson Ventures, HSBC, JP Morgan Chase, General Catalyst, Sutter Hill Ventures, Engineering Capital and Osage University Partners. Menlo Security is headquartered in Palo Alto, California. For more information, visit
https://www.menlosecurity.com or @menlosecurity.
Checkmarx makes software security essential infrastructure, setting a new standard that’s powerful enough to address today’s and tomorrow’s cyber risks. Checkmarx delivers the industry’s only comprehensive, unified software security platform that tightly integrates SAST, SCA, IAST and AppSec Awareness to embed security into every stage of the CI/CD pipeline and minimize software exposure. Over 1,400 organizations around the globe trust Checkmarx to accelerate secure software delivery, including more than 40 percent of the Fortune 100 and large government agencies.
NTT is a leading, global technology services company.
We believe that together we do great things. We’ve combined the capabilities of 28 remarkable companies to create one, leading technology services provider.
We partner with organizations around the world to shape and achieve outcomes through intelligent technology solutions. For us, intelligent means data driven, connected, digital, and secure. As a global technology services provider, we employ 40,000 people to be where our clients are based, across 57 countries. Working together, we deliver sustainable outcomes to your business and the world.
Innovation is part of our DNA. So, we strive to move forward, challenge the status quo, and drive excellence through the technologies we integrate and the services we deliver around the world. Together we enable the connected future.
XTN® is a company focused on the development of security and anti-fraud advanced behaviour-based solutions (based on cutting edge machine learning and AI capabilities) suitable for multiple devices and operating systems.
XTN® is active in the development of security and anti-fraud advanced solutions for financial transactions (web and mobile transaction’s monitoring) and mobile applications (multi-layered thread protection on mobile and IoT devices).
Since its inception XTN® has significantly invested in R&D activities thus earning and improving competencies in developing behaviour-based solutions mainly for transaction monitoring and anti-fraud applications.
Thanks to the constant research and study of cybercrime attempts, XTN® designs innovative technologies that allow app developers, companies and institutions to protect their business and their client’s sensitive data.
Established in 1999, Secon Cyber has long standing experience of providing class leading cyber security solutions to customers ranging from small to large enterprises. Our expertise lies in our deep understanding of the cyber security market and unique position in bringing some of the best of breed products and services to provide a fit for purpose and value for money security solution.
We provide a wide range of security solutions from our market-leading technology partners as well as our own in-house Our Managed Detection and Response (MDR) service. Secon Cyber’s MDR continuously monitors your network around the clock, searching for evolving threats. Using our automated engine, we analyse each of your events and logs and when a threat is detected, our skilled engineers immediately respond. With monthly reporting delivered straight to you, you’ll have confidence that you’re being properly protected from cyber attacks.
Secon Cyber is committed to ensuring our customers have the right security solutions to fit their needs. Our Security Consulting team is always on hand to help customers identify, design, develop, and implement the right security solutions to address their risk mitigation and compliance needs. These services include consulting for security strategies, digital security transformations, IT governance and compliance, and vulnerability testing.
LexisNexis® Risk Solutions leverages comprehensive digital and physical identity intelligence, machine learning and advanced big data analytics to accelerate risk management decisions and fortify fraud defenses for global businesses in over 100 countries. Our solutions combine innovative technology and intuitive analytics with more than 78 billion data records augmented by the digital identity coverage of the ThreatMetrix® Digital Identity Network to deliver a concise 360-degree view of risk at any point in the customer lifecycle. By correlating and consolidating the complex and ever-changing attributes that make up a consumer or business identity, LexisNexis Risk Solutions provides robust, actionable risk insights enabling secure and seamless transactions while limiting friction intelligently across every channel via a multi-layered approach. For more information, please visit www.risk.lexisnexis.com.
CyberArmor was established in 2018 by veterans in the software security and enterprise solutions domain. With data breaches cost reaching $2T in 2019 and with companies like British Airways, Marriot and Equifax getting million dollars fines, the company aims at eliminating data breaches while simultaneously reducing security and data protection complexity and logistic overhead. CyberArmor solution implements an identity-based data-centric zero trust solution in which only authenticated applications can access company data and APIs. The solution is completely infrastructure independent and works across data centers, cloud, hybrid and multi-cloud environments seamlessly.
CyberArmor empowers companies to deploy natively secured solutions in any environment by creating a transparent visibility and security control layer in any environment. It assures application identity is protected in runtime, network access is controlled, and data is encrypted with the keys bind to application integrity. Eliminating Breaches and making encryption and data protection a seamless effort.
CybelAngel provides an innovative solution of data leaks detection on the Internet.
We monitor the Dark Web and the Internet of Things to identify threats that could adversely affect our customers. We identify, in real time, the new risks on the web that target large companies. Every day we detect sensitive data circulating via the Internet without any protection such as passwords, credit cards, confidential documents, etc.
We have automated the entire information search process. This allows us to monitor a large number of sources at a high frequency. When a risk is identified, we perform a detailed human analysis to supplement the detected information. Having eliminated false positives, we then alert the companies, providing them with a precise analysis of the existing risk so they can take appropriate remedial steps.
We offer a service that can be easily integrated into existing security solutions. This service is non-intrusive, does not need to be installed on our customers' IT infrastructure and is based on a list of keywords that includes in particular domain names, IP addresses as well as subsidiary, brand and product names.
When a risk is detected, we alert our customers via a secure interface. This interface makes it possible to manage threats effectively. A control panel facilitates the monitoring of alerts over time, from the detection to the resolution of threats.
Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our products use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss due to misdirected emails, data exfiltration and other non-compliant email activity. We’ve raised $60m from legendary security investors like Sequoia and Accel and have over 150 employees located in San Francisco and London.
Agari is transforming the legacy Secure Email Gateway with its next-generation Secure Email Cloud™ powered by predictive AI. Leveraging data science and real-time intelligence from trillions of emails, the Agari Identity Graph™ detects, defends, and deters costly advanced email attacks including business email compromise, spear phishing and account takeover. Winner of the 2018 Best Email Security Solution by SC Magazine, Agari restores trust to the inbox for government agencies, businesses, and consumers worldwide. Learn more at www.agari.com.
RFA is a unique IT, financial cloud and cybersecurity provider to the financial services and alternative investment sectors, redefining the future of technological support. Through our R&D, DevOps, automation and machine-learning capabilities, RFA provides clients with customised workflow and IT strategies to bring tomorrow’s edge, today. RFA has been serving its alternative investment client base for 30 years and now works with over 800 clients across 7 global locations. It brings together a seasoned executive team and over 200 highly skilled consultant technicians which provide clients with infrastructure, collaboration, cybersecurity and business process solutions that are both best-in-class and system-agnostic, supported by expert staff and offered as a 24/7 service.
Accertify and InAuth are both wholly-owned subsidiaries of American Express and have been working with the largest brands in the world to prevent fraud. Both companies have elite technological capabilities built by fraud prevention experts. These solutions have been delivering increased fraud detection, with minimal customer insult so that companies can prevent fraud while growing their business. By coupling InAuth’s device intelligence with Accertify’s risk engine, behavioural analytics and machine learning, businesses have unparalleled insights to thousands of device and transaction attributes – across all channels – to assess the riskiness of an application and make a truly informed decision.
• What is the cyber threat?
• NCSC support to the Financial Sector
• Opportunities for Partnership
Senior Representative from the National Cyber Security Centre
In the security world, time is your biggest and most valuable asset. In this session, we will identifity how your business's external attack surface is ever expanding and how the use of internal tools and techniques make your external exposure difficult to protect. We will learn what External Threat Protection is and how it can be uses to defend against elements that we aren't aware of
• The need to address security bottlenecks and position cyber resilience as a business outcome
• Successful implementation of a cyber threat intelligence led cyber risk framework and governance
• The importance of building a talent pipeline and fostering diverse skills, experience and thought
Emma Leith, Chief Information Security Officer, Santander UK
• Understand vendor risk management trends
• Looking at the new challenges third-party risk, security, privacy, legal and IT teams are facing
• Learn how risk exchanges make vendor risk management more efficient
Today employees are accessing SaaS applications from any device, anywhere in the world. However, these applications are not directly accessed.Traffic from user devices (remote workers and offices) is backhauled via a central chokepoint to enforce security controls. As more SaaS applications are developed to increase employee efficiency, the traditional network architecture must change! So how should you re-think your cloud networksecurity approach? Discover how a Secure Cloud Transformation enables direct global access to the Internet while upgrading your security.
• Machine learning for threat intelligence and data protection
• Embracing the power and scalability of AI solutions to achieve operational excellence
• Leveraging machine learning and AI algorithms to defend against advanced cyber-threats
• Designing a risk-based IOT architecture for data collection & management of remote systems
• Simulating real incidents in a real environment
• Communication the return of investment through real Metrics
• Optimising your detection strategy
• Looking at the different types of data created by network security tools
• Using these data types to their best advantage
• Linking data to make life easier for analysts
• Current threat-centric models of security are unable to cope with the scope and
complexity of the dynamic threat landscape
• Can a human-centric approach, based on behavioural science, change the game for security professionals?
• Learn from real-world examples of how a human-centric approach can improve effectiveness and efficiency in security operations
• Overview of what the Phishing Kill Chain is
• How it impacts and penetrates consumers
• Step by step requirements to avoid an attack
• Getting cyber security in line with business operations
• Communicating the un-quantifiable value in your cyber security investment
• Working as a team to deal with existing or new complex threats
• Fostering a cyber security conscious culture within the organisation
• What it means to be ‘cybersecurity intelligent’ in an intelligent business
• Becoming secure by design
• The role of risk & identity
• Dissecting an FSi Cyber Security Data Leak Detection Algorithm
• Understanding the Algorithm Variables
• Reducing Algorithm Bias in Robots and Humans
• Why Humans still need to apply
• Once encryption is used for data protection, a critical issue becomes protection of encryption keys
• Traditional methods try to address key protection and management but introduce a problem of how to control access to the keys and how to protect keys while in use
• Financial services companies are help to tight regulation on data protection and key protection in-use, the need for such protection is becoming even stronger as attacker get more sophisticated
• In this presentation we will discuss an innovative solution for the problem and introduce a zero trust approach based on moving target defense and stealth coding methods
• Put the threat landscape into perspective
• What is the impact of a cyber incident
• GDPR – threats and responses – update
• Why Cyber Insurance?
• Artificial Intelligence (AI) software is everywhere being leveraged by many industries such as healthcare, fin-tech, banks, and e-commerce
• But how does AI impact the security space?
• How Security can benefits from AI and how it can harm it – insights from black and white hats hackers
• Laying down the ground work for protection
• Data driven results
• Understanding that the people are the business: combat expert with your team of experts
• The value in continuous monitoring
• Customer IAM is changing
• The old ways of isolating the business no longer work
• The business wants higher security access but it also wants low friction customer journeys
Research conducted by the Cyentia Institute shows that the timeline for patching vulnerabilities varies widely by industry and the complexity of an enterprise. The quickest, on average, patch vulnerabilities four to five times faster than the slowest. However, the velocity at which organisations remediate vulnerabilities doesn’t always correlate directly to their security posture.
How do you:
• Assess the scale of the problem
• Benchmark against industry metrics
• Establish how success should be measured
• Enable ITOps/DevOps to be part of the remediation task force?
• How to successfully implement secure strategies for a better tomorrow
• Understanding your user’s : customer and employees
• Achieving success through innovation
• Where cyber-criminals have found weaknesses in legacy approaches to security
• Why humans cannot stop threats 24/7, particularly when bombarded with false positives
• How autonomous response enables incident responders to counter machine-speed attacks
· How we match the sophistication of our adversaries with our own solutions
· Reaching a scale of action and breadth of insight that cannot be matched by traditional methods
· Practical examples and experiences of how Al and machine learning can keep customers safer
• What trends are shaping cyber security in 2019?
• How Digital Identity is being used in the UK FS – why and what are the security implications
• What is it that creates a Digital Identity? The power of networks
• The value of negative digital identity and shared knowledge in cyber security
• Overcoming challenges within the Fraud and Financial Crime landscape in a digital era
• How to ensure that the fraud, financial crime and cyber security teams work in alignment
• Open-banking and Fraud risk
• How will disruptive technologies like AI impact Fraud prevention and policy
Malware, ransomware and other cybercrime attacks are growing whilst and becoming more sophisticated. And yet many businesses are not prepared to protect themselves from the inherent risks and dangers that are often magnified when you add compliance requirements. This is often because most internal networks are wide open by design, since using traditional data centre firewalls as a security measure is difficult and expensive. Would you like to learn about a new way to decouple security segmentation from the network infrastructure, and implement an affordable, practical way to protect your business?
• Open Banking a new channel for fraud prevention
• SCA: an opportunity to differentiate on user experience
• How to benefit from a holistic view of the fraudulent event
Mark’s work has been on how to drive real behaviour change to help employees behave safely online and with data, both for their organisation’s and their own security. This interactive presentation will look at how academic research can help us understand, and influence our behaviour for good and turn us into safer, more secure, internet citizens, both at work and at home.