The Business Agenda
Thursday and Friday, April 15 -16, 2021
Dear Executives,
Cyberattacks are the fastest growing crime globally and predicted to cost the world $6 trillion annually in the next 2 years.
One of the most affected industries are finance and banking along with manufacturing, healthcare, government, education, transportation and energy. Governments and some other public sectors are severely underfunded and lack the knowledge to deal with the current situation.
Prevention of Cyberattacks in financial institutions is crucial for future development of financial markets. To help them and the most affected industry, banking and finance, we have put together the Financial Institution Edition of Annual Nordic IT Security (NITS) summit.
Day 1
08:25
KICK OFF
08:35
Networking Village + (1-1) Meetings
09:20
Mitigating Risk & Fraud Prevention
• Could you please give me a real life example of a sophisticated fraud case where criminals have adapted to using new technology?
• How did you react to mitigate risk in the short term?
• What are your long term plans to mitigate and prevent these sort of incidents?
Terje Aleksander Fjeldvær
SVP – Head of Financial Cyber Crime Center (FC3), DNB Bank
09:35
Why Law Enforcement is better than us in catching criminals? Fusion is the Answer
• How to profile indicators and incidents and pull information from different sources.
• Case & Incident management approaches to fit current organization processes.
• Speeding up the time to Decision making in order to have rapid responses.
Ahmed ALi
VP – EMEA, Cyware Labs Inc.
09:55
Know Your Enemy: Understand, prepare for and proactively protect against the latest cyber threats
To ensure your cyber defence is ready to deal with the evolving risks, you need to understand the cyber threat landscape. What are some of the critical events in the cybercriminal ecosystem that drives new threats? What should you prioritize first, and how can you apply the knowledge of the threat actor’s tools and techniques to improve your defences and understand the cyber threats that pose the most significant risk to your organization?
In this joint keynote between Mandiant Threat Intelligent and Mandiant Consulting Services, we will cover the current cyber threat landscape, key trends observed and obtained during research and incident response and talk about how you can apply the threat actor knowledge proactively inside your organization.
The keynote will focus on three topics:
• How to profile indicators and incidents and pull information from different sources.
• Case & Incident management approaches to fit current organization processes.
• Speeding up the time to Decision making in order to have rapid responses.
Jens Christian Høy Monrad
EMEA Head of Mandiant Threat Intelligence, FireEye-Mandiant
Jon Overgaard Christiansen
Nordic Manager Mandiant Consulting and Red Teamer Services, FireEye-Mandiant
10:15
How to secure your workforce, both remotely and on site?
• What pain points did you experience before you procured an IAM?
• What does your IAM roadmap look like going forward?
• Why do you think focusing on IAM is important for businesses?
Lovisa Stenbäcken Stjernlöf
Okta Practice Lead, Devoteam
Jon Westholm
VP Information security, Cint
Sandra Visocka
Cloud Architect, Trustly
10:50
Banking for a Digital Native Generation of Customers and Partners
The financial services ecosystem is rapidly transforming and expanding. Users want services and products that are easily consumed, highly secure with privacy & data control at the core while still being hyper personalised and relevant to their lifestyle. So how do we deliver an integrated digital experience that is underpinned by the user’s digital identity and their trust in the brand?
Explore with us in this session where we will dive into:
• Digital native consumers, their expectations & how to meet them
• Disruptive digital ecosystem entrants and associated opportunities
• Balancing convenience, security, compliance and innovation
Johan Fantenberg
Principal Sales Engineer, Forgerock
11:10
Is proactive being enough when it comes to Cyber Insurance?
• How cyber insurance companies help to protect customers?
• How to increase awareness within organizations to prevent being attacked?
• Enhance security: How can we as insurance providers take so called preventive steps to mitigate their main risks?
Tom Engly
Director, Chief Security Officer, Tryg
Jytte Adelmark
Director, Vækstcenter Sundhed, Tryg
Steve Brown
Director, Cyber Security, Mastercard
Edwin Weijdema
Global Technologist, Product Strategy, Veeam
11:40
How you push the bad guys away from your mobile app
How Hacker-frustration leads to security
• From Mobile First to Mobile only
• The challenge of making apps great and safe
• Addressing the Man-in-the-middle
Build38’s Trusted Application Kit (T.A.K) for Mobile App and Fraud Protection was awarded the PwC Award for the best Cybersecurity Solution of the Year 2020 and won the German IT Security Pitch 2019
Christoph Brecht
VP Sales EMEA, Build38
12:00
Back to the future of banking with e-commerce payment system
• What is your take on the Payment revolution?
• What would you address as your biggest challenge at minute and what will be the knock on effect if it is not mitigated within the cybersecurity team?
• Why is it important to take a proactive approach rather than a reactive approach?
• What is the importance of intangible money in this moment in time?
Dimitrios Stergiou
CISO, Trustly
12:15
Networking Village + (1-1) Meetings
13:00
Digital transformation, e-identification: Sweden leading the way
• A secure e-identification, a prerequisite for a sustainable digital society
• Sweden’s digital transformation through the use of e-identification enabling digital transactions
• Addressing differences pre, during and post pandemic.
Andreas Bergqvist
CSO/CISO Finansiell ID-Teknik, BankID
13:15
Changing Cyber Landscapes: The Battle of Algorithms
Among rapidly evolving technological advancements, the emergence of AI-enhanced malware is making cyber-attacks exponentially more dangerous and harder to identify. In the near future, we will begin to see supercharged, AI-powered cyber-attacks leveraged at scale. To protect against offensive AI attacks, organizations are turning to defensive cyber AI, which can identify and neutralize emerging malicious activity, no matter when, or where, it strikes.
• Paradigm shifts in the cyber landscape
• Advancements in offensive AI attack techniques
• The Immune System Approach to cyber security and defensive, Autonomous Response capabilities
• Real-world examples of emerging threats that were stopped with Cyber AI
Andrew Tsonchev
Director of Technology, Darktrace
13:35
The challenge of securing Fintech
• Is the current model for regulation inhibiting free competition and the development of attractive financial services?
• Would a system of certifications and shared security solutions for the financial market increase both security and agility in business development?
• Are there security solutions that would provide even higher levels of security if shared between financial institutions?
Eva Throne-Holst
Information Security Officer, Nordnet Bank
Erik Blomberg
CISO, Handelsbanken
David Doret
IT Risk & Cybersecurity: IAM & PAM Manager, BNP Paribas
Matt Rider
Director of Sales Engineering, International, Rapid7
14:10
Lessons Learned in Networking and Security with Financial Services during and after COVID-19
The pandemic changed our daily lives – how we work and interact. More than ever, we have increased our reliance on the Internet for work, learning and entertainment.
This rapid change has accelerated digital transformation projects across all segments of the financial services industry. In this session, we are going to look at some of the trends that financial services institutions experienced during the pandemic, discuss three lessons learned, and go over some of the ways Cloudflare can help.
Mihaela Risca
Sr. Product Marketing Manager, Cloudflare
14:30
Shifting security left while building a Cloud Native bank
Building a digital bank requires a unique combination of agility and speed while maintaining the highest level of security. Lunar, a digital challenger bank in the Nordics, has always had technology and agility as a differentiator. Lunar was built for the cloud, with Cloud Native principles, such as microservices, containers, and container orchestration amongst others. In this presentation Kasper will present some insights into the principles on which the Lunar infrastructure was built on, the continuous focus on security, and how application security is shifting left and becoming a developer concern. Kasper will discuss the challenges faced and conquered in the process of transitioning from a fintech startup to a bank with its own banking license.
Kasper Nissen
Cloud Architect / Site Reliability Engineer, CNCF
Ambassador, CKA. Cloud Native Geek, Lunar
14:50
Creating impact with cyber security culture transformation
• What does your top management think about this culture transformation?
• Have you achieved concrete benefits?
• What would you do differently if you would start from the beginning?
Teemu Ylhäisi
Chief Information Security Officer (CISO), OP Financial Group
15:00
Summary/Networking Village + (1-1) Meetings
Day 2
08:45
KICK OFF
08:55
Networking Village + (1-1) Meetings
09:40
Security and Privacy Risks in Digital Finance
• Could you please shed some light on pre-COVID and current situation when it comes to Digital Finance and how security and privacy have been impacted?
• What are some of the emerging risks you are seeing in the FinTech / Blockchain / Cryptocurrency space in the past few years?
• How can organizations protect themselves from these emerging technologies? (e.g. implementing Blockchain technology, Cryptocurrency etc)
Jason Lau
CISO, Crypto.com
09:55
Information security challenges in rapidly evolving Baltic fintech/startup environment
• Challenges fintech’s are facing during first years in business
• Financial sector old-timers transformation to adhere to new digital services demand
• Information, IT, cybersecurity workforce market in Baltics
Martynas Savickas
CISO | Head of Information and IT security, SEB Lietuvoje
09:40
Security and Privacy Risks in Digital Finance
• Could you please shed some light on pre-COVID and current situation when it comes to Digital Finance and how security and privacy have been impacted?
• What are some of the emerging risks you are seeing in the FinTech / Blockchain / Cryptocurrency space in the past few years?
• How can organizations protect themselves from these emerging technologies? (e.g. implementing Blockchain technology, Cryptocurrency etc)
Jason Lau
CISO, Crypto.com
EXCLUSIVE: RECOMMENDED TOOLKITS THAT WILL KEEP YOU SECURE IN 2021
10:20
Managed Detection & Response : an army at your service
• How to shift your mindset with the SOC visibility triad?
• How to achieve early detection and rapid response?
Matt Rider
Director of Sales Engineering, International, Rapid7
10:20
Hall B: Combating Fraud with a Hybrid IAM Solution
In 2020 we saw a remarkable acceleration in digital transformation and shift to the cloud across almost every industry which was necessary for business continuity through the pandemic. However, we also saw an increase in fraud in 2020 as nefarious actors took advantage of legacy Identity management solutions that were not equipped to handle this new Hybrid reality.
This session will cover:
• The need for a comprehensive security policy that spans across cloud, on premise and legacy applications
• The essential capabilities and characteristics of a Hybrid Identity and Access Management platform, to combat fraud while enabling digital transformation
• Walk through a typical Hybrid cloud migration and deployment process.
Matt Berzinski
Senior Director, Product Management, ForgeRock
10:40
Hall A: Strengthening your Digital Resilience!
We all go through the Digital Transformation journey at our own pace. The pandemic, however, accelerated the journey for most organizations. Instead of the allotted time in years, it was done in months!
This was an eye-opener for many on how dependent their core business processes are on digital technology in the event of disruption. Digital resilience defines your capabilities for survival and forward evolution, considering that change is the only constant in a fluid, super-connected digital environment.
The question to ask is, are you actively strengthening resilience for both business processes, existing digital infrastructure and new infrastructure? Anticipating and responding to challenges ahead, learning from things that have (almost) gone wrong and evolving your resilience — Digital resilience, therefore, represents a fundamental change in the way we understand how digital technology, risk and opportunity are tied together. More secure does not mean more resilient!
Edwin Weijdema
Global Technologist, Product Strategy, Veeam
10:40
Hall B: Initial Access Brokers - Their Role in Cybercrime
• What do initial access brokers do?
• What do they offer ransomware gangs?
• How do I protect my organisation from them?
Niall MacLeod
Director of Sales Engineering, EMEA and APAC, Digital Shadows
11:00
Hall A: Tackling the New Breed of Risky Insiders
What do a tinker, a tailor, a soldier, a spy, a cat, George Michael, and William Foster have in common? And more importantly, what on earth do they have to do with tackling insider risk? To find the answer to this somewhat bizarre riddle, we clearly need context, which is also vital component to tackling insider risk. As without solid context it is impossible to determine and identify intent.
During this session, Sam Humphries and Richard Cassidy from Exabeam will discuss why the standard practice of focusing purely on security alerts won’t give you anywhere near the full picture, and how context will help you understand and tackle the true risks faced the by your organisation.
Topics we’ll cover:
• Goblet of fire – an example of the importance of context
• Knowing me, knowing your adversaries
• More is more: evolving detection from single to multi-track context
• Making friends and influencing people – insider risk management takes a village
Samantha Humphries
Head of Security Strategy EMEA, Exabeam
Richard Cassidy
Senior Director, Security Strategy EMEA, Exabeam
11:00
Hall B: How to use Cyber Threat Intelligence to measure cyber security risk and protect critical company and consumer data
The presentation will illustrate what cyber threat intelligence is accompanied by an introduction to a use case example where CTI was used to help provide gap analysis and prioritization in the face of a data breach. Intelligence research examples will be used to describe how the challenge was solved and the steps that can be taken (best practices) to uncover a business’s risk and liability in the face of a security threat.
• What is cyber threat intelligence.
• Use case example where CTI was used to help provide gap analysis.
• Intelligence research examples will be used to describe how the challenge was solved.
• Best practices to uncover a business’s risk and liability in the face of a security threat.
Mikael Mörk
Nordics Sales Engineer, Recorded Future
11:00
Hall C: How Security Intelligence Helps the Finance Sector Protect Their Crown Jewels
• How security teams can stay on top of emerging threats in the finance sector
• Insights into TTPs linked to financially motivated threats
• How Recorded Future empowers organisations to defend against threats with operational security intelligence
The finance sector faces more cyberattacks than any other industry, often battling the most sophisticated and modern tactics, while maintaining a handle on legacy threats. With thousands (sometimes millions) of alerts flooding in from our best-in-breed security control technologies, how can we see the wood for the trees and truly understand who, what, and how attackers are breaching our castle’s defences? Our expert analysts have their fingers on the pulse of the largest threats to financial institutions across the globe, from cybercriminal groups creating large-scale attacks, to smaller actors on the dark web. In this presentation, we’ll share insight into how our teams and clients stay on top of emerging threats in their sector, the TTPs linked to these threats, and how Recorded Future empowers organisations to defend against these threats with operational security intelligence.
Christopher Strand
Chief Compliance Officer, IntSights Cyber Intelligence
11:25
"Zen fraud management" with the questions as follows
• What are the biggest challenges for fraud risk professionals?
• How do you become a Zen fraud manager? and then
• Into the future where do you see fraud management going?
Chris Hubbard
FVP – Head of Fraud, Danske Bank
11:40
Networking Village + (1-1) Meetings
EXCLUSIVE: RECOMMENDED TOOLKITS THAT WILL KEEP YOU SECURE IN 2021
13:20
Hall A: Tackling the New Breed of Risky Insiders
What do a tinker, a tailor, a soldier, a spy, a cat, George Michael, and William Foster have in common? And more importantly, what on earth do they have to do with tackling insider risk? To find the answer to this somewhat bizarre riddle, we clearly need context, which is also vital component to tackling insider risk. As without solid context it is impossible to determine and identify intent.
During this session, Sam Humphries and Richard Cassidy from Exabeam will discuss why the standard practice of focusing purely on security alerts won’t give you anywhere near the full picture, and how context will help you understand and tackle the true risks faced the by your organisation.
Topics we’ll cover:
• Goblet of fire – an example of the importance of context
• Knowing me, knowing your adversaries
• More is more: evolving detection from single to multi-track context
• Making friends and influencing people – insider risk management takes a village
Samantha Humphries
Head of Security Strategy EMEA, Exabeam
Richard Cassidy
Senior Director, Security Strategy EMEA, Exabeam
13:20
Hall B: How to use Cyber Threat Intelligence to measure cyber security risk and protect critical company and consumer data
The presentation will illustrate what cyber threat intelligence is accompanied by an introduction to a use case example where CTI was used to help provide gap analysis and prioritization in the face of a data breach. Intelligence research examples will be used to describe how the challenge was solved and the steps that can be taken (best practices) to uncover a business’s risk and liability in the face of a security threat.
• What is cyber threat intelligence.
• Use case example where CTI was used to help provide gap analysis.
• Intelligence research examples will be used to describe how the challenge was solved.
• Best practices to uncover a business’s risk and liability in the face of a security threat.
Mikael Mörk
Nordics Sales Engineer, Recorded Future
13:40
Hall A: How Security Intelligence Helps the Finance Sector Protect Their Crown Jewels
• How security teams can stay on top of emerging threats in the finance sector
• Insights into TTPs linked to financially motivated threats
• How Recorded Future empowers organisations to defend against threats with operational security intelligence
The finance sector faces more cyberattacks than any other industry, often battling the most sophisticated and modern tactics, while maintaining a handle on legacy threats. With thousands (sometimes millions) of alerts flooding in from our best-in-breed security control technologies, how can we see the wood for the trees and truly understand who, what, and how attackers are breaching our castle’s defences? Our expert analysts have their fingers on the pulse of the largest threats to financial institutions across the globe, from cybercriminal groups creating large-scale attacks, to smaller actors on the dark web. In this presentation, we’ll share insight into how our teams and clients stay on top of emerging threats in their sector, the TTPs linked to these threats, and how Recorded Future empowers organisations to defend against these threats with operational security intelligence.
Christopher Strand
Chief Compliance Officer, IntSights Cyber Intelligence
13:40
Hall B: Managed Detection & Response : an army at your service
• How to shift your mindset with the SOC visibility triad?
• How to achieve early detection and rapid response?
Matt Rider
Director of Sales Engineering, International, Rapid7
14:00
Hall A: Strengthening your Digital Resilience!
We all go through the Digital Transformation journey at our own pace. The pandemic, however, accelerated the journey for most organizations. Instead of the allotted time in years, it was done in months!
This was an eye-opener for many on how dependent their core business processes are on digital technology in the event of disruption. Digital resilience defines your capabilities for survival and forward evolution, considering that change is the only constant in a fluid, super-connected digital environment.
The question to ask is, are you actively strengthening resilience for both business processes, existing digital infrastructure and new infrastructure? Anticipating and responding to challenges ahead, learning from things that have (almost) gone wrong and evolving your resilience — Digital resilience, therefore, represents a fundamental change in the way we understand how digital technology, risk and opportunity are tied together. More secure does not mean more resilient!
Edwin Weijdema
Global Technologist, Product Strategy, Veeam
14:00
Hall B: Combating Fraud with a Hybrid IAM Solution
In 2020 we saw a remarkable acceleration in digital transformation and shift to the cloud across almost every industry which was necessary for business continuity through the pandemic. However, we also saw an increase in fraud in 2020 as nefarious actors took advantage of legacy Identity management solutions that were not equipped to handle this new Hybrid reality.
This session will cover:
• The need for a comprehensive security policy that spans across cloud, on premise and legacy applications
• The essential capabilities and characteristics of a Hybrid Identity and Access Management platform, to combat fraud while enabling digital transformation
• Walk through a typical Hybrid cloud migration and deployment process.
Matt Berzinski
Senior Director, Product Management, ForgeRock
14:00
Hall C: Initial Access Brokers - Their Role in Cybercrime
• What do initial access brokers do?
• What do they offer ransomware gangs?
• How do I protect my organisation from them?