PROTECTING THE VALUE CHAIN
OF SOCIETY
7th November 2017
2016 was the most critical year for Cyber Security so far – and 2017 will prove no less. Looking ahead to 2018; IT infrastructure is undeniably strained by an increasingly mobile workforce that demands always-on access to corporate resources, and the continued adoption of SaaS to name a few challenges in the new landscape.
Despite shrinking data centers, the growing complexity of expanding amount of distributed applications and data creates weaknesses used by attackers with record effectiveness. The urgent need, proven by recent successful attacks, to have a modern infrastructure in place, business strategy and contingency plans is making us aim for change. Fast.
The new world of IT security is a world we have not been part of before. Hybrid infrastructures, mobile workforces, data protection regulations, IoT, and disinformation are things tht are rapidly setting their footprint on how the security landscape is shaped today.
Nordic It Security is the key meeting place for this brave new IT security world
Our dynamic summit and exhibition bring together the converging worlds of IT, Cybersecurity and Information security line events where pioneers and leaders develop partnerships in a creative collision of the best industry minds. Combining our history with our passion, we are committed to bringing you the most business-critical event in the market change, and your business is changing. So, we are changing.
AN EVENT FOR THE BRAVE NEW WORLD OF IT-SECURITY – WELCOME TO NORDIC IT SECURITY 2017
- Expo Stage
- Room 1
- Room 2
- Room 3
- Room 4
Expo Stage
09.00
Official Opening of conference and Opening Keynote
11.30
MIND LEADER HUBS by Darktrace, Bomgar, Fortconsult
3*20 minutes
11.30 – 11.50
MINDLEADER HUB 1
The Enterprise Immune System: Using Machine Learning for Next-Generation Cyber Defense
From insiders to sophisticated external attackers, the reality of cyber security today is that the threat is already inside. A fundamentally
new approach to cyber defense is needed to detect and investigate these threats that are already inside the network – before they turn
into a full-blown crisis.
Based on unsupervised machine learning and probabilistic mathematics developed by specialists from the University of
Cambridge, new ‘immune system’ technologies are capable of learning the ‘self’ of an organization. By analyzing every network,
device, and user, and modeling them as they go about their day-to-day activity, the Enterprise Immune System can establish a
highly accurate understanding of normal behavior. It can therefore spot abnormal activity as it emerges, and even take precise,
measured actions to automatically curb the threat.
Rules and signatures are not keeping pace with today’s rapidly evolving cyber attacks. The Enterprise Immune System represents
a fundamental step-change in automated cyber defense, is relied upon by organizations around the world, and can
cover up to millions of devices.
In this session, learn:
• How new machine learning and mathematics are automating advanced cyber defense
• Why 100% network visibility allows you to detect threats as they happen, or before they happen
• How smart prioritization and visualization of threats allows for better resource allocation and lower risk
• Real-world examples of unknown threats detected by ‘immune system’ technology
Dave Palmer
Darktrace
11.30 – 11.50
MINDLEADER HUB 2
Bypassing Biometric Authentication
Biometric authentication is becoming more and more popular. Fingerprint and/or facial recognition is more or less standard in high-end mobile devices, while retinal scanners are used in high security environments. Attack scenarios where fingerprint scanners are bypassed using moulds and 3D printers have already been proven. However, these attacks are not practical and therefore unlikely to be used in real life scenarios. Similarly, facial recognition has been successfully bypassed with the help of pictures in the past – a technique that no longer works on recent facial recognition devices, but leaves food for thought nevertheless. This session will not only focus on bypassing biometric authentication, but will look at doing so practically – in a manner that would be efficient in a real-life scenario. Are these attacks actually able to put end-user and/or corporate devices at risk? You can
• Always change a compromised password, but it is a lot harder to change your finger or face!
• Biometric authentication is not unhackable
• Vendors have to address IT security in biometric authentication
Neal Hindocha
Regional Manager – Sweden, Fortconsult A/S
14.20
PANEL: Democracy Disrupted – Media’s role in an era of disinformation
Jan Helin
Program director, Sveriges Television
Linus Larsson
Tech editor, Dagens Nyheter
Eva Burman
Editor-in-chief, Eskilstuna-Kuriren
Henrik Tilly
Head of operations, Schibsted
Thomas Mattsson
Editor in chief, Expressen
16.00
After work bar opens
16.15
Closing Keynote
17.30
Conference ends
Room 1
09.50
Privileged Access – Is it time for a cyber-based and not a compliance approach
Privileged Access is a re-occurring theme in Compliance Regulations and therefore regularly targeted by both internal and external auditors. Organizations frequently tackle such challenges tactically and do not address the active and real risk of Privilege abuse to the business.Cyber-attacks have reached a level of sophistication that allows attackers to potentially evade existing security controls and access privileged credentials. To mitigate the risks, many organizations now proactively shore up privileged access controls. There is much to learn from these organizations.
• Compliance Approach
• Risk Approach
• Organisations = Risk Approach
Andreas Nordenadler
Regional Manager, Sweden & Norway, Cyberark
10.20
Session by Raul Rikk
10.50
Security is Everywhere
In this session, learn about Synopsys’ initiatives and how you can directly and meaningfully help enhance cyber risk standards and programs.
Michael White
Director Solution Strategy, Synopsys Software Integrity Group, Synopsys
12.40
PKI for battery-powered IoT
Asymmetric cryptography has long been considered infeasible for resource-constrained devices. However, since the new IoT devices are equipped with sufficient RAM, flash, a standard 32-bit CPU and crypto hardware it is possible to run certificate- based security in such devices. Also, the lack of a user interface and unattended deployments hinder relying on traditional methods of initial authentication using a username and a password (which also becomes a weakest link in security). Therefore, an automated key management solution that also supports PKI is inevitable for IoT. A number of PKI providers offer or claim PKI solutions for IoT. However, none of them covers long-life battery-powered or energy-harvesting devices, without breaking end-to-end security. This talk will present PKI building blocks for these extremely resource-constrained IoT devices, present implementation and evaluation of these solutions in state-of-the-art IoT hardware, and provide the performance benchmarks.
Shahid Raza
Director of Security Lab @ RISE SICS, RISE SICS, Stockholm
13.10
The Dangers of the Dark Web
Christian Lees will discuss the inner workings of the Dark Web. How cyber criminals and cyber gangs infiltrate organizations and exfiltrate data. The Dark Web is a closed community where cybercriminals can share information, attack vectors and buy and sell stolen data containing PII. Infiltrating the Dark Web requires a high level of expertise and years of trust with threat actors. True threat intelligence should be derived from operatively-sourced threat intelligence using HUMINT. Many organizations struggle in gaining the upper-hand by gaining pre-emptive threat intelligence to combat targeted malicious activity and overall threats.
Christian Lees
CISO, InfoArmor
13.40
Whistleblow – Secure or just complicated?
• What are the options out there?
• Will the end user manage to use it?
• What are the new demands on our journalists?
Our media companies need to meet tomorrows sources, with a modern and secure solution. How can we provide this service to our readers, without the need for them to have deep technical skills, but still be able to guarantee source protection?
Henrik Tilly
Director of Operations, Schibsted Enterprise Technology
15.00
Fraud Analytics in Insurance
In this talk I will explain how If P&C have utilized graphs and analytics in order to find more fraud cases and stop advanced types of fraud. Strategies from fraudsters evolve rapidly and it is necessary to equip sophisticated but agile fraud detection and prevention systems. They have to detect elements such as synthetic identities acting as capital vehicles, fraud rings or money laundering structures. With graphs we are now able to leverage connections and act fast to prevent fraud in the first place. This gives if P&C new means to fight and detect fraud more easily.
Kalle Lindblad
Head of Fraud Analytics, IF P&C
15.30
Human Rights & IT Security: How Digital Solutions Save Lives
The Human Rights Innovation Initiative was founded by Civil Rights Defenders to support Human Rights Defenders. Our partners, these Human Rights Defenders, are brave so that you don’t have to be. We employ our Defender-Centric approach to improve their security and impact, so that they can fight for improved human rights in their context, for their community. In a world with mass surveillance, the chances of unlawful or arbitrary arrests and disappearances increase. In a world where governments demonise and hunt whistleblowers transparency and accountability is challenged. With the journalistic business model in disarray and filter bubbles, even the very access to information is problematic. As such the work of Human Rights Defenders is as important today as ever. Internet and communication technologies underpin the work of many Human Rights Defenders while simultaneously, being an avenue for attacks against them.
Mathias Antonsson
Innovation, Civil Rights Defenders