IT Security Insights 2024 HYBRID

Key takeaways:

• How can you work strategically to reduce security risks? 
• In addition to the threats that all organizations face, source protection poses major challenges to media companies - what demands does it place on the organization and on the security products? 
• How can organizations effectively collaborate and integrate their physical, personnel and cyber security strategies to protect against different types of security threats and what are the most common challenges in such integration?

Generative AI is a powerful new technology with the potential to both improve and degrade our cybersecurity posture. It can be used to generate synthetic data for training and testing cybersecurity systems, identify weaknesses in cybersecurity systems, and automate cybersecurity tasks. However, it can also be used to create new and more sophisticated cyberattacks, automate cyberattacks, and create deepfakes that could be used to spread misinformation and propaganda. In this presentation, we will share real-world uses cases on how generative AI and associated tools can be used by organisations of different form and shape to defend themselves against evolving cyber threats, but also for businesses to be aware of the shortfalls of such technologies when it comes to cyber defence.

Key takeaways:

• How can generative AI be used to defend against evolving cybersecurity threats?
• What are some examples of generative AI-powered cybersecurity solutions?
• What are the potential risks and concerns of using generative AI for cybersecurity?

It is estimated globally that a business fall victim to ransomware every 40 seconds on average, and surveys show that IT-staff and managers feel increasingly alone in their struggle to prevent that from affecting their organization. With a cybersecurity market filled with over 11 000 products and solutions according to recent estimations, it is not surprising that we feel increasingly overwhelmed. In this presentation we will discuss what we have seen working on the frontlines supporting organizations during critical incidents, what security strategies work best, how can organizations best prepare for the worst, and what does it truly mean to be incident ready?

The cybersecurity workforce gap has increased, and the shortage is predicted to be a growing problem well into 2025. Companies need to search for strategies to build effective cybersecurity teams as well as to retain employees and help them to grow. Attracting a diverse workforce and providing learning plans and more upskilling opportunities are some of these strategies. By doing so, a positive culture and mindset are promoted, which supports business continuity and strengthens cyber defences. 

Key takeaways:

• Is there a shortage of cyber security professionals, why?
• Succeeding with a diverse security workforce
• Security is a critical skill for all workforce, to ensure our workforce, culture, and ways of working enable a secured delivery of products and services to the customers, and for protecting the company assets.
• The security skill learning plans should be continuously evolving, and more upskilling opportunities should be added over time. Different skill levels and different formats of training.

The Purposeful Advisory Wrangling using LLMs, or PAWL Patrol Framework, is a self-buildable solution for businesses to integrate Gen AI and Retrieval Augmented Generation in their cybersecurity defenses. This session offers an introduction to Gen AI for cybersecurity defense, highlighting its practical applications through diverse use cases.

Key takeawys:

• What are the technical intricacies behind integrating Large Language Models into cybersecurity tools?
• How can businesses tap into a Slack API for integration to transform daily communications into threat monitoring channels with Gen AI?
• How does this Gen AI framework provide dynamic advisories on emerging threats, especially considering geopolitical situations?
• How does integrating a company's policy library streamline the intricate compliance landscape, ensuring adherence to evolving regulations?
• What strategies does Retrieval Augmented Generation employ to discern email authenticity, reducing the impact of sophisticated phishing campaigns?
• How does can developers identify insecure code with PAWL Patrol to elevate code security and foster proactive defense strategies?

Breakout sessions give you an opportunity to be updated on are variety of technology solutions that will be showcased during the conference. Join 1 of the 3 sessions of your own choice ready with pertinent questions on the topic to be discussed. Breakout sessions last for 30 Minutes and are open to all participants.

In a delicate balance between software security and innovation at the speed your business demands, how do you keep pace? With cyberattacks set to cost the economy $10.5 trillion by 2025 and Hackers continually looking for new areas to exploit, the security of your entire software supply chain is critical. However, the resilience of your software is only as robust as its weakest link. 

Key takeaways:

In this session, delve into the evolving landscape of cybersecurity, from imminent regulations to the current state of SBOM practices. Navigating new vulnerabilities, knowing what is in your code and balancing the priorities of development teams with the imperative of security can be daunting. But fear not, there are solutions. Join our security experts to find out more.

Key takeaways:

• Are You Prepared for the True AD Disaster? 
• Why protecting Identities is so Important. 
• Disaster Recovery success relies on meticulous planning, especially for crucial components like Microsoft AD. Identify triggering events, accelerate with strategic planning, and enhance with backups and communication protocols. 
• Regular testing and adaptability ensure a resilient IT system

Digital sovereignty is becoming more and more important in relation to our modern society! There is an ever-increasing focus on ownership of data, regardless of where it is located and who has access and how they get access. It will be about being in control, rather than just having trust in your supplier. In this session we will look at what regulations say and how a Data Security Platform can help us achieve control and abide by regulation – now and going forward.

Key takeaways:

• Are you in control of the individual's sovereignty?
• Are you in control in relation to Geopolitical sovereignty?
• Are you in control in relation to your Organizational sovereignty?

Round Table Discussions are designed to give event participants an opportunity to exchange ideas and experiences on some of the hot topics in the security market place in a more intimate setting. The discussions will last for 40 minutes after which the delegates with swap tables to a new table of their own choice for further discussions lasting another 40 minutes. Discussions are open to all participants at the conference.

Key takeaways:

• Procurement and contracts
• Biggest issues today, changes
• Technical challenges MS365 such as encryption

Privacy-by-design, one of the principles of the EU GDPR, is a concept for embedding privacy and data protection into products from the design phase rather than retroactively. It is meant to be a proactive measure to risk management where privacy related risks, both to data subjects and to companies, are anticipated beforehand and prevention mechanisms are built-in from the beginning. Privacy-by-Design is often talked about in terms of what it is rather than how it could be implemented and this makes it challenging to companies to adopt. In this session, we will be discussing privacy-by-design from a practical perspective and we will be sharing some of our experiences in building privacy in our products and processes from the ground-up.

Key Takeaways:

• What challenges are there with implementing privacy-by-design?
• Should privacy-by-design be an end goal or a way of living/working?
• What tools or mechanisms could be utilized to achieve privacy-by-design?

Key takeaways:

• Who will be subject to the NIS2-directive and the coming Swedish national legislation (article 2 and 3 in the directive)?
• What kind of security requests will apply and how shall they be fulfilled (article 21.2 in the directive)
• How will NIS2 correspond with EU cyber security act?

Key takeaways:

"What role does artificial intelligence play in industrial cyber security (OT)? In this roundtable discussion, we delve into the topics of AI-enabled defense mechanisms, attack tools and vectors, AI regulatory support and challanges, and how government agencies can best help."

Key takeaways:

• Automation in SOC
• Integrity
• Sustainability Social

The digitization of society continues at a rapid pace, but security issues often end up in the shadows. The gap between new functionality and security is widening, creating major risks. At the same time, Sweden is in second place in the world in terms of innovativeness. How can we use this innovative ability to create a more secure Sweden?

A successful AppSec program is vital to a successful online business. However, getting AppSec right is hard. It requires not just your own team, but also buy-in and active participation from across the organization – especially developers. If you're turning your attention to ramping up your AppSec, you need to make sure it fits your business and is successful. The real question then is: where do you start? How can your team quickly make an impact, and where should you go from there? At Checkmarx, we help organizations answer this question for themselves every day. 

Key takeaways:

Join us for this session and learn about how your industry peers think about AppSec, and how to lead your team to jumpstart your own AppSec program, no matter what stage of development you might be in.

Traditional methods for one-off and manual certification are not scalable to millions of heterogeneous IoT devices. This is particularly important when regular software updates are necessary, which may break the certificate seal. It is therefore inevitable that automated, lightweight, and cost-effective initial- and re- certification techniques should be available for modern IoT devices. This talk will present such an automated re-certification solution for IoT and its integration with state-of-the-art standardized security solutions for IoT devices.

Key takeaways:

• What is the current state of IoT security?
• How can we be able to update billions of IoT and at the same time keeping them certified?

The top 5 cybercrime trends in 2023 and explaining which psychological factors play a particularly important role in cyber-attacks. The interface between humans and machines remains the number one entry point – more than 85 percent of all attacks start with the human factor. We will detail some innovative approaches to fighting these sophisticated and manipulative types of cybercrimes, as organizations now face an innovative dark economy where cybercrime-as-a-service is the common business model. Tactics are evolving almost by the minute and attackers do not hesitate to use psychological tactics to manipulate our minds.

 Key takeaways:

• Join our expert panel as we examine the impact of AI on today's and the future IT Security Practices