Seminar Conduct and Protocol Nicholas Witchell, for Payments UK. Welcome Maurice Cleaves, Payments UK

Transcription

1 DAY TWO WEDNESDAY 28 OCTOBER (MORNING SESSION) AGENDA DAY ONE TUESDAY 27 OCTOBER 8.00 Event Registration 8.50 Seminar Conduct and Protocol Nicholas Witchell, for Payments UK All briefings and comments made within the presentation hall are delivered in accordance and requirement for strict adherence to 2002 revised Chatham House rule. Notably: participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed There will be no external media presence within the presentation hall. All event interviews will be conducted in the networking area or exhibitor village, by mutual consent only. Welcome Maurice Cleaves, Payments UK The Payments UK Chief Executive will welcome delegates to the event and provide an overview of the role and remit of Payments UK Keynote: Ducks, Rabbits & Mr Men Craig Rice, Payments UK In the tradition of this event, of offering analysis and assessment rather than narrative, the Director of Security for Payments UK will offer a view of: Key trend analysis within cyber security for banking and payments Outline Payments UK s contribution to tackling the challenges rather than simply admiring the problem Consider some of the strategic issues and corresponding capabilities that may become evident in the near and medium term Spotlight: Financial Fraud Action UK Katy Worobec, FFA UK The Director of Financial Fraud Action UK (FFA UK) will provide an overview of: The role and operations of the newly incorporated FFA UK within the banking and payments ecosystem Future strategy and capability development Key relationships with governance and law enforcement Presentation: Shining Light Into Dark Places Leigh Chase, IBM The Competency Leader for Security Intelligence at IBM Security UK & Ireland, will share his insights on how IBM takes on Security Intelligence at scale and some of the major problems faced as an intelligence-processing organisation. These include data volume, techniques for reduction, the role of analytic technologies and an approach to event correlation in complex data sets. With the increase in the availability, acquisition and deployment of crime-packs and related malicious software, we need to better understand how these suites share and proliferate techniques using hidden services and Dark Web networks. This session will show how this is a very active area of investigation across IBM and Leigh Chase will introduce techniques applied, from research through to production and deployment.

2 DAY ONE TWO TUESDAY WEDNESDAY 27 OCTOBER 28 OCTOBER (MORNING SESSION) Spotlight : Finance Strategy Co-ordination Group Phil Westgarth, VocaLink The Chair of Finance Strategy Co-ordination Group will explain how the Bank of England have initiated a review of the information sharing landscape across the Financial Sector through their creation of the Cyber Co-ordination Group to assist with the cohesion of the multitude of organically grown information sharing bodies that currently exist Break & Networking Presentation: Cyber Resilience People, Process and Technology George Quigley, KPMG The Partner, in KPMG s Financial Services Cyber Security business will explain how cyber risk changes the way that financial services organisations need to consider cyber. This session will cover relevant aspects of cyber resilience, including how firms should interpret and respond to the latest guidance being provided by the Bank of England Spotlight: Financial Services Information Exchange Dr David Aubrey-Jones Information exchanges have been established to promote the cascade of knowledge and key lessons identified in all Tier 1 sectors in UK industry and commerce. This spotlight presentation will outline the work of the Financial Services Information Exchange Panel: Convergence A panel including Iain Swaine (Ensequrity); Leigh Chase (IBM) and Alex Grant (Barclays) will consider: What are the areas of synergy between Fraud and Cyber Security? What can they learn from each other? How can they be combined to develop a more effective team? Spotlight: Centre for the Protection of National Infrastructure CPNI will outline the support and services they provide to industry and commerce. The briefing will also consider their perspective of cyber threat to financial services in the UK Lunch & Networking

3 DAY ONE TWO TUESDAY WEDNESDAY 27 OCTOBER 28 OCTOBER (MORNING SESSION) Presentation: The World after Slavik - How Others have Improved on the Business Club s Tricks Maurits Lucas, Fox-IT The Business Manager for intell, the Cyber Intelligence team at FoxIT will explore how Slavik and his Business Club have changed the ecrime world. Criminals have discovered new crime ware tools, while former Business Club affiliates have created their own. This session will outline how the threat landscape has evolved and how the criminals have changed their business models Spotlight: Cyber Defence Alliance David Sheridan, Santander The Cyber Defence Alliance has been billed as a NATO of banks who have pooled resources and made a commitment for greater integration with law enforcement. These efforts are designed to provide participants with greater shared situational awareness of cyber threats than could be achieved by any bank on their own. This spotlight presentation will highlight what has been achieved thus far and what ambitions lay ahead for this innovative concept capability demonstrator Presentation: Utilising Behaviour Analytics for Combating Cyber Fraud Boaz Krelbaum, Bottomline Technologies The General Manager of Cyber Fraud & Risk Management and Bottomline Technologies will explain how Fraud exists across payment types. Explore how payment compromise can occur at different points in the various payment processes, by external criminals, by internal employees or by external criminals posing as employees. This session will present a comprehensive approach which includes user behaviour analytics to mitigate the risk and become prepared to the unknown Spotlight: Cyber Attack against Payment Processes Ralph Smith, FS-ISAC Financial Services Information Sharing and Analysis Centre (FS ISAC) has over a decade of experience running Cyber Defence Exercises (CDXs), for financial organisations in the US and Canada. This September, in conjunction with Payments UK, it delivered the first European focussed iteration of its long running Cyber Attack against Payment Processes exercise. This spotlight session will outline how the CDX was delivered and what initial lessons identified have been derived from it Break & Networking Presentation: There s a RAT in your Browser - when Fraud and Cyber Converge Uri Rivner, BioCatch The Head of Cyber Strategy at BioCatch will present how over the last five years, there has been an increase of state-sponsored attacks focused on theft of intellectual property across globe. The common thread in these attacks; the use of RATs (Remote Administration Tools). In most Advanced Persistent Threats, the initial compromise happens when an employee has been socially engineered to open a file that included a zero-day attack or has clicked on a link that has led to an infection point. A RAT is downloaded onto their computer, allowing full remote access into the device, which is already connected to the network. This session will present how the same methodology is now being used by cybercriminals to conduct online banking fraud.

4 DAY TWO ONE TUESDAY WEDNESDAY 27 OCTOBER 28 OCTOBER (MORNING SESSION) Panel: Cyber Resilience A panel including George Quigley (KPMG); Mick Paisley (VocaLink); and Chris Gibson (CERT-UK) will consider: What does cyber resilience mean to individual institutions and the eco-system? What new ways and means will need to be implemented to achieve this? What wider engagement and liaison in the banking and payments eco-system is necessary to achieve this in hardware, software and operating systems? Wrap Up Craig Rice, Payments UK Seminar Summary covering salient points and key conclusions Prize Draw Nicholas Witchell The Seminar Chair will conduct the Prize Draw and close the formal proceedings Networking Drinks Register Visit the Payments UK website to register your attendance for the 2015 Cyber Security and Fraud Seminar. REGISTER >>

5 DAY TWO WEDNESDAY 28 OCTOBER (MORNING SESSION) 8.00 Event Registration for Morning Briefings 8.50 Seminar Conduct and Protocol Nicholas Witchell, for Payments UK All briefings and comments made within the presentation hall are delivered in accordance and requirement for strict adherence to 2002 revised Chatham House rule. Notably: participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed There will be no external media presence within the presentation hall. All event interviews will be conducted in the networking area or exhibitor village, by mutual consent only. Welcome Maurice Cleaves, Payments UK The Payments UK CEO will welcome delegates to the event and provide an overview of the role and remit of Payments UK Keynote: Babelfish & Acronym Spaghetti Craig Rice, Payments UK The Payments UK Director of Security will offer some accessible models and concepts that help cut through the jargon and make sense of a complex threat environment Spotlight: Financial Fraud Action UK Katy Worobec, FFA UK The Director of Financial Fraud Action UK (FFA UK) will provide an overview of: The role and operations of the newly incorporated FFA UK within the banking and payments ecosystem Future strategy and capability development Key relationships with governance and law enforcement Presentation Changing Landscapes Emerging Challenges Mark Waghorne, KPMG The Head of I-4 ( in KPMG s Cyber Security business will explore whether we are beginning to see signs of shifts in the cyber security threat landscape as organised crime look for new routes to financial advantage. Have we been successful in raising the cost of doing business for those criminals? This session will explore whether this really reduced our risk and just what might these shifts mean for us as security and fraud control professionals in the coming years Presentation: Learning from Others Cyber Mistakes Alexander Forbes, IBM The Security Consultant, EMEA ERS Team Leader and Malware Analyst at IBM will share his experience in dealing with real cyber attacks and actual security tests and what you can learn from the misfortune and mistakes of others. This will assist you in putting in place solutions to help avoid similar situations in your own organisation. This session will discuss social-engineering, hacking, malware (including Advanced Persistent Threats) and the Dark Web!

6 DAY TWO WEDNESDAY 28 OCTOBER (MORNING SESSION) Break & Networking Presentation: The Evolution of the Criminal Business Models forces a Paradigm Shift Maurits Lucas, Fox-IT The Business Manager for intell, the Cyber Intelligence team at FoxIT will discuss how criminal business models have evolved and how traditional mitigation models have difficulty with the manual processes of criminal operators. This session will outline how contextual feeds can form a first line of defence, while real-time event analytics provides the power to detect banking malware such as Dyre & Dridex Presentation: Behaviour - A New Domain in Cyber Resilience Uri Rivner, BioCatch The Head of Cyber Strategy at BioCatch will explore how advanced state-sponsored attacks and financially motivated cybercrime has located the weakest link: people and compromised access credentials. This is why the introduction of a new domain in security, the Behavioural Domain, is timely. In this case study, we ll see how global online and mobile banking users behave, and what happens when fraudsters enter their account. We ll see how different people behave differently, but also consistently, so a baseline of their regular behaviour, preferences, habits and choices can be determined. We ll also identify non-human behaviour and remotely controlled behaviour. This session will also explore what happens when someone opens a new account, and see the behavioural difference between honest, legitimate applicants and professional criminals Presentation: Perimeter Security is not Enough - Monitoring Insider Behaviour to catch Intruders Boaz Krelbaum, Bottomline Technologies The General Manager of Cyber Fraud & Risk Management at Bottomline Technologies will discuss how cybercrime is rising at an alarming rate. In the 2014 Cost of Cyber Crime study by Ponemon Institute, 56 U.S. companies reported an average of $12.7 million in losses due to cybercrime, an increase of over 9% from the previous year. Last February, Kaspersky revealed that an international criminal syndicate was able to successfully impersonate bank officers at over 100 banks around the world to net as much as $900 million in stolen funds. While many organisations today maintain a perimeter-centric defence strategy for protecting their most valuable assets, evidently this approach is not good enough. This session will present a method for preventing intrusions by monitoring, profiling and analysing employee user behaviour Spotlight: A View from Threadneedle Street William Brandon, Bank of England The Chief Information Security Officer of the Bank of England will provide an overview of the Bank s perspective on the cyber threat spectrum and the cyber security initiatives that have been introduced to contend with the new threat vectors and actors emerging against Financial Services in the UK Lunch & Networking

7 DAY TWO WEDNESDAY 28 OCTOBER (AFTERNOON (MORNING SESSION) Registration for Afternoon Briefings, Exhibition, Lunch and Networking Seminar Conduct and Protocol Nicholas Witchell, for Payments UK All briefings and comments made within the presentation hall are delivered in accordance and requirement for strict adherence to 2002 revised Chatham House rule. Notably: participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed There will be no external media presence within the presentation hall. All event interviews will be conducted in the networking area or exhibitor village, by mutual consent only. Welcome Maurice Cleaves, Payments UK The Payments UK CEO will welcome delegates to the event and provide an overview of the role and remit of Payments UK Keynote: Babelfish & Acronym Spaghetti Craig Rice, Payments UK The Payments UK Director of Security will offer some accessible models and concepts that help cut through the jargon and make sense of a complex threat environment Spotlight: A View from Threadneedle Street Will Brandon, Bank of England The Chief Information Security Officer of the Bank of England will provide an overview of the Bank s perspective on the cyber threat spectrum and the cyber security initiatives that have been introduced to contend with the new threat vectors and actors emerging against Financial Services in the UK Presentation Changing Landscapes Emerging Challenges Mark Waghorne, KPMG The Head of I-4 ( in KPMG s Cyber Security business will explore whether we are beginning to see signs of shifts in the cyber security threat landscape as organised crime look for new routes to financial advantage. Have we been successful in raising the cost of doing business for those criminals? This session will explore whether this really reduced our risk and just what might these shifts mean for us as security and fraud control professionals in the coming years Presentation: Learning from Others Cyber Mistakes Alexander Forbes, IBM The Security Consultant, EMEA ERS Team Leader and Malware Analyst at IBM will share his experience in dealing with real cyber attacks and actual security tests and what you can learn from the misfortune and mistakes of others. This will assist you in putting in place solutions to help avoid similar situations in your own organisation. This session will discuss social-engineering, hacking, malware (including Advanced Persistent Threats) and the Dark Web!

8 DAY TWO WEDNESDAY 28 OCTOBER (AFTERNOON (MORNING SESSION) Spotlight: Financial Fraud Action UK Katy Worobec, FFA UK The Director of Financial Fraud Action UK (FFA UK) will provide an overview of: The role and operations of the newly incorporated FFA UK within the banking and payments ecosystem Future strategy and capability development Key relationships with governance and law enforcement Break & Networking Presentation: The Evolution of the Criminal Business Models forces a Paradigm Shift Maurits Lucas, Fox-IT The Business Manager for intell, the Cyber Intelligence team at FoxIT will discuss that criminal business models have evolved and traditional mitigation models have difficulty with the manual processes of criminal operators. This session will outline how contextual feeds can form a first line of defence, while real-time event analytics provides the power to detect banking malware such as Dyre & Dridex Presentation: Behaviour - A New Domain in Cyber Resilience Uri Rivner, BioCatch The Head of Cyber Strategy at BioCatch will explore how advanced state-sponsored attacks and financially motivated cybercrime has located the weakest link: people and compromised access credentials. This is why the introduction of a new domain in security, the Behavioural Domain, is timely. In this case study, we ll see how global online and mobile banking users behave, and what happens when fraudsters enter their account. We ll see how different people behave differently, but also consistently, so a baseline of their regular behaviour, preferences, habits and choices can be determined. We ll also identify non-human behaviour and remotely controlled behaviour. This session will also explore what happens when someone opens a new account, and see the behavioural difference between honest, legitimate applicants and professional criminals Presentation: Reducing Payment Fraud Risks Taking the Holistic Approach Boaz Krelbaum, Bottomline Technologies The General Manager of Cyber Fraud & Risk Management at Bottomline Technologies will discuss how managing payments, fraud and security risks remain a top priority for companies of all sizes. According to the 2015 Association for Financial Professionals Payments Fraud and Control Survey, 62% of companies were targets of payments fraud in As fraudsters are becoming better organised and more sophisticated in manipulating various payment channels, silo solutions for detecting fraud are no longer effective. This session will present the holistic approach that organisations must take today for handling payment fraud risks effectively Networking Drinks Register Visit the Payments UK website to register your attendance for the 2015 Cyber Security and Fraud Seminar. REGISTER >>