Agenda

Arrival & registration
Chair:

Dr Jabu Mtsweni, research group leader for cyber defence, Council for Industrial and Scientific Research (CSIR) Dr Jabu Mtsweni, research group leader for cyber defence, Council for Industrial and Scientific Research (CSIR)

Future Wars: Cyber Risk and Financial Security

Chris Hamilton, CEO, BankservAfrica Chris Hamilton, CEO, BankservAfrica

If anyone needed education on our collective exposure to cybercrime in financial services, recent high profile incidents have issued a timely reminder. No one is exempt. It is challenging enough for financial service providers to protect themselves, but the problem is much bigger than that. Entire value chains and industry segments are at risk from attacks designed to undermine the stability of the system. The stakes are high: in extreme cases we risk catastrophic loss of customer confidence and regulatory intervention that makes existing business untenable.

Key questions to consider in this context are:

  • Are institutional responses to cybercrime taking into account the stability of the entire financial system as a criterion for risk mitigation?
  • "Defence in depth" at a system level means that each member institution has a contribution to make for mutual benefit, but how effective is current collaboration?
  • What about our ability to work with other critical players – law enforcement and telecommunications infrastructure providers?
  • What possible industry wide responses should be considered to mitigate cyber-risks to financial stability?
IBM Presentation

Kevin McKerr, senior sales specialist, IBMKevin McKerr , senior sales specialist, IBM

The human shield - experience and challenges of security awareness programs in a federated environment

Anna Collard, CEO, founder and manager, Popcorn Training Anna Collard, founder and manager, Popcorn Training

Addressing the human element is a necessary component of today's security programs and not an easy task. Trying to centrally co-ordinate Sanlam Group's multi-federated environment with different company cultures, communication vehicles and brands adds to the complexity. This talk covers our security awareness objectives, achievements and failures.

  • 3 year learnings from centrally co-ordinating security awareness initiatives across the Sanlam Group
  • Measurement & metrics for security awareness programs
  • Some best practices when trying to change human behaviour - and what not to do
Networking and Refreshments
Securely designing systems with people in mind

Willie Strydom, IT security problem solver, FNBWillie Strydom, IT security problem solver, FNB

In this talk you will get a fresh view of the people side of Information Security, people being the users, designers and customers of your Information Technology systems. The people who make IT work. Designing systems securely is much more than the security we bolt on, or put into systems. In this talk you will gain insight and ideas how to win the fight (of Information Security) before the fight has even started. I like those odds, let's talk!

Targeted Attack Simulation: a real world view of detection and response capability

Jacques Louw, director, MWR InfoSecurity SA

While scoped penetration tests offer valuable assurance around the security of specific applications, they lack the ability to identify the attacks exploited by real world attackers. This has sparked a move in the security industry towards un-scoped (or very broadly scoped) assessments against organisations, often termed "Red Team" assessments. Although such assessments provide a view on how controls would perform in the real world, they are largely focussed on preventative controls. This talk will discuss methods for improving the standard "Red Team" approach to better engage and develop the organisation's detection and response capabilities.

  • An understanding of modern unscoped security assessments
  • Insight into the benefits of engaging Prevention, Detection and Response capabilities
  • Insight into achieving a maximum ROI from attack simulations
Q & A: Debate the legal framework and implications of non-compliance specific to financial institutions during this audience led question and answer time

Moderator:Dr Jabu Mtsweni, research group leader for cyber defence, Council for Industrial and Scientific Research (CSIR) Dr Jabu Mtsweni, research group leader for cyber defence, Council for Industrial and Scientific Research (CSIR)
Dave Loxton, consultant (former ENSAfrica)
Candice Sutherland, business development underwriter, Hollard
Lisa Emma-Iwuoha, attorney, Michalsons

What is cyber liability and what are the implications of cyber crime for you as a business?

Ryan van de Coolwijk, product manager: cyber, HBM specialist liability, HollardRyan van de Coolwijk, cyber risk insurance specialist, Hollard Broker Markets

In the wake of a data breach what are the costs and potential implications that could impact upon a business? This presentation will unpack the typical costs associated with responding to a data breach as well as the potential liability costs that can attach thereto.

An attacker's perspective on beating phishing

Kyle Riley, co-founder, ZenoicKyle Riley, co-founder, Zenoic

Despite a growing awareness of the severity of cyber fraud, phishing attacks rose by a staggering 250% between the last quarter of 2015 and the first quarter of 2016. Current statistics show that 11% of users will open, read, download and run an attachment in a phishing mail. These figures have significant ramifications for large institutions in South Africa, where customers are regularly targeted by phishing campaigns. To gain a new perspective on this problem, Zenoic set about viewing it from an attacker's perspective. This talk will outline a novel framework to better understand how to effectively defend customers from phishing attacks by contextualising and creating new defensive controls. Some of the defenses demonstrated include the application of machine learning algorithms, dark web surveillance and interfering with the infrastructure of the attacker

  • Insight into the economics of phishing
  • A framework to understand phishing attacks and find loopholes in defensive strategies
  • Actionable steps to help curb phishing attacks
Lunch and Networking
Cyber Insurance, broader than you think

Candice Sutherland Candice Sutherland, business development underwriter, Hollard

Broader than just liability insurance and triggered by more than just hacking. This presentation will provide an overview of the cover provided by cyber insurance, insuring what has traditionally been uninsurable, as well as consider examples of real world claim triggers extending far beyond typical third party threat actors.

Threat Management 2.0

Peter Oeschger, head of information technology, Bank of Athens

Dealing with the total onslaught of organised criminal attacks aimed at a financial institutions requires a multi-pronged approach, starting with pre-emptive steps and monitoring working all the way up to offensive countermeasures and cyber deception

Networking and Refreshments
Making Financial Sense of the (In)Security Challenge

Mai Moodley, head of department for financial systems and processes, SITA Mai Moodley, head of department for financial systems and processes, SITA

The aim of this presentation will be to practically demonstrate through a series of case studies aimed at finance professionals, the typical pain points and challenges which need to be addressed while demonstrating how to measure the ROI from these security counter-measures within the finance context.

Building home-grown cybersecurity capabilities and technologies

Dr Jabu Mtsweni, research group leader for cyber defence, Council for Industrial and Scientific Research (CSIR) Dr Jabu Mtsweni, research group leader for cyber defence, Council for Industrial and Scientific Research (CSIR)

As the challenges in the cyber domain continue to escalate leading to devastating and huge financial losses, it is becoming evident that developing countries need local solutions to respond to the cyber threats and cybercrime. Nations can no longer rely only on the developed nations for cybersecurity technologies. Thus, at the Council of Scientific and Industrial Research (CSIR), we believe that the establishment and development of the sovereign and home-grown cybersecurity capability and technologies is paramount towards building a safer and secure African cyberspace. In this talk, we will share some of our current efforts, working in collaboration with various stakeholders (industry, government, and military), towards building an integrated cybersecurity capability for purposes of securing our networks and business from cyber ills of this digital age.

  • Awareness of what the CSIR is doing in the cybersecurity space
  • Awareness of existing home-grown tools making an impact towards addressing cyber crime and daily cyber threats
  • Understand potential opportunities of collaborating with the CSIR (as the National and non-profit R&D hub of South Africa)
Close of Conference and Cocktail Function Sponsored by IBM

Diamond Sponsor

Silver Sponsor

Display Sponsors