e-Crime Congress

Day 1 - 16 March 2010

Click here for

07:30 - 08:50	Coffee & Registration
08:50 - 09:00	Welcome to the e-Crime Congress Dr. Simon Moores, Chairman
09:00 - 09:20	Law Enforcement in an Unregulated Environment: time for a strategic approach? Paul Hoare, Senior Manager, Serious and Organised Crime Agency Industrialised and Anonymous: are traditional law enforcement models insufficient by themselves when considering the nature of online crime? Internet governance: can e-commerce survive a continued lack of mandatory good practice? Adapting to new realities: what are the tools and new tactics being adopted by SOCA to meet this reality? Thinking smart: how can industry, internet governance bodies, and law enforcement find common goals and solutions?"
09:20 - 09:40	The Growing Challenge of Protecting Critical Information Infrastructure Rick Howard, Director of Intelligence, VeriSign iDefense Current trends around cyber crime and cyber security attacks that are putting significant stress on the Internet Insights into the areas of growing criminal activity, and the investments being made by the many organisations that act as stewards of the Internet Guidance to both commercial and policy audiences on how they can contribute to the increased security of this critical infrastructure asset, for the benefit of their own organisation/constituents, and the community as a whole
09:40 - 10:00	CyberSecurity, e-Crime and Attack Monitoring Systems: a view of the future Mark Osborne, CISO, Interoute Europe's biggest free CyberSecurity system and why nobody knows about it; good security or bad marketing?!? Measuring CyberAttacks; why is the view from alleyways and side roads at the edge of the Information Super-highway making us victims of Fear Uncertainty & Doubt? Real life examples of Cyber Attacks and examples of pure FUD - is our industry smaller than the "Information Security PR machine" it feeds? The challenge of security at the speed of light; security on a 40 Gb/s Internet backbone. "Somethings gotta change". Current initiatives and a plan for the future; how governments and providers could meet the need to do more.
10:00 - 10:20	Fraud Detection: how can we shift the goal posts? Peter Woolacott, CEO, TIER-3 Leveraging digital 'intelligence': as IT systems and work-flow processes becomes more pervasive and complex within our businesses, what pressures are being placed on traditional fraud detection methodologies? What happens when 'information' analysis can't keep pace? A critique of how we are currently using technology, insights into the things we know aren't working, and a call to action for the technology industry Dealing with the big problem: when it isn't obvious what you are looking for, how can you improve response time and cost-effectiveness? A case study 'deep dive' on what tactics and techniques can help during the search for a needle in a haystack Into the looking glass: event behaviour, advanced analytics, and looking for patterns in the haystack. What are the opportunities and what are the challenges?
10:20 - 10:50	Refreshments and networking break
10:50 - 11:10	Beyond Fraud: a forward looking impact analysis of what cybercrime will mean for 'the customer' and 'the enterprise' in 2010 Mark Crichton, BusinessDevelopment Manager for IPV (Identity Protection and Verification), RSA What specific trends in fraud and malware business models should those within, and outside, the banking industry be observing most closely? A view from the online consumer: what does the attack surface look like at the bleeding edge of data harvesting? Account takeovers, man in the browser, corporate passwords, software as a service, and 'bring your own device': how is the convergence of threats to the consumer and corporate infrastructure challenging current security models, and what are the implications for the future? Adapting to change: what can be done to ensure a robust defence, and where may prevention, detection, and response frameworks need to change?
11:10 - 11:30	Follow the money! A law enforcement perspective on re-thinking security in the banking industry Mirko Manske, Team leader and Head of the Intelligence Team on Cybercrime, Federal Criminal Police Office (Bundeskriminalamt, BKA) MITM and MITB attacks - URLZONE revealed: insights into some of the most advanced customer-focused malware in the European marketplace The "Mule of Passion": how can the banking industry can take advantage of changes in the cyber-criminal business infrastructure to reduce losses? Operation "Speedometer": A covert operations case study on the German Underground economy Looking forward: what are the cutting edge malware and cashout trends to look out for in 2010
11:30 - 11:50	Social Networks and the eCrime Risks for Enterprises Reto Weber, IT Risk Planning & Assessment, Credit Suisse How are social networks changing the global threat landscape? How will the new generation of employees ("Tec Natives") drive, and be affected, by this attack vector? What are the risks from 'social media engineering' to a company's reputation, or individual employees? How to deal with the threat in the corporate environment: 4 quick wins for a response strategy
11:50 - 12:10	Social Media vs Corporate Risk Management Capability: a quantum shift in the rules of engagement James Carnall, Manager, Cyber Intelligence Division, Cyveillance Gearing up for the new reality of collaboration and communication: real world case examples of social media's risks and rewards Beyond the headlines: what are the operational implications for risk management and security teams as the commercial potential of social media grows and is harnessed by their organisations? When "Measure to manage" is no longer viable: if the old 'command and control' models we have relied on for so long no longer suffice on their own, does a blueprint exist for prevention, detection, and response? From sales to the CEO: what are the key areas that organisation's should focus on in consideration of how cyber-criminals are currently exploiting social media to conduct e-Crime activities?
12:10 - 12:45	Education Seminars (Session 1 of 4) Choose from a range of seminars from the following sponsors: Cyveillance - Phishing: is it really safe out there?? Micro Systemation - Mobile Phones: why are you ignoring them? Prevx - Online Banking Fraud - Zeus, The Clear and Present Danger Skybox Security - Constant Vigilance: a blueprint for continuously examining enterprise networks to prevent cybercrime Trusteer - Financial Malware in the UK – New Techniques of Defense Kroll Ontrack - Data Loss: Are you ready if the wheels fall off? S21Sec - Foiling Spearphising: Using Digital Surveillance as a tool to combat spear phishing attacks VeriSign - 2010 Cyber Threats and Trends
12:45 - 13:40	Lunch and networking break
13:40 - 14:00	Zero Day and Blended Threat Attacks: how can we react as cyber-crime bridges the gaps between web and email security? Bradley Anstis, VP of Technical Strategy, M86 The story of 'the' Adobe exploit: what does one zero day tell us about a far bigger problem for the security industry? Form and function: case examples that demonstrate why blended threats are technically attractive and how they are being strategically deployed How are blended threats increasing in complexity, what major shifts in tactics are forcing prevention models to change, and what projections can be made about the future direction of this vector? Thinking ahead: as enterprises move into the web 3.0 world what key lessons from the web 2.0 era should we take forward?
14:00 - 14:20	The Case of 'Operation Aurora' and the Uncomfortable Question: what does it mean for the rest of us if hacking Google wasn't really all that hard? Raimund Genes, CTO, Trend Micro Looking beyond the media hype: was the widely covered “Operation Aurora” anything special in terms of the cyber criminal tactics that were deployed? The movement toward virtualisation: where does this IT trend create the opportunity for more robust IT Security, and how can it lead to greater risks? Time for change: Where is content security failing, and what does this mean for the vendor community's traditional methods? Lessons learned: how should corporations be preparing to protect their physical and virtual environments against sophisticated and targeted threats that exploit new technology trends?
14:20 - 14:40	Converged Vulnerability: covert threats to data security from the future that's already here Quentyn Taylor, Director of EMEA Information Security, Canon Europa N.V. Manufactured for sales, set to malfunction for security? An overview of vulnerabilities to digital asset protection created by printer features What key characteristics of data accumulators are most often ignored or unknown in relation to data and the network? The hows and 'ouches' of building in security process, policy and procedure into fleet management for network ready, always on devices What does technology convergence mean for the future of 'business as usual' office hardware from an information security perspective?
14:40 - 15:00	Applications Under the Spotlight: fixing the problem at source David Harper, EMEA Practice Director, Fortify Software Prevention vs. cure: has penetration testing outlived its usefulness? Reducing software risk: a systematic approach to developing secure software Other areas of software risk: securing out-sourced developments,open source, packaged applications and the cloud Learn from the best: the results of a benchmark of industry leading software security initiatives
15:00 - 15:35	Education Seminars (Session 2 of 4) Choose from a range of seminars from the following sponsors: NetWitness - Using Network Forensics to Uncover Advanced Persistent Threats Trend Micro - Virtualisation and Cloud Computing: new security challenges Imperva - Intelligent Security Using Security Intelligence PGP Corporation - Data Protection in 2010: managing risk in complex environments Verizon - Is outsourcing your IT security infrastructure operations inevitable? LGC Forensics - Exploring the forensic opportunities in e-Crime EISST - How e-Criminals pick their Targets (and how to make sure it won’t be your Bank) Entrust - Online Banking Fraud: Defeating Man in the Browser
15:35 - 16:05	Refreshments and networking break
16:05 - 16:20	SPECIAL ADDRESS: e-Crime Survey Malcolm Marshall, Partner, KPMG
16:20 - 17:00	KEYNOTE PRESENTATION: A case study of the Heartland Data Breach: investigations methodology and guidelines for corporate preparedness Andy Bonillo, Special Agent, US Secret Service Managing cyber-crime investigations: insights on the model and methodology used by the US Secret Service for solving the biggest data breach in history Who did what, when, and how? Tracking the criminals, the tools they utilized, and the technical infrastructure they deployed What are the lessons learned from over 50 data breach investigations on cyber-criminal profiling, and what makes Heartland different? General observations on a corporate playbook for handling a data breach
17:00 - 17:20	Data Breach Investigations: the inside story Matthijs van der Wel, Manager Forensics EMEA, Verizon Targets and techniques: what does an analysis of data breach history show about how attacks are taking place? Investigation conundrums: what issues increase the challenges for investigators? Proactive steps: how can organizations prepare in order to ensure underlying issues do not impact the speed of an investigation, and quick remediation to 'plug the hole'?
17:20 - 17:40	Managing Criminal Investigations in an Electronic Environment Alan Thomas, Global Forensic Investigator, Vodafone Group Service Limited The strategic set up: How should investigations, IT, and IT security, functions work together to provide an effective foundation for going after the criminals? Case examples: what does a response to e-crime that actively peruses criminals look like when it is led from the inside of a business? What are the operational practicalities and challenges in an aggressive e-crime investigations environment, and is there a winning formulae for success? Going mobile: how is the mobile market developing, what does that mean for the investigator of tomorrow, and what predictions can be made about crime trends that are likely to develop?
17:40 - 18:40	Evening drinks reception and networking, kindly sponsored by