SecureWorld Manufacturing & Retail Virtual Conference 2024

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Threat methods and controls utilized for the corporate workforce that now expands beyond the office building and into remote locations is not as comprehensive and effective for those who are typically in the office. The intent of employees may not be malicious but rather inherent to poor practices; however, there are those who happen to begin unintentional but gradually become the intentional insider threat.

This presentation is designed to help individuals identify how seemingly “innocent” activity can make them an insider threat, and how to identify behavioral elements utilizing a number of security solutions. Through live demonstrations, we will show how “everyday activities” can result in higher risk to the company.

Objectives:

• Learn the methodologies utilized by individuals within the organization that would be considered insider threat activity.
• Learn how to identify system and user-based behavioral indicators.
• Learn which existing or enhanced security layer can provide insider threat profile data.

Take-Aways:

• How to identify business processes which can contribute to intentional or unintentional insider threats.
• Enhance procedures required to identify insider threat exposures.
• Enhance awareness training to include additional methods of insider threat.
• Enhance existing physical and digital security layers to better identify specific insider threat activity.

At the operational field, plant, or edge level, growing risks like cybersecurity must be managed amid a need to democratize and expand technology within an increasingly connected workplace. Traditional approaches of handling cyber, analytics, edge, and others as separate IT projects and not addressing these needs as various pieces of a major holistic change effort (including many non-technology aspects) are causing them to fail outright or have poor results. Operational management frameworks are designed to provide consistency and reliability at the field level for various reasons, including safety and environmental priorities, and can create friction with innovative techniques and large-scale change. Culture clashes between OT, IT, and Operations teams and priorities worsen this situation.

It’s important to appreciate how transformative OT cybersecurity programs are in order to integrate those objectives and ways of working into existing frameworks. This also allows cybersecurity teams to take advantage of new models and emerging technology which can accelerate progress. Finding and supporting these solutions is not enough though; companies need to apply a different approach to leading their internal change to overcome resistance and improve engagement.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Building control systems have been around since the late 1970s. These systems were digitally controlled and proprietary. The building staff could run the building, but the logic/programming required the system service provider’s knowledge to maintain. Over time, the building staff’s reliance on the service provider grew to the point that the service provider not only has unrestricted local access but also unrestricted remote access. And in most cases, the service provider provides and controls remote access. When you take this into account and multiply it by the number of building control systems per building, the number of service provider technicians that currently have access, and former employees that possibly have access, and then multiply this by the number of buildings owned, this number can be huge. Now take into consideration that most of the service providers are not bound to cybersecurity service provider agreements. These buildings are a high degree of risk exposure for building owners.

Learning Objectives:

• Participants will be exposed to the current state of the building control system cybersecurity.
• Participants will be walked through some real-world examples of results when service provider management does not exist and/or breaks down.
• Participants will learn the basic concepts of managing service providers using ISA 62443.

CISA recently released their paper on “Secure by Design, Secure by Default” software that has support from seven major governments. It is meant to make significant, achievable improvements in software security. We will discuss the Secure by Default concept, why it is important, and what customers and vendors can do about it today.

With a marked increase RaaS, APT, and nation-state sponsored attacks in the industrial cybersecurity sector over the last 18 months, it is more critical than ever for organizations to build effective incident response capabilities for their Operational Technology (OT) and Industrial Control Systems (ICS) environments.

Often when the OT process is down, so is the revenue stream. The pressure to get back operational is high. Having a solid practiced plan, the right tools in place, and an effective decision-making process are critical to restoring production.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Session description to come.

Identity management is crucial for securing user access across an organization’s IT infrastructure. A comprehensive identity management platform provides a unified view of user identities and access rights, allowing administrators to easily manage user access, detect and remediate identity-related threats, and enforce access policies. This presentation will provide an overview of the key features and benefits of a modern identity management platform and demonstrate how it can help organizations to enhance their security posture and protect against the latest identity-based threats

Attendees will walk away with a practical understanding of how to involve key stakeholders at various points in the compliance program development process and the importance of third-party risk management concerning the overall data security and compliance culture within an organization.

Businesses are increasingly built on a complex spiderweb of third-party providers that access a business’s systems, data, and other critical operations. This includes all manufacturing companies that rely on third parties—such as service providers, SAAS vendors, or contractors—to manage data and sensitive operations. Organizations typically have limited control over third parties, limited transparency into their security practices, and limited availability or resources to track third-party security upgrades. As owners and managers of portions of critical infrastructure, it is important for these companies to evaluate the current threat landscape and shift perspective on cyber threats from “if” to “when” as they examine preparedness, protocols, and employee education throughout upstream, midstream, and downstream operations.

Mitigating data privacy, cybersecurity, and technology risk throughout the supply chain should be a priority for organizations, and our presentation will touch on key considerations for third-party management, including due diligence, contractual terms, and ongoing compliance.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Session description to come.

The modern enterprise exists within a vast cosmos of interconnected third-party relationships—suppliers, vendors, partners, and more. Yet this indispensable ecosystem also represents a rapidly expanding attack surface rife with often unaddressed cyber risks. Far too many organizations still rely on checklist security assessments providing only a fragmented snapshot-in-time of third-party risk posture. This illuminating session sheds light on the dark universe of third-party security threats lurking beyond the corporate perimeter. Get ready to:

• Explore the real-world cyber risk impacts of complex, opaque supply chain relationships through analysis of recent high-profile breaches.
• Gain insights into emerging AI/ML techniques for continuously monitoring third parties at scale across public, deep/dark web sources.
• Learn a novel risk quantification framework for performing objective criticality assessments of all third-party partners.
• Understand key regulatory trends around third-party cyber risk governance, including SEC-proposed rules.

The need for cybersecurity in critical infrastructure environments (e.g., energy pipelines, power plants, nuclear facilities, petrochemical sites, water treatment plants) is at critical levels. In this discussion, we’ll be looking at the current state of cybersecurity in these types of ICS/OT environments.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.