Archives: Agenda

Lessons on Identity – the new battleground for enterprise security

In recent years, some of the most damaging cyberattacks in Europe share a common thread – identity. As traditional defences strengthen, attackers have shifted tactics, moving away from malware and exploits toward abusing legitimate credentials, permissions, and trust relationships within enterprise environments.

This session considers how attackers use identities to navigate industry-standard defences. We’ll explore the anatomy of an identity-based attack – from initial access through to organisational-wide takeover – and highlight recurring patterns seen across European enterprises.

Today’s breaches aren’t the result of poor security but of unseen complexity. Hidden identity attack paths buried deep in Active Directory and Entra ID provide adversaries with millions of routes to critical systems.

We’ll conclude with a strategy to move from reactive defence to proactive identity risk management. By continuously mapping and removing identity attack paths, organisations can eliminate the bridges adversaries depend on.

Secure by Default: Why the Future of Open Source Demands it

  • The real cost of “free” software and the security gaps it creates
  • How technical debt in open-source stacks becomes a growing risk for financial institutions
  • Why traditional “shift left” approaches are no longer enough
  • What a secure-by-default model looks like and what organisations should expect from their tools and teams

The Future of Digital Risk Protection in Financial Services

As financial services firms continue to digitise, their exposure now stretches far beyond the traditional perimeter. From the dark web to domain impersonation and unpatched vulnerabilities, risks can emerge anywhere your brand or data appear online.

This session explores how organisations can harness diverse intelligence sources – including the dark web – to uncover hidden risks and strengthen their digital resilience. Through real-world examples, we’ll show how Digital Risk Protection (DRP) turns threat data into clear, actionable insight that helps financial institutions stay ahead of attackers

The Confidence Illusion: Rethinking How We Assess Technical Risk

The financial services market has driven major security improvements through frameworks such as CBEST and TIBER, with its behaviour helping raise standards across other sectors. But does confidence still outpace reality? This session explores the blind spots that remain, including fragile supply chains, hidden attack paths, and vendor risks, while challenging what resilience and true assurance mean in complex, real-world environments

Keynote Presentation – Inside the Inbox: Real Attacks Hitting Financial Services in 2025

Attackers are bypassing legacy tools with business email compromise (BEC), account takeover (ATO), QR code phishing, and OAuth consent scams at increasing scale. We will share anonymized, recent cases from financial services environments, including how a global firm saw advanced attacks bypass a traditional secure email gateway and what actually stopped them. Co-presented by Abnormal AI and BlueFort, attendees leave with a practical playbook: the signals to look for, the controls that work, and how to achieve time-to-value without added friction.

The Extended Enterprise: managing cybersecurity risk beyond your walls

This presentation provides a strategic blueprint for guarding the digital gates organisations no longer directly control, a necessity given the increasing prevalence and systemic nature of third party cyber threats.

●      Systemic threat requires a new architecture.

●      Single vendor compromise impacts thousands.

●      DORA mandates shared vendor accountability.

●      Need Visibility, Collaboration, Automation.

●      Be the architect, not the gatekeeper.

Beyond the Perimeter: Proactive threat hunting for finance leaders

Financial organisations face relentless and increasingly sophisticated cyber threats. Reactive security measures aren’t enough to stop them. In this tech spotlight, Ryad Jawaheer from eSentire explains how finance IT leaders can stay ahead of attackers through managed detection and response (MDR), continuous threat management, and active threat hunting.

 

You’ll hear how eSentire’s team of experts detects and stops attacks in real time, helping financial institutions protect critical systems, meet regulatory demands, and strengthen resilience against disruption.