IT Security Insights 2025

The presentation will focus on the IT and legal challenges the coming 3-5 years and what you can do to align your work. We will look into the IT-topics of AI, zero trust, biometric identification, next generation cloud/homomorphic encryption and how they interact with sourcing, privacy/secrecy, freedom of expression, IPR, cybersecurity accountability and cyber insurance. 

Key takeaways:

• Björn will also share some tips on how you can get IT and legal to cooperate with less friction

Regulations (NIS2, CER, CSA) will have major impact on the IT-security market and shall enforce quality and resilience of products, services and processes at essential and important entities across EU.

Key takeaways:

• How will the impact of NIS2/CER directives be on the Swedish market?
• How can you manage the challenge to secure your supply chain?
• Why is security certification schemes (CSA/CRA) central in the EU strategy?
• How will the certifications schemes work with AI Act?

Qualitative risk analysis has gained a strong foothold in the IT industry. We need to change this, and - like many other industries - use quantitative methods instead. This lecture presents a simple way to test the quantitative methodology, using Monte Carlo simulation in Excel. The demo shown is based on Douglas Hubbard's book "How to measure anything in cybersecurity risk". 

Key takeaways:

• Problems with qualitative risk analysis 
• A better method based on qualitative risk analysis
• Demo with Excel

The convergence of Operational Technology (OT) and Information Technology (IT) within Industry 4.0 ecosystems has revolutionized manufacturing and critical infrastructure, when it comes to efficiency, automation, and interconnectivity. Industry 4.0 bring an expanded attack surface, exposing vulnerabilities that advanced threat actors increasingly exploit. 

Artificial Intelligence (AI) is a dual edged sword, used both by attackers and defenders. Threat groups use AI to amplify their capabilities when targeting human and technological vulnerabilities. Social engineering techniques have grown more sophisticated, exploiting cognitive biases and human error to infiltrate critical systems. Attackers weaponize AI to automate reconnaissance, craft targeted phishing campaigns, and generate deepfake content for deception.

The weaponization of AI extends beyond social engineering to include cyber warfare and supply chain attacks, with critical infrastructure becoming a primary target. These developments underscore the urgent need for security strategies to address the challenges posed by Industry 4.0's innovations

Key takeaways:

• How does the convergence of Operational Technology (OT) and Information Technology (IT) in Industry 4.0 expand the attack surface for advanced threat actors?
• In what ways do advanced threat actors leverage Artificial Intelligence (AI) to enhance their social engineering techniques?
• What are the key implications of AI weaponization for cyber warfare and supply chain security, particularly concerning critical infrastructure?
• What security strategies are necessary to mitigate the dual challenges of Industry 4.0 innovations and AI-driven cyber threats?

The EU's Digital Operational Resilience Act (DORA) mandates that boards of directors ultimately own and govern ICT risk. This is vital for financial institutions aiming to protect their operations, stay competitive, and ensure long-term sustainability amid rapidly evolving cyber threats.

Key takeaways:

• Are you aware of your board's ultimate responsibility for cybersecurity under DORA?
• How can regular, specific training for board members strengthen organizational resilience?
• What governance model do you need to effectively manage and oversee ICT risk?

Companies in the defense sector face a critical shortage of cybersecurity skills, creating vulnerabilities amid growing threats from sophisticated actors. Securing critical infrastructure requires investments in education, technology, and stronger collaboration between industry, academia, and government. This is not just a technical challenge—it is about safeguarding our society and future. 

Key takeaways:

• How can we together solve this problem?

For a long time, you have been told that multi-factor authentication (MFA) is the solution to any authentication-related security issue. It is the go-to remedy for unauthorized access. It provides a robust additional layer of security beyond mere passwords, or so they say. More than a million MFA bypass attacks happen monthly, yet professionals believe MFA is the solution for a good night's sleep.

Key Takeaways:

The presentation will delve into the intricacies of malicious actors' modern techniques to circumvent MFA safeguards and pwn (takeover) your accounts... live. Attendees will witness firsthand the seamless takeover of MFA-protected accounts, showcasing the efficiency of advanced attack vectors. Interestingly, as always, it comes down to familiarity, trust, and the exploitation of human psychology

The presentation highlights the real security issues and provide an understanding of the evolving threat landscape of MFA. Attendees will learn that the real enemy is human susceptibility and the crucial coexistence of technology and awareness in defending against the evil that  tries to own us.

In an era of hybrid and multi-cloud environments, understanding and mitigating risks to sensitive data is essential. Data Risk Intelligence provides organizations with the visibility and insights needed to identify threats, address vulnerabilities, and enhance data protection. 

Key takeaways

• Join experts from Thales Cyber Security Products (CSP) to explore how Data Risk Intelligence transforms your approach to security

Join our round table discussions that are designed to give event participants an opportunity to exchange ideas and experiences on some of the hot topics in the security market place in a more relaxed atmosphere. Each round table session is 40 minutes, and the participants will have the chance to rotate every 40th minute. A total of 7 round tables will be available to choose from. 

Key takeaways:

Exploring how to foster a deeper understanding of cybersecurity risks and investments at the executive level

In the ever-evolving landscape of cybersecurity, success isn’t just about technical skills—it’s about building teams that can anticipate threats and act with precision. This keynote will explore the critical shift from reactive to proactive defense strategies, focusing on the importance of high-performing teams. Drawing on real-world insights from building and leading top-tier SOC, CSIRT, and CERT teams, this session will reveal the key principles behind cultivating resilient, agile, and forward-thinking cybersecurity units. With a focus on leadership and team empowerment, discover how to create a culture of trust, accountability, and open communication—elements that drive performance and resilience in the face of constant cyber threats. This keynote will provide actionable insights for leaders aiming to foster collaboration, agility, and effectiveness within their teams.

Key Takeaways:

Practical strategies for shifting your cybersecurity team from a reactive to a proactive stance.The role of trust, communication, and accountability in building resilient cybersecurity teams.Leadership approaches that foster a proactive cybersecurity culture focused on threat anticipation.

Key takeaways:

• How to better identify, contextualise and prioritise risk across your dynamic ecosystem.

Quantum computers have the potential to break widely used public-key cryptosystems, such as RSA and elliptic-curve cryptography, which are a part of our current communication infrastructure. Post-quantum resilience is a field to address these vulnerabilities to ensure the long-term security of our data and communications.

• What is cryptography and what its role in current secure communication?
• What is vulnerable to an attack from a quantum computer and why?
• What is a quantum computer and how it can make our data vulnerable?
• What can we do to protect our digital assets long term?