Agenda

Chairman's welcome

►The Perfect Storm - Navigating AI, Cyber-resilience and Product Security across retail supply chains

Adaora Ezennia, GRC Lead, THG PLC

• The regulatory convergence crisis: CRA, DORA, and EU AI Act are colliding to create overlapping compliance obligations that require integrated strategies, not isolated responses

• The AI supply chain blindspot: Retailers scrutinise vendor cybersecurity but ignore embedded AI systems in supplier operations, creating hidden EU AI Act liabilities and operational risks

• From fragmented audits to unified assurance: A practical framework for third-party monitoring that simultaneously addresses CRA product security, DORA resilience, and EU AI Act transparency

• Action plan: Immediate GRC actions—revise vendor questionnaires, mandate AI disclosures, launch cross-functional risk committees etc

►Threats in Aisle 7: What Rapid7 Labs Sees in Retail Attacks

Christiaan Beek, Senior Director of Threat Intelligence & Analytics, Rapid7

• The retail industry has become one of the most targeted sectors for modern cybercriminals — from sophisticated social engineering by Scattered Spider to coordinated intrusion campaigns by Crimson Collective
• Rapid7 Labs unveils fresh insights from its global intelligence capabilities, spotlighting how attackers are exploiting retail ecosystems, supply chains, and identity systems for maximum disruption and financial gain
• Learn how Labs’ data-driven threat intelligence powers early detection, guides proactive defence, and helps organisations stay one step ahead in the ever-evolving retail threat landscape

Rubrik's presentation to be announced

►Fireside Chat: Beyond the Store: Securing Third-Party Risk

Simon Brady, Event Chairman, (Moderator) 
Angus Alderman, Information Security Officer, Boden

• How is the evolving threat landscape—ransomware, credential theft, supply chain attacks—shaping your security priorities in retail?

• With so much moving to SaaS, cloud, and outsourced IT, how is the off-prem shift changing your security priorities?

• Retail runs on partners — payments, loyalty apps, delivery, logistics. How do you keep the customer experience smooth without skimping on fraud or identity checks?

• Third parties are often the weakest link. How do you actually monitor them — contracts, frameworks, continuous monitoring, or something else?

• Compliance doesn’t stop at your systems. How do you handle PCI, GDPR, and other regulations when data is constantly moving through third parties?

• How are you preparing for the future of retail cybersecurity with AI, IoT, and emerging technologies like quantum-safe cryptography?

Comfort break

►Human Factors in Cybersecurity — Debunking the Common Myths

Dr Lee Hadlington, Chartered Psychologist

• Understanding the Human Role in Cybersecurity

• Common Myths and Misconceptions

• Psychological Factors Behind Security Behaviors

• Strategies for Building a Human-Centric Cybersecurity Culture

Saviynt presentation to be announced

►Hidden in Plain Sight: Detecting Threats Behind the Checkout

Laurent Strauss, Cyber Security Strategist, OpenText Cybersecurity

• Retail networks are under constant pressure from credential theft, rogue insiders, and lateral movement through POS and supply chain systems
• We will reveal how AI-driven behavioral analytics can uncover subtle anomalies from data exfiltration to privilege abuse before they escalate into breaches
• Adaptive threat detection, context-aware alerts, and automated investigation workflows enable retailers to reduce dwell time, protect sensitive customer data, and keep operations running smoothly

►Fortify Your Future: Mastering Business Resilience in the Digital Age

Muhammad Emal Khan, Senior Information Security Consultant, Lidl

• Beyond the Firewall: How attacks can shut down operations and new threats can bypass traditional security checks, no longer just about network perimeter defence
• Shared Responsibility is Non-Negotiable: Attendees will learn the critical lesson that "moving to the cloud" doesn't absolve of responsibility for security
• From Paper to Practical: You will discover the necessity of moving beyond theoretical planning, lack of practice, results in inadequate preparedness
• The Resilience Imperative: To strengthen our position, integrating Business Continuity, Crisis Management, IT Service Continuity, and Cyber Resilience to ensure operational continuity

Comfort break

►And now the Weather Forecast – Threat Intelligence and SIEMs in the age of Cloud Computing

Klaus Klingner, Information Security Officer, Asambeauty

• SIEM as radar: Centralise and normalise multi-cloud/SaaS/identity logs; create “watchlists” for weak signals so small anomalies don’t get lost

• Threat intel as forecast: Map sector-specific actor TTPs to MITRE, define watch-conditions (IOCs + behaviors), and pre-stage responses before storms arrive

• ATP as severe-weather alerting: Use automated containment (isolate host, revoke tokens, block IPs) to shrink MTTD/MTTR and close the gap from detection to action

• Cloud = mountain weather: Instrument ephemeral resources (containers, serverless), track config drift, and treat identity and CI/CD as first-class telemetry sources

• Preparedness kit & ritual: Maintain a 3-day “threat forecast” dashboard, run regular storm-drill tabletops, set clear trigger thresholds, and communicate in plain language to stakeholders

►Aggresive defence moving from detect & respond to prevent & investigate with identity-centric security operations

Rory Shannon, Global VP Engineering, Cyderes

• As adversary behaviour changes, we must re-orient detection & response into a more pre-emptive function
• Bringing identity & access management technologies into the threat detection & response process introduces additional
  friction to the attacker
• Considering the SecOps technology stack holistically allows us to shift SecOps into a prevent first mindset

►The Modern Attack Chain in Retail 

Steve Whiter – Director of Modern Worker projects, Appurity
Michael Simpson – Senior Engineer, Lookout

• Why and how are attackers pivoting to unsecured mobile devices to breach organisations of all types?
• Explanation of mobile focused Tactics, Techniques, and Procedures (TTPs)  recently detailed in the NCSC and CISA advisory
• How can you identify any infrastructure gaps that attackers could take advantage of?
• What can be done to remediate the threats exposed to the Modern Frontline Worker?

►Hacking Retail: Real-World Attacks and How to Stop Them

Glenn Wilkinson, Ethical hacker and Ambassador for the Hacking Games

• How attackers target retailers, from ransomware to insider threats
• A live demo of ransomware detonation and its impact on retail systems
• Lessons from high-profile retail breaches (including the M&S Parliamentary Inquiry)
• Practical steps retailers can take to reduce their exposure and respond quickly

Chairman's close