This presentation forms part of the CTA's Threat Intelligence Practitioners' Summit
Thursday 15 October 14:30 - 15:00, Small Talks room
Righard Zwienenberg (ESET), Kathi Whitbey (Palo Alto Networks), Samir Mody (K7 Computing) & Mienke (NCSC-NL)
As cyber threats evolve beyond systems and networks, the human layer has become the primary attack surface. This panel explores the rise of the indicators of behaviour (IoBs) and their growing impact on cybersecurity, unpacking what IoBs mean in practice and why they demand urgent attention from security practitioners.
Moderated by an industry expert, this session brings together three panellists from different fields with diverse perspectives across security, data, and risk to examine how behavioural data is reshaping both attack and defence strategies. The discussion will ground IoBs in real-world cybersecurity contexts, moving beyond buzzwords to explore how user behaviour, captured through digital interactions, geolocation, and online activity, can (and perhaps should) be analysed, predicted, and exploited.
Panellists will elaborate on how attackers can, or are already, leveraging behavioural insights to increase effectiveness, including highly targeted phishing campaigns, executive impersonation, and context-aware social engineering. The discussion will highlight how timing, personalization, and psychological manipulation, complemented by (personal) behavioural data, are making attacks more convincing and harder to detect.
The panel will not forget to examine why traditional security approaches fall short against these adaptive, human-centric threats, and how AI is speeding up the scale and sophistication of behavioural targeting. From automated reconnaissance to dynamically generated attack content, AI is lowering barriers for adversaries while raising the stakes for defenders!
The discussion will cover potential solutions: what does it mean to defend the human layer? Panellists will explore emerging approaches such as behaviour-aware security controls, adaptive authentication, and human-centric design principles that strengthen resilience without overburdening users. The topic of ethical tension between privacy and protection will not remain untouched. As organizations increasingly rely on behavioural and geolocation data, where is the line between security monitoring and surveillance? How can companies maintain employee trust, safeguarding their privacy while improving security outcomes?
In the end we hope that attendees will gain practical insights into the realities of IoB-driven threats, the limitations of current defences, and actionable strategies to better protect their environment against most targeted and least protected layer in cybersecurity: the human layer.
 |
Righard Zwienenberg
|
 |
Kathi Whitbey Kathi Whitbey is the Principal Threat Analyst, Healthcare for Unit 42 at Palo Alto Networks, where she combines deep threat intelligence expertise with a passion for securing the healthcare sector and a commitment to advancing cybersecurity collaboration. She played a pivotal role in the formation of the Cyber Threat Alliance (CTA), helping establish trusted intelligence-sharing capabilities that transformed how the industry works together to defend against cyber threats. |
 |
Samir Mody Samir Mody graduated from the University of Oxford in 2000 with a First-Class Master's degree in chemical engineering, economics and management. He spent over nine years at Sophos UK, the final three as Threat Operations Manager of SophosLabs. Since August 2010 he has been running K7 Labs in Chennai, India. Samir has actively contributed to the IEEE Taggant System project and other industry collaborations such as AMTSO and CTA. He has co-authored and/or presented papers and participated in panel discussions at various international security conferences (VB, CTA TIPS, AVAR, EICAR). Samir is passionate about education, and has developed the free EdTech platform Tier Up. His interests also include reading (philosophy, politics, history, literature, and economics), sport and classical music.
|
 |
Mienke Mienke is a threat analyst at the Dutch National Cyber Security Center, working within the CTI team. Her focus is on hacktivism, IACS and IoT-devices. A recent focus has been on residential proxies and its impact on cyber resilience. As a threat analyst for the Dutch government, she works with an array of public and private organizations on the cutting edge of public policy, geopolitical developments and cybersecurity. |
Back to VB2026 conference page
Register your interest for VB2026