Session Abstract

Modern IT environments are heavily invested in identity, device management, and security tooling, yet attackers increasingly bypass these controls by exploiting trust, not vulnerabilities. This session explores the biggest real-world risks facing today’s organisations, including supply-chain attacks through application deployment, malicious or compromised browser extensions, and the growing wave of “click-fix” social engineering that turns users into the attack vector. These are not theoretical threats or nation-state zero-days - they are practical, repeatable techniques being used right now against well-managed environments. Rather than focusing on fear, this session is grounded in pragmatic defence. We’ll break down how these attacks work, why traditional controls often fail to stop them, and what IT teams can actually do to reduce exposure. Attendees will leave with actionable guidance covering application trust, browser and extension control, user-driven attack paths, and how to design protections that assume compromise will happen - without destroying user productivity. If you manage endpoints, identity, or security in a modern workplace, this session will help you rethink where your real risks live. Key Takeaways: * How "approved" apps, extensions and workflows are being weaponised. * Why "Managed" doesn't equal "Secure". * Practical ways to reduce risk without wrecking user productivity.

James Robinson

With over 20 years of experience in the field, James is a Solution Architect specialising in Modern Workplace, Security, and End User Compute technologies, with a focus on getting environments onto Cloud-Native endpoints.