by Michel Klompmaker
The Belgian Cyber Security Convention (BCSC) is an event that was held on October 16 to push organizations to seriously invest in protecting their data from exposure to cybersecurity risks and threats. The convention was organized by Brewery of Ideas and took place at the Lamot Congress Center in Mechelen. It aimed to unite some of the best European experts in cybersecurity coming from about 14 different countries. The goal of the convention was to get businesses, public and private organizations to meet these experts, pass on the latest insights and become informed on the most important best practices and technologies.
The convention covered a number of cybersecurity topics, such as data breaches, how to build trust, how to mitigate cyber risks, how to make employees cybersafe, protecting businesses and its employees from vulnerabilities, cybersecurity and A.I. and ethical hackers versus blackhat hackers. Several speakers from various organizations and companies were present that gave interesting keynote presentations on some of these topics.
How to get hacked before you get hacked by Inti De Ceukelaire – Intigriti
Inti began by speaking about responsible disclosure and if there is a vulnerability in a server or system and someone were to find out and exploit this, it could signal the end for a business. This is why, he maintained, that it is essential to be aware of a vulnerability as soon as possible. An interesting note he made was the fact that he would receive certain gifts for hacking organizations or companies.
Pizza.be and Tomorrowland, for example, give out free pizzas and tickets and others gave out money, such as airline companies and Apple. He also stated that you can never know whether a hack has been done by an ethical (whitehat) or a hacker with bad intentions (blackhat). Some organizations, such as the Department of Defense, would invite ethical hackers to expose flaws in their servers or systems.
Cybersecurity and Artificial Intelligence: practices to defend algorithms by Mika Lauhde – Huawei Technologies
Mika spoke about how A.I. encompassed much more than just attacking and defending, but it was also about protecting your company. A.I. refers to systems that display intelligent behavior and it can be used either for good or bad purposes. Mika discussed how there will be no ethical rules that will apply globally in terms of how A.I. is used. Huawei Technologies are the largest manufacturers of A.I. They share A.I. processors with their partners, but they want them to have innovative solutions in mind so that they can understand how their partners will use A.I. and what they will use it for.
(In) secure Passwords by Martijn Claes – Eurofins
Passwords are meant to restrict access to a certain person, prove that it is you and prevent people from accessing your files. The main types of attacks on passwords are phishing, guessing, brute force and reverse brute force. He stated that Eurofins was able to hack 30-80% of passwords, which are essentially 98,865 passwords that have been cracked via brute force. This is a very high rate and Martijn explained that having a password that consisted of less than nine characters constituted a weak password. Many of the passwords they were able to crack were easy because they contained peoples’ names, their pet names or their date of birth.
He also proposed important recommendations, such as creating passwords with at least 12 characters and avoid using random words, seasons, dates of birth, etc. He also proposed using two-factor identification and creating random passwords, but these are usually difficult to remember. Biometrics can be usually seen as a solution, however, it has its own problems, namely that it can still be hacked and the fact that digital fingerprints or facial features cannot be changed, but passwords always can.
Trusted Execution Environments and how far to trust them by Jan Tobias Muehlberg – KULeuven
Jan stated that one aspect of security is that we are getting used to breaches. There are sensitive elements within a server or system and if breaches occur, then this can have intimate consequences. This is why, Jan said, that it is important to protect critical infrastructure from breaches, especially where peoples’ lives are at risk. Jan stated that when it comes to security, it is essential to be aware of three factors: understanding a system, understanding the security requirements and understanding the attacker, who can develop new attacks and understand security systems better over time.
How a single IT vulnerability could bring down your entire organization by Sean Willems – Accel – Sophos
Sean began his presentation by speaking about hackers and how they are going into a system and log in environment and then developing malware for an organization’s specific system. He goes on to state that hackers search for the easiest way in where they can make the most money. They are also changing their focus and targeting the weakest link in an organization, which are employees. Finally, Sean mentioned Sophos mobile, which integrates security platforms and gets more control over what happens on the personal devices of employees and everything that is work-related. An organization creates a container, which allows the IT access to the employees’ personal devices.
How Policy Based CIAM can Improve the Customer Journey by Kurt Berghs – Trustbuilder
When it comes to customer access management, Kurt stated that it is not unwanted to pull all customers in and that the applications need to be able to talk to other apps. He spoke about three factors to be aware of: risk reduction and making sure that a person who wants to access a system is authorized to, regulatory compliance and business enablement, where new business models can be defined or increased. Trustbuilder links different applications together with different protocols and then determines how they can link and work together.
Some of the challenges faced by Trustbuilder were adaptive authentication, where employees at organizations do not want to use passwords at all, which makes them more vulnerable to hackers. A third challenge is single customer review, where the issue is that data is spread out and in a lot of places. Collaboration poses a challenge as companies will need to work together as well as big data where valuable data available is in the IoT devices. People who want to access this data will need to be ensured that they are authorized to first.
Photo: Courtesy Brewery of Ideas