InfoGuard Cyber Security and Cyber Defence Blog

12. InfoGuard Security Lounge – the revival of the live event once again has surpassed all expectations

Geschrieben von Reinhold Zurfluh | 07 Jul 2022

The InfoGuard Security Lounge happened when 600 people with an interest in cyber security met at the Theater Casino in Zug, as well as via live streaming. On 29 June 2022, this event was held for the twelfth time and once again proved to be a great success. In this review, you can find out about all the highlights and subjects that were of special interest.

Last Wednesday, 29 June 2022, the InfoGuard Security Lounge, which has become well established in professional circles, returned to the main stage of the Theater Casino in Zug. Around 250 participants attended the event in person, with a further 350 following the presentations via live streaming. Once again, Miriam Rickli moderated the event in her usual expert, likeable style. Hannes P. Lubich opened the Security Lounge with the presentation on “Cyber Threats – Cyber Risks are Real”. Staying true to the maxim “Know your Enemy”, he humorously explained the taxonomy of attackers in cyberspace. Luca Cappiello, Head of Penetration Testing & Research, gave the audience a transparent insight into daily cyber warfare by revealing exploitation evergreens in the age of EDR, SOC and Blue Teams, methods successfully used by attackers time and time again.

Cyber defence – because cyber-attacks are a harsh reality in today’s world

We have been aware for a long time that it is no longer possible to keep attackers out with high security walls alone. That’s why the second part of the programme was all about cyber defence. Stephan Berger, Head of Investigations at InfoGuard, gave insights from the CSIRT’s (Computer Security Incident Response Team) current security incidents, and he explained the seven biggest security failures experienced by Swiss companies, which are still opening the door to attackers all too often. Ernesto Hartmann, InfoGuard’s Chief Cyber Defence Officer, then analysed a supply chain attack from the cyber defence experts’ point of view. He also emphasised, however, that it is essential for a company to pursue a 360° cyber security approach in order to be able to take action – in other words, the focus should not just be on defence, it also needs to be on rapid detection and response.

Next, two of InfoGuard’s partners, Tanium and Extreme Networks, presented how to effectively detect cyber-attacks and optimise cyber-security thanks to Zero Trust.

Cyber security is a matter for bosses

In his keynote speech, the renowned expert and “thought leader” Thomas R. Köhler summed up why cyber security belongs on the agenda of senior management: “Cyber security is a matter for the boss”. This is actually a banal insight in view of the increasing number of security incidents that are making the headlines in the media on an almost daily basis. The way in which our home and professional lives have become interconnected means that we are all confronted with new, sometimes unforeseeable risks – from technical vulnerabilities and security gaps to cyber criminals and automated attacks. Unfortunately, the volatile nature of cyber-attacks and the significance of cyber-security have not yet penetrated into the top management of many companies, despite the large number of documented incidents and the well-known large-scale damage caused by cyber-crime. Köhler demonstrated exactly this. “We only have one security risk here, and that’s the boss” is something he hears again and again, which gives him pause for thought, especially as IT/IoT security is increasingly becoming a matter of “life and death”. He showed this with the aid of a particularly tragic, real-life cyber-attack. His final recommendations for more cyber security are as follows:

  1. Independent auditing of the company’s own ICT infrastructure
  2. Emergency planning (including response team / communication channels etc.)
  3. A consistent policy for file access rights
  4. Ongoing training / security awareness measures for the workforce
  5. Selection of partners / suppliers / co-workers
  6. Establishing dedicated accountability (with its own budget!)
  7. Identifying and protecting the company's “crown jewels”
  8. Identifying and retaining a trusted partner
  9. Establishing a social media policy

These and other exciting insights have also been summed up by Thomas R. Köhler in his book “Chefsache Cybersicherheit” (in English: Cyber Security is a Matter for Bosses).

CxO panel discussion – cyber security under discussion

Under the heading “Cyber-attacks are creating major challenges for Swiss companies”, Miriam Rickli moderated a lively CxO panel discussion with security managers from three leading, well-known Swiss companies: Ulrike Holzhammer, Head of Baloise IT Services at the Baloise Group, Alexander Graf, CIO of Huber+Suhner and Jean-Claude Flury, CIO of V-ZUG. They vividly described their own experiences of cyber-attacks and how the InfoGuard CSIRT was able to help them cope with them. They also discussed how companies specifically try to circumvent cyber risks, what protective measures are used and what cyber security challenges Swiss companies have to overcome today and especially in the future, from their point of view.

 

In the video recording, you can listen to or watch the security tips given by the experts during the panel discussion.

Highest level defence

A truly impressive finale was the interview on the topic of “Highest Level Defence” with Leonardo Genoni, the goalkeeper of the EVZ ice hockey team and a seven-time Swiss champion. Find out in a video recording how he did in the exciting final series, and what parallels he sees between his job as the goalkeeper of the reigning Swiss ice hockey champions and cyber defence.

The invitees finished off the successful day with a flying dinner and networking. After the last two years when the Security Lounge could only be held virtually, personal exchanges at the event were particularly appreciated. So it was not all that surprising that the sun had already set when the last guests set off for home.

 

InfoGuard Security Lounge 2023 – make sure you book your place today!

Did you miss this year’s Security Lounge, or would you like to reserve a place for next year? We have already set the date! Book your place now: The 13th annual InfoGuard Security Lounge will take place on 28 June 2023. We look forward to seeing you there!