True to the words of David Bowie: “tomorrow belongs to those who can hear it coming”, over 280 guests listened spellbound to the ten talks about cyber security at our InfoGuard Security Lounge. All in keeping with the event’s motto: “the future starts today - cyber security is more important than ever!”. There, in addition to reports from clients (UBS Card Center and Sopra Steria), partners (Ergon/Airlock and Aruba) and our own in-house experts, audiences were enthralled by some renowned top speakers. Thus, Dr. Hannes P. Lubich, Dr. Adrian Perrig and world-famous futurist Gerd Leonhard wowed visitors to the event. Missed the Security Lounge? Let us take you on a quick trip back and show you some of the highlights.
Cyber threats – and what that means specifically
Cyber threats 2018 – The known, the new and the unexpected
Dr. Hannes P. Lubich, Professor of ICT System Management at the University for Technology & the University of Applied Sciences of Northwestern Switzerland, kicked things off. He pointed out which already known and new, but also unexpected, cyber threats we will be facing. Known issues such as DDoS, fake news, encryption and the old problem of weak passwords will continue to plague us. Lubich also highlighted the lack of usability of cyber security solutions as well, however, alongside GDPR, artificial intelligence and the IoT. On the other hand, he criticised the lack of a risk assessment before introducing new products and services. Many decision-makers also continue to ignore the far-reaching cyber risks. Finally, he explained why the gap between agile criminal organisations and “traditional” defence mechanisms will widen further in the future.
Why Trump didn’t call Putin via DNS
The talks by our InfoGuard experts also met with enthusiasm. Mathias Fuchs, Head of Cyber Defence began. He talked about how media is playing an increasingly important role in cyber security, particularly in the case of security incidents. The 2016 presidential elections in the USA are a prime example: Never before have internet discussions about the elections been so active which, in turn, inspired media reporting accordingly. This resulted, among other things, in Donald Trump being accused of having connections with Putin through a Russian bank (details here). Fuchs described a scenario in which there was no attacker, but there were victims – victims of suboptimal media work. This demonstrates the importance of handling media correctly within cyber security. As one-off communication errors are very difficult to rectify later. Mathias Fuchs’ statements caused many listeners to smile knowingly – and no doubt this was not just at the images of Trump and Putin...
Live-Hacking ‒ when the hacker rings twice
As at every event, the InfoGuard RED team with five members rocking the stage was a major attraction. For some time now, criminals and malware have been using standard protocols for data exfiltration and C2 communication (“command and control”). Protocols used by companies for external communication are particularly popular. Protocols such as HTTPS or DNS are therefore part of the basic toolkit. These can, in fact, be packaged in the corporate communication background noise but are, more often than not, closely monitored and regulated. Another channel used by most companies is VoIP telephony. This, however, is poorly monitored, complex and little research has been conducted in this area. And it was precisely this that our RED team chose to exploit. After working through the night, they were able to use a computer for cyber attacks remotely by reverse engineering the Microsoft Skype/Lync protocol. Ultimately, they found multiple pathways that could be misused by an attacker as channels of communication. This not only caused astonishment among audience members but also made for some lively discussions.
Total eclipse – deliberate manipulation of Ethereum blockchain
At the heart of Crypto Valley, the issue of blockchain should not be forgotten. Both of our InfoGuard experts, Reza Hedayat, Head of Security Innovation, and Dr. Rocco Mandrysch, Cyber security Consultant, introduced an example of Ethereum in the world of Distributed Ledger Technology (DLT for short). The Ethereum blockchain is one of the best-known implementations of DLT. It enables the creation of technically decentralised ecosystems. What many people fail to consider, however, is cyber security. They demonstrated how a so-called eclipse attack works and how InfoGuard can help you with the implementation of DLT projects.
SCION – a highly secure internet architecture for the 21st century
“Do not concern yourself with information security” Adrian Perrig was advised at the beginning of this scientific career. But he didn’t listen. Today, Perrig is a professor at the Swiss Federal Institute of Technology (ETH) in Zurich where he is head of the Network Security Group. He presented the highly-secure SCION (Scalability, Control and Isolation on Next-Generation Networks) internet architecture to the interested visitors. For years the computer scientist and his team have been conducting research in the field of network security. One key element in the new architecture is isolation. The system is used on central hubs and then divides the network into protected sub-groups. SCION gives the data packets a type of protective packaging with re-addressing when they are transported via the network. This ensures that the information can no longer be diverted from its path and hijacked. SCION is currently being tested by several banks and ISPs. Perrig’s vision: For Switzerland to be the most secure internet country in the world. That vision looks set to become reality very soon as the project is due to be implemented by 2022.
The mega shift – what will the next 10 years bring?
As our final highlight from the Security Lounge, futurist Gerd Leonhard revealed how mega shifts will reform our lives and the economy. Future visions may sound impressive but for many they are difficult to understand and abstract. Nevertheless, they will come true – and sooner than we think. Futurist Gerd Leonhard emphasised again and again that humanity will change more in the next 20 years than it has done in the last 300. The result? The working world is on the cusp of exponential changes such as complete networking with the IoT, smart everything, robotics, automation, artificial intelligence and quantum computing. The possibilities offered by digitalisation and automation should be used wherever feasible. In so doing, however, the aspect of digital ethics should not be overlooked. As Leonhard put it so well: “It is a matter of exploiting the technology but not being controlled by it.”
The occasion drew to a close amid some dazzling summer weather with networking, culinary delights and live music.
The InfoGuard Security Lounge on 26 June 2018 far exceeded our expectations. Not only was the new location (the casino in Zug) impressive, so were the talks. The guests were also enthusiastic as can be seen from the many comments. The months of preparation definitely paid off. See our gallery for more images from the event.
We are already looking forward to the 10th InfoGuard Security Lounge on 26 June 2019 – how about you? Register now and put it on your calendar!
Our events are not to be missed of course, but that doesn’t mean that we won’t keep you up to date with all the latest cyber security news in between them. In our Cyber Security & Cyber Defence blog, find out weekly what issues are concerning the world of cyber security and receive free tips in the form of white papers and checklists. Subscribe to our blog updates now!