This year too, the InfoGuard Innovation Day, which took place on 25 January 2023 with over 700 participants from Switzerland, Germany and Austria, was a complete success. The virtual trade fair began with one of the two exciting keynote speakers. Dr Hannes P. Lubich gave an illuminating overview of the technological trends and new defence strategies coming by 2030. This was followed throughout the day by 24 presentations given by experts from InfoGuard and its 16 network and security partners. Philipp Rhomberg, the CDO of the Emil Frey Group, kept the participants gripped during the second keynote speech with a field report on the cyber-attack on Emil Frey. Overall, this year’s Innovation Day was a great educational event for all fans of cyber security. Did you miss out on the event? In this article you will find out about the most important insights and learnings from the keynote speeches and InfoGuard presentations.
Cyber-attacks on Swiss companies are on the increase. Hackers are gaining undetected access to company networks, and with it an overview of the data they can encrypt. On D-day, this means the network is literally “paralysed” with nothing working at all. This is what happened at Emil Frey. Philipp Rhomberg, CDO of the Emil Frey Group and a board director, described in his gripping keynote speech how the hacker attack unfolded, and how the company handled this crisis with help from InfoGuard’s CSIRT. Rhomberg shared his most important learnings with the participants:
What will 2030 bring for the cyber world? In his keynote speech, Dr Hannes P. Lubich risked making a forecast. The renowned expert and InfoGuard board member is assuming that the economy will continue to be unstable, so corporate strategies should be ready for it. Climate change will also continue to be a major issue. Technology, which in future will become even more crucial for humanity than it has been up to now, will also undergo a dramatic evolution. Technology is increasingly exerting its power to shape our lifestyles, although this is not clearly recognisable, and it is taking (partial) control over our lives. One good example of this according to Lubich is kitchen appliances that can communicate over the net. Finally, Lubich gave the following tips: systems need to be tested where it’s hurting, not where it’s working. Also, there should always be a plan B in place that can be rolled out immediately.
EinIt’s no longer enough to do an annual vulnerability scan or a one-off attack simulation. In order to cope successfully with a constantly changing threat landscape, you have to be continually reviewing your security measures and optimising your infrastructure. This is what the recent discipline of ”Breach & Attack Simulation“ (BAS for short) offers – and it’s so much more than just automated pen-testing. In his presentation, Martin Dudle, Head of Security Detection Solutions, explained BAS’ added value, for instance, a significant improvement of the IT risk management process.
Does this sound interesting? You can find more information about the Breach & Attack Simulation Service and the non-binding contact form here:
Mario Bischof, the Senior Penetration Tester at InfoGuard, explained exactly what user enumeration is and what can be done to counter it. In a nutshell, user enumeration is nothing more or less than data theft using registration forms. On a lot of public websites such as streaming platforms like Netflix, for example, critical information is given if the user access data is entered wrongly or if the user is asked to enter a new password, for example, if the email address already exists. This could be exploited for an attack by cyber criminals.
Image source: Mario Bischof
In his presentation, Bischof showed the many ways in which user enumeration can be achieved, the extent to which artificial intelligence can help an attacker circumvent security measures such as CAPTCHAS, and how data acquisition and machine learning could be used to create a targeted profiling of the people behind the email addresses.
The ISO 27001:2013 standard was replaced in October 2022 by ISO 27001:2022. This standard contains specifications for information security management systems (ISMS) and at the same time sets out the requirements for implementing and maintaining the ISMS. This is key to protecting the most important assets.
The changes between the old and the new standard are minor. 14 areas from the 2013 version have been incorporated into four new control types. The controls have been reduced from 114 to 93. There are also new controls that deal with topics such as cloud security or threat intelligence. For more information on ISO 27001:2022, read this blog article.
When an incident occurs, time is of the essence. In her presentation, Ramona Betschart, a Cyber Security Analyst at InfoGuard, showed how quickly she and her team are analysing malware every day, and why this is so important. This is because as soon as it is clear through which IPs and domains the malware has entered the system, it can be immediately blocked to halt any further damage.
Successful defence against cyber-attacks begins by proactively eliminating known vulnerabilities in the infrastructure and continuously recording and analysing log information from all the system components. That’s why the InfoGuard Cyber Defence Centre offers what are called basic detection services. Whenever traditional security systems reach their limits, additional advanced detection services are recommended.
All in all, 2022 was another turbulent year – in particular for our InfoGuard Computer Security Incident Response Team (CSIRT). Jorina Baron, Threat Intelligence Analyst in the CSIRT, gave participants a glimpse into the past year. In total, CSIRT worked on 53 major incident response cases. The sectors most frequently affected were telecoms, technology and manufacturing. In 15 of the 53 cases, the initial attack was via VPN. In 11 of the cases, the attackers exploited vulnerabilities. Jorina Baron recommended using multi-factor authentication to proactively protect systems. Similarly, services should not be exposed and vulnerabilities should always be patched straight away.
By the way, we are already planning a separate blog post by our CSIRT with their insights. To avoid missing out on this, you should also sign up to receive our blog updates!
It’s well known that preparation is everything. The extent of the damage caused by a successful cyber-attack also crucially hinges on how well prepared the company is to deal with a crisis of this kind. Our Principal Cyber Security Consultant Michael Güttinger has put together the greatest challenges he regularly encounters with clients when dealing with cyber-attacks.
Güttinger repeatedly emphasised the importance of solid preparation. In so-called incident response plan workshops, he and his colleagues from Consulting regularly support clients in developing the necessary process steps for emergency operations, crisis management, IT management and recovery, and the continuous improvement process. Interested? You can find more information here.
Stefan Pfiffner, Head of Security Prevention Solutions at InfoGuard, also opened with the question: Why do we need a new Internet at all? His answer – the internet was never fundamentally designed to be a secure network. That’s why it is vulnerable to “BGP hijacking” or “BGP leaking”. The Secure Swiss Finance Network (SSFN) is the new strategic communication network for the Swiss Finance Centre, replacing the well-known Finance IPNet. SSFN is based on the Next-Generation SCiON architecture developed by ETH and marketed by the Swiss company Anapaya. SCiON combines the security and reliability of private networks with the flexibility of the internet. In order to make access by the financial institution to the SSFN as simple and secure as possible, we developed the InfoGuard Managed Service Single Edge and Redundant Edge 100 Mbps. A full managed service is also available with end to end service, hardware, Anapaya VM and software, configuration and monitoring of SCiON Edge.
From September 2023, the new Swiss Data Protection Law will come into force. Senior Cyber Security Consultant Daniel Däppen explained the changes the law will effectively bring:
The 11th InfoGuard Innovation Day was a resounding success. Both we and the participants have learned lots of new stuff, got some informative tips and got to know about upcoming innovations in the future. This was also reflected in the huge amount of positive feedback from the participants.
The next InfoGuard Innovation Day will be on 24 January 2024. It’s best to reserve the date right now so that you can be there next year (too) – or why not register straight away! We are looking forward to seeing you.