Notes on the 4th Annual Cyber Security Summit
By Ercument Buyuksumnulu (ISSA Turkey Chapter)
The 4th Annual Cyber Security Summit was organized by European Business Conferences Group (EBCG) and held in Prague on the 9th and 10th of April 2014.
The two-day conference targeted leaders in the information security field from various sectors. The main topic of the conference was “Combatting Cyber Threats and Protecting Your Business”. It focused on several different sub-topics and dealt with what is currently happening in cyber security and what can be done to overcome cyber security issues.
DAY ONE
The Opening Session was led by Mr. Peter Zinn who gave a fantastic presentation that discussed how to combat cyber threats, modern realities within the industry, and the problems that were arising due to weaknesses. Mr. Zinn noted the key factors for threats in the IT world and pointed out possible vulnerabilities to cyber attacks in the near future. He expressed that one of the most important solutions to the threat cyber attacks present is collaboration and communication within the industry.
The Keynote Presentation for the first day of the Summit was given by Marcus Klische from Blackberry and dealt with mobility in Information Technology as well as how to reshape IT security strategy within the mobile world. He pointed out important gaps and summarized the situation with the following: “The more uncertain we were, the more afraid we were likely to be.” Mr. Klische noted that the knot point of the problem was situated on the conflict between the CEO’s ideas versus the company’s mobile device strategy.
Sean Newman from Sourcefore gave information in his presentation about hacking techniques and the methodical attack process. He also discussed how hacking became an industry and how companies were likely to be targeted. He advised the use of the “Continuous Model for Security” against possible security compromise.
One of the most important sessions of the first day was led by Biju Hameed from Dubai Airports. His presentation was about the changing role of CISO with regard to cyber security. He posed a question to be answered by CISOs: were they still behaving as the head of technology delivery or were they going to be a business enabler within their company? He explained that there were three important “C’s” required for security intelligence: collaboration, correlation, and communication.
The afternoon sessions during the first day were separated into three simultaneous streams: National Security and the Governments in Cyber Warfare, Cyber Security in the Financial Sector, and Energy and Utilities as Targets of Cyber Attacks.
Josef Sedivy from CSOB opened the Cyber Security in the Financial Sector stream by discussing cyber risk management and strategies as well as how to combat black swans within the cyber risk area.
The stand-out presentation was given by Joerg Weber from Barclays Bank and dealt with DDOS mitigation strategies. He explained DDOS attack methods in detail as well as how to recover from DDOS attacks from both a company and ISP perspective. He also discussed cloud-based mitigation alternatives.
The panel discussion of this stream was quite rewarding in terms of both the questions asked by the attendees and the issues discussed by the panel. The main topics of discussion revolved around how to overcome problems in order to continue business without any interruptions while managing cyber risks and also how to be more proactive in dealing with cyber attacks.
DAY TWO
The second day of the Summit opened with a Keynote Presentation by Jim Jagger from General Dynamics. This was an excellent discussion from a well-respected IT industry expert and related to the lessons that he learned from several large-scale security breaches. He emphasized the capabilities of forensics providers, how they must be checked, and how these providers were affected during breaches. He was able to offer solutions in case of breaches and gave examples on breaking points such as oversights during forensic investigations. Mr. Jagger discussed the critical points of robust network monitoring and information sharing. He also noted the importance of building company incident response teams and being more proactive in order to prevent and detect breaches.
The first presentation was given by Mustafa Komut from Vodafone and dealt with how to ensure business continuity while fighting cyber crime. He explained Telco and cyber security issues as well as business continuity management. Mr. Komut also gave information about Vodafone’s cyber security risk management and discussed how this issue was treated as a part of their business continuity management process. The presentation was concluded with the discussion of success criteria and corporate risk distribution.
Ahmed M. Neil from OWAPS gave a presentation about digital forensics. He began by giving statistics on cyber crime and continued with a detailed explanation about performing digital forensics. He classified different digital forensics tools and gave several examples and case studies.
Donia Cosovan from Bitdefender presented on the financial impacts of Ransomware botnet. She summarized the Ransomware structure and spoke about the fake templates that were used. She also provided statistics regarding the financial impacts of the Ransomware around the world. Ms. Cosovan concluded by explaining the structure of CryptoLocker and the way it infected software.
One of the most important sessions of the second day was held by Coen Bongers from Philips. This session dealt with situational awareness in real time enterprise. He discussed how to ensure secure and reliable IT operations in real time and gave examples on the changed threat landscape.
The Summit concluded on the second day with moderated roundtables separated by industry: Government, Utilities and Energy, and Transportation and Telecom sectors. As a part of the Government Utilities and Energy Sector roundtable, the main topics discussed were protective measures and strategies regarding cyber security, awareness of the people regarding cyber security, and the type of investments against cyber crime in the private security sector.
SUMMARY
The 4th Annual Cyber Security Summit was very successful in terms of content, engaging speakers, beneficial presentations, and as an organization. Dynamic speakers like Peter Zinn and Jim Jagger drew the attention of attendees with the invaluable content of their presentations and their intriguing delivery. Most of the presentations provided information on specific cases that dealt with combating cyber security attacks that were directly applicable to the attendees of the Summit.
Beyond just the content and presentations, the Summit also provided useful networking opportunities for security and industry professionals that enabled them to share information as well as discuss current topics.
As a whole, the Summit was very informational and I believe all of the attendees benefited from it.
Personally, I believe that more people from different industries should attend future Cyber Security Summits. Thanks to EBCG for this precious conference.