Two days. Two video links. Twenty-seven cybersecurity topics delivered by speakers all around the globe. One computer. This summarizes the QuBit Conference Prague 2020 which was (for the very first time) held online on 23rd and 24th of September.
QuBit Security was founded in 2014 in Slovakia. Its mission is to “create a community of knowledge and information sharing” while focusing on industry and connecting experts and professionals who deal with cybersecurity issues in practice. Besides the Prague event, QuBit stands behind other conferences which bring together industrial cybersecurity community, such as those in Bulgarian Sofia or Slovakian Tatry.
Originally prepared to happen in Prague, this seventh annual QuBit Conference was moved into virtual form shortly before the restrictions were renewed. Considering the fact that invited speakers were based all around the world, this decision seemed to be quite wise and gave organizers time to prepare to deliver a dignified event, which surely could not overcome the first hand and face-to-face experience yet tried very hard to compensate it at least. Even though the personal contact was lacking during the event, attendees could chat with each other in the chatting window right next to the ongoing presentations – and they did quite actively.
The contributions covered cybersecurity from different points of view and in various types of processes. Mostly delivered by people who deal with the cybersecurity directly and on daily basis, the main purposes of the event were to connect these experts and enlarge the community they belong to. As mentioned in the beginning, there were twenty-seven contributions in total. We have the pleasure of offering you short reports of five of them.
Cyber Security for Leaders in Today’s Digital World
- Boris Mutina, Senior Security Analyst, Virusfree.cz
“Bend it. Don’t be bent.”
The very first contribution of QuBit Conference focused on the never-ending debate of how to explain the cybersecurity measures to the ones who decide them – the leaders. In other words, how to communicate needed measures efficiently in order to get the support to implement them.
As Mr Mutina stated, private companies usually can have all the means and tools to be secure in cyberspace. Yet they are not. Security incidents happen, damages are done. The companies are not able to implement 100 per cent protection. (Even in the cyber sector is the security not more than a compromise of the amount measures we can afford and risk we are willing to take).
To increase the company’s security, a strategy is needed. Not only for cybersecurity but for every aspect that is somehow connected to it. And to do so, the communication must be tackled and brought to a higher level. Because after all data is collected and conclusions pre-viewed, cybersecurity managers still have to explain obtained information to the leaders to get their support. There will be no implemented measures without their support.
In the end, cybersecurity is a sphere that has to be understandable to everyone, because it touches everyone. Even in a company, where only a few have the privilege to make decisions.
Preparing for a Breach – the Cybercriminal Perspective
- Etay Maor, Chief Security Officer, Intsights
This contribution was dedicated to well-known issues to all who deal with cybersecurity – attacks. Yet it offered another point of view. Since Mr Maor’s interest in computers started with breaching them, he is able to look at cyber-attacks differently. As he puts it, to be able to secure something you first need to know how to attack it.
Mr Maor’s speech has touched three main questions:
- What do I know about adversary?
- What does the adversary know about me?
- What do I know about myself?
According to him it was the third question that is not asked enough. And if you do not know your structure, strengths, weaknesses etc., how can you secure yourself efficiently?
Supposedly, the contemporary way of dealing with cyberattacks does not focus on the right place either. Hackers tend to attack people, processes or technology. And even though it is the aspect of people who are being attacked in most cases, the biggest attention goes to the aspect of technology. So, to be secured efficiently, cybersecurity managers need to focus more on people within the system they try to secure. And with the ongoing pandemic of COVID-19 and people working from home, it is even more crucial than ever before. There is never going to be 100 per cent security, but knowing your gaps, analyzing them, understanding them and reducing the threats coming within them, is a good way to start with.
How Slovakia prepares for digital totalitarianism of the Chinese type
- Pavol Luptak, CEO, Nethemba
When speaking about digital totalitarianism, Slovakia probably does not come to our minds. Mr Luptak’s contribution aimed to show otherwise. According to his words, Slovakia (and Czechia in some cases as well) slowly builds blocks of measures that can, in the end, lead to the digital totality as we know it from China, such as the social credit system. This possible Slovak digital totality is supposed to be currently being built on these attributes:
- Internet Censorship. The Ministry of Finance is working on the list of websites which should be banned in Slovakia. On one hand, such restriction can be upheld easily. On the other hand, it is quite inefficient and as Mr Luptak pointed out, it is “super-easy” to bypass the censorship.
- Tracking financial transactions. People in Slovakia and the Czech Republic are quite familiar with this type of restriction, also called e-Kasa and EET. But according to Mr Luptak, the danger lies in the ability of the state to deanonymize collected data. Ss he explained, it should not be too hard to find out who is buying what and where.
- Monitoring and blocking financial flows. Meaning for example freezing and closing bank accounts so that you need to prove that your money is actually yours to the financial corporation.
- Banning anonymous SIM cards and payment cards.
- Location tracking of citizens without a court order. This attribute comes into the spotlight, especially during these pandemic times.
- Cash restrictions and crypto-unfriendly legislation.
“You are basically forced by law to use bank accounts.”
In the end, the presenter pointed out the data leakage of the COVID-19 patients which occurred earlier in 2020. With the presented attributes, he assumes that the question of Slovak digital totalitarianism is not “if” but “when”.
Why Cyber Risk Intelligence Matters
- Mike Goedeker, CEO & Founder, Hakdefnet International
Within the growing dependence of society on technology, there are growing cybersecurity risks needed to be considered. And these risks have to be evaluated through a multidimensional approach, which is usually ignored according to Mr Goedeker. Every risk is an outcome of the process of risk management regarding the particular IT-asset. On one hand, you need to know the risks and threats you face. On the other hand, too much information can lead to the point where you are not able to decide anymore because everything seems to be important and no piece can be ignored.
The cyber risk domain also plays a role in hybrid warfare. Cyber attacks and cyber special units are tools of hybrid warfare and their use can lead to a cyber proxy war, as Mr Goedeker presented. Special attention should be paid to attacks using the Internet of Things devices and attacks on critical infrastructure using the Internet of Things. According to Mr Goedecker, these devices could have already been hacked – we just did not figure it out yet.
The contribution also dealt with disruptive media effects, such as fake news and propaganda. This media effect is – even if we may not realize it – part of cyber hybrid warfare too. In the end, when all risks are known, scenarios completed and possible outcomes obvious, only one question remains. How can we survive when everything goes offline?
How to negotiate with hackers? Emoji, WhatsApp and a little bit of flattery
- Moty Cristal, CEO, NEST
To pay or not to pay: a simple question connected to the ransomware attacks which is often asked by the affected companies. And according to Mr Cristal, the question that is absolutely wrong. Since the demands of ransomware attackers increase, a negotiation process started to appear during these incidents. Negotiation maybe does not save the company from paying the ransom, yet it can lead to a significant discount from the original ransom. Even these types of payments slightly became a business decision.
As Mr Cristal pointed out, it is crucial to know what the motivation of your attacker was. Was it revenge, deception, or financial motive? The original motivation can be usually detected by language or message analysis. Since the original motivation will affect the negotiating process, it is fundamental to know what the attacker seeks to obtain.
Because hackers who seek only financial profit are most likely to give you the encryption key to the stolen data once the payment is done. In fact, 96 per cent do so, according to Mr Cristal. This makes hackers somehow trustworthy. But what if their goal is different? Ransomware attacks can be made in order to ruin the firm reputation. Probably nothing is as scary as public shaming caused by showing the stolen data. Another purpose can be the aim of selling the data to another entity. That’s why the negotiator is so needed when dialogue about the ransomware starts. Just as victims want their data back, hackers also want to achieve their goals, which makes the negotiation no different from regular business meetings where a win-win situation is required.