Swiss Cyber Security Days (SCSD)

The Swiss Cyber Security Days (SCSD) took place on March 10 and 11, 2021

The largest event in Switzerland entirely dedicated to cyber security took place on March 10 and 11, in a 100% digital form.

Despite the health measures related to the coronavirus pandemic, the third edition of the Swiss Cyber Security Days was maintained. Indeed, cyber threats do not know any break.

One of the conferences I was able to attend, presented by Marc K. Peter from Dreamlab Technologies, showed us the paradigm shifts that working from home could bring. Indeed, the last twelve months have dramatically changed the way we communicate and work. However, the massive use of teleworking exposes companies to increased risks, and small and medium-sized enterprises (SME) are particularly targeted. A quarter of Swiss SME have already been subject to a cyber attack and more than a third have suffered financial or reputational consequences. It is therefore important to protect oneself. One of the best practices to implement is the awareness of people, the human being remaining the weakest link in the chain in terms of cybersecurity (the global success rate of phishing attacks is estimated to be around 3.4%…).

In 2025, a projection shows that 85% of successful attacks will exploit user configuration and errors.

These are things that the events we are currently facing show us, and which should help us to cope more effectively…

Another conference, presented here by Recorded Future Ltd. showed us the importance and the choice of a good password...which sounds quite obvious but is still not always the case. If there are nowadays turnkey software to help break passwords via brute force, it is however possible to drastically mitigate the risks.

This can be done by making users aware of the need to adopt good practices and reflexes when creating/using passwords, by using a password manager, by using multi-factor authentication as soon as possible, but also by adopting good security hygiene for the Information System (IS) such as establishing firewall rules instead of letting all traffic through, by storing passwords in a hashed format and by reducing the exposed surface of the IS.

And hence the importance of security awareness, again and again…

One topic which got discussed quite a lot, presented by Deniz Mutlu from Hacknowledge SA, was also if it is useful to use several SIEMs in an enterprise to have a better visibility of the state of the threat? This is an avenue that some companies are exploring today, to try to take advantage of the complementarity of these monitoring tools, in order to respond in an agile way to the state of the threat. A subject that probably deserves deeper reflection, depending on the context of the organization…

Presentation by Laurent Deheyer from Eyrapproach of the ISO27701 standard for personal data protection was also a pretty interesting and useful session. This international standard describes the governance and security measures to be implemented for personal data processing, extending two well-known IT security standards: ISO27001, which certifies an IT security management system, and ISO27002, which details the best practices for implementing the necessary security measures.

This standard responds to the problematic of numerous texts on data protection, including the GDPR and the FADP in particular, allowing organizations that adopt it to increase their maturity and demonstrate an active approach to personal data protection. It is probably a good approach to have a look to these standard while facing topics such as GDPR. On our end for instance, we clearly see that having ISO27001 in place makes the adoption of the new FADP version much easier.

Another presentation, done by David Gugelmann from Exeon Analytics AG, was the use of AI to detect cyber threats very early in the process. Early enough, in fact, to not expose themselves more than necessary or fear a large-scale attack to bring the organization to its knees or extort.

These new tools are based on the analysis of all the events that occur on an IS and which, thanks to machine learning techniques (supervised or not) will give indications of compromise.

It is shown that the use of such New Generation tools could have shown the attacks that SolarWinds and Cobalt Strike for example had to face long before causing so much damage…

How to react to an incident? What response(s) to bring? These questions were discussed on the last session followed, presented by Wandrille Krafft from Lexfo. A good practice to implement is to isolate the evidence without trampling too much on the crime scene.

Then, depending on the level of discretion you wish to adopt (whether the attacker knows he is detected or not), various actions are possible.

Among them, avoiding shutting down the machines completely (because of memory-logged attacks), isolating the infected emails from the network and exporting the evidence for analysis are good practices.

As a conclusion as would say it is definitively really interesting to follow which gives a great opportunity to exchange around a wide range of subjects. I’m already looking forward for the next one…hopefully onsite 😉