21.07.2022 IT IT Luxembourg Tech

Cyberattacks: the next generation

On June 30th and July 1st, at LuxExpo, a new edition of the global tech conference ICT Spring Europe was held. The first morning inside the Data Room was dedicated to cybersecurity and comprised keynotes, roundtables to discuss topical issues and future trends in the IT sector.

96% of organisations have been targeted by an email-related phishing attempt in 2021. These impressive statistics highlight that cybercriminals are global and that no business is exempted from facing an attack. Local and international top-notch experts have shared some insights, challenges to consider, problems to address and solutions to implement during this session at the ICT Spring, led by Professor Gabriele Lenzini, Head of the IRiSC research group at SnT (Interdisciplinary Centre for Security, Reliability and Trust) as Master of Ceremony.


Cyberattacks scope: an overview
If many organisations face numerous cyberattacks, some industries are more sensitive to it than others. “95% of all successful cyber-attacks are caused by human error“. Nevertheless, as explained by Tomas Smalakys, CTO of Nord Security: “construction and manufacturing are the businesses most vulnerable to cyberattacks, while legal and automotive are the least sensitive.” As part of those industries that are directly targeted by cybercriminals, the computer game industry and e-sports are particularly suitable targets. Indeed, cybersecurity issues with games have become increasingly apparent as the Internet became more popular. Steve Clement, Cybersecurity Engineer at Security Made in Luxembourg; Lluis Mora, Chief Security Officer at Entain; and Elliott Ford-Jones, G-Core Labs Sales Director, discussed during a fascinating roundtable the scope of cybersecurity threats within the realm of gaming & gambling as it became a massive issue. Cybercriminals try to access games and game services through lists and devices that contain username and password combinations from the dark web. Cybercriminals use this method to take over accounts or spread viruses from fake programs to go to the end-user and steal money from legitimate game developers.


From Cyberattacks to cyberdefense
After going through some key numbers and industry insights, the discussions moved towards how to respond to cybersecurity incidents and implement defense mechanisms. Filip Nowak, Global Head of Cyber Defense at Ferrero, engaged in a passionate conversation with Dalia Khader, CISO at Swiss Life Global Solutions; Donia Elkateb, Security Architect at the European Investment Bank; Isaac Boccara, Regional Sales Director EMEA at SIGA and Alex Lancee, Chrome Enterprise Lead Benelux on Cyberdefense and incident response. They discussed the steps after an attack so critical forensic information can be retrieved and what type of communication and coordination plan to implement to ensure key players are informed. After any cyber-attack, information and communication are key. That is why Cédric Mauny, Head of Cybersecurity Services at Telindus, explained that it is critical to reconcile compliance requirements with the benefit of information sharing by sharing the interpretation of the data instead of the raw data or by using the created value within your defence mechanisms.


Cyberattacks: the next generation

After a short break, we moved on to the upcoming challenges for cybersecurity and the new type of cyberattacks we will face. By 2025, Gartner predicts more than 95% of new digital workloads will be deployed on cloud-native platforms, meaning that cloud environments are the new playground for cybercriminals. Yoann Klein, Senior Cyber Security Advisor at Huawei, confirmed that many companies are investing to make cloud environments more secure against cyberattacks. He explained that trustworthiness is a core element in providing customers with technical, future-proof and reliable cloud services. Huawei Cloud developed the Compliance 3CS, a high-level Cloud Service Cyber Security & Compliance Standard. Looking ahead, the Cloud Security Alliance (CSA) estimated in a recent study that by 2030 a quantum computer would be able to break present-day cybersecurity infrastructure. Dr Michèle Feltz, Information Security Expert at Luxembourg Digital Trust Department (ILNAS), delivered a fascinating presentation on how to anticipate data protection in the post-quantum era. She confirmed that companies should be aware today that large-scale quantum computers will seriously threaten current public-key cryptosystems. To mitigate future risks, it is paramount to keep up to date with standardisation activities and guidance documents and develop a mitigation strategy to be ready for the next-generation cryptography.


To close the morning session of this Data Room, Vince Lin, Marketing Director at WiSecure Technologies, came on stage following the presentation of Dr Michèle Feltz, confirming that cryptography-based data protection has been growing the past 20 years. Secure Technologies aims to develop cryptographic products providing security modules protecting customers’ digital assets despite quantum computing lurking ahead.

Credits: Dominique Gaul