Confidently safe at the 43rd Meet Swiss Infosec
The topic of data recovery was one of the central themes of the 43rd Meet Swiss Infosec! on June 26, 2023, which was held under the motto "Sovereignly Secure". Despite the summer heat, the large audience in the hall of the Radisson Blu Hotel in Zurich Airport kept a cool head and was informed and inspired about trends and developments, for example in the field of IT security. The topic of deepfakes and the unaristotelic keynote speech by Prof. Dr. Edy Portmann from the University of Fribourg were the secret highlights of the event, which provided plenty to talk about at the concluding aperitif.
When it comes to continuing education on topics such as information security, data protection and IT security, there's probably no getting around Swiss Infosec AG. The company, founded in 1989 and headquartered in Sursee, is one of Switzerland's leading independent consulting and training companies in these areas. In its "Meet Swiss Infosec!" series of events, the company regularly brings up current topics. For example, the motto of the 43rd edition on June 26, 2023, was "Sovereignly Secure" and summed up the desired approach to security: it should be mastered, prudent and deliberate. However, mastering security is constantly being made more difficult or challenged by new requirements and framework conditions, as host Reto Zbinden, CEO of Swiss Infosec AG, knows. Using the new Data Protection Act (nDSG) as an example, he shows which steps are absolutely necessary for successful implementation of the law.
New data protection law, old pending issues
This implementation is currently a major concern for the data protection team at Swiss Infosec AG. "It is striking that basic documents such as data protection concepts and instructions are often missing or outdated," says Reto Zbinden. However, the development and regular review of these documents is essential for responsible data protection in accordance with the law. At the same time, he recommends focusing on the issue of personnel data protection. Online recruiting, for example, and digitalization in the HR sector in general are major challenges in this area.
Ransomware and recovery
The increasingly frequent ransomware attacks are leaving their mark. Not surprisingly, the topic of recovery (restoring data after an attack) was prominently mentioned by several speakers. For Marco Fernandez (Veeam), a secure backup is the last line of defense in a multi-layered security defense against cyberattacks. To even think about recovery, organizations must first know what (sensitive) data they have stored where and who has access to it. This basic requirement was expressed unequivocally in the presentations by Nicolas Groh (Rubrik) and Christoph Linden (Cohesity). Georg Bommer (Data Governance Technologies Ltd) underlined the importance of intelligent data classification in his presentation.
Trends and developments in IT security
Organizations are constantly faced with new challenges when it comes to protecting themselves. Whether home office, infrastructure services in the cloud, cloud apps (M365), exposed services or IoT: Currently, it is decentralized IT assets in particular that are no longer able to cope with conventional network security approaches, for which IT security is looking for and finding solutions. Niklaus Manser (Swiss Infosec AG) used the example of perimeter security to explain the path to Secure Service Edge (SSE) and addressed the very important topic of "Identity & Access Management".
Take a deep breath: Deepfakes on the rise
Great cinema for the topic of deepfakes and great performance for the mediamatician Kai Yu (Swiss Infosec AG). In his video, which he created as part of his training as a mediamatrician as an individual project work, he showed interesting background information on deepfakes and how phishing via deepfakes works in real life. Deepfakes are digital fakes of faces, bodies, scenes, etc., created with artificial intelligence (AI). They are now so realistic that they can hardly be distinguished from the real person. Attackers are therefore increasingly using this method to obtain confidential information or provoke desired actions. For Kai Yu, it is clear "that deepfakes can be an elementary component for cyberattacks in the social engineering sector." This makes it all the more important to sensitize employees to this new form of phishing as well. Swiss Infosec AG is the first company in Switzerland to offer such phishing simulations via deepfakes.
An un-Aristotelian keynote at the end
"How is technology balanced with ethics and sustainability?" With this question, Prof. Dr. Edy Portmann started his keynote address entitled "unaristotelian". For him, there is no doubt that the two-valued, measurement-based Boolean Logic, which only knows right or wrong, 1 or 0, is not the answer to this question. Rather, for this and other challenges (keyword AI), a perception-based model such as fuzzy logic (fuzzy = blurred) is needed. Because as one of the proponents of this model, Lotfi Zadeh, said, "As complexity increases, precise statements lose meaning and meaningful statements lose precision." Needless to say, "perception" was then also at the center of Edy Portmann's highly exciting remarks under the title "Where psychology meets linguistics and engineering".
The next Meet Swiss Infosec! will take place on January 24, 2024. Further information: www.infosec.ch
