- May 16, 2022
- Tech
- Data
- Cloud
- Luxembourg
- Security
- Startup
- Development
- Digital
European Security Forum: Data Security and the New Era of Zero Trust
“Data security: everyone’s business” and “The new era of Zero Trust” was the topics of the morning session of ICT Spring’s European Security Forum, which took place September 15th. Local and international speakers discussed the latest trends in the cybersecurity field.
Sheila Becker, Vice President, Women Cyber Force, and
Desirée Alegre, Secretary General, Women Cyber Force, were the masters
of ceremonies of the European Security Forum.
The first speaker, Pascal Steichen, CEO,
SECURITYMADEINLU, took the stage to welcome the participants, saying that
cybersecurity, which used to be “a cryptic topic” for many, has become the
“main topic of many companies, states and even individuals worldwide”. A trend
has only grown stronger with the pandemic.
Steichen was followed by François Thill,
Cybersecurity Director, Luxembourg Ministry of the Economy, who gave an
introduction talk about cybersecurity as a community and called for a
mutualization of security solutions at the European scale to lower costs: “We
need high quality and affordable cybersecurity solutions that can profit to all
companies, not only to the wealthy economy.” Regretting the lack of women in
the sector, Thill wants the cybersecurity to reach priority level on managers’
agenda to achieve a culture of cybersecurity governance.
It was then time to enter fully in the European Security
Forum’s programme with the first theme: “Data security: everyone’s business”.
“EU Security & Cybersecurity Union Strategy” was the title
of the presentation delivered by Despina Spanou (photo), Head of Cabinet for
European Commission Vice President Margaritis Schinas & Founding member of
Women4Cyber. “Cybersecurity Strategy is not something that stands alone
anymore, it is an integrated part of Security Strategy in the broad sense of
the term”, stated Spanou. Cybersecurity issues are no longer considered as
purely national issues by member states, which have understood that it must be
addressed at an international level. For instance, the creation of a Joint
Cyber Unit by June 2023 will help states facing threats at a European scale.
“We need something to counteract in case of attacks. We have a major skills
shortage in the area of cybersecurity and no state can do it by itself. We need
to pool resources to create a European force.”
After Despina Spanou, Alexander Hanff, Co-founder
& CEO, Think Privacy, brought “A message from the future…” for the
audience. His speech was above all the story of a disillusionment with what the
internet has become, from a utopian place of democratization, for sharing
knowledge, to an area of “commoditization, manipulation and surveillance” run
by psychographic profiling and algorithms.
If we live in an algorithmic world, “everything we do is
manipulated, choices we make are not actually choices.” That’s why Hanff pleads
for many years for not seeing privacy and cybersecurity as “an hurdle to
innovation and tech development”. At the opposite, privacy is essential to
innovation because without it, you don’t have autonomy, self-determination and
freedom of thoughts. “We can’t think outside the box, we can’t innovate, we
become static, stagnant.”
“Why Cybersecurity is everyone's business in an organization?”
was the question asked by André Meyer, Security Practice Lead
Luxembourg, Accenture, in a round table which brought together Barbara
Daroca, Head of Corporate Services, ING, Niccolo Polli (virtually),
CEO, HSBC Luxembourg, Nasir Zubairi, CEO, the LHoFT, Debora Plein,
Coordination BEE SECURE, Ministère de l’Éducation nationale, de l’Enfance et de
la Jeunesse (Luxembourg), and André Adelsbach, VP – Group Information
& Cyber Security, SES.
First observation, the threats are constantly evolving, as
pointed out by Niccolo Polli: from being hacked to get access to the bank’
system beyond its firewall, to social engineering to get access to the
passwords’ staff. Now with the Covid and the massive digitalization, cybercrime
is going after the customers themselves.
André Meyer followed: “We, humans, are the first line of
defence.” Cybersecurity goes above the core security functions, noticed André
Adelsbach. “It’s a team effort” and everyone around agreed on that. So, you
need “training and awareness”, Barbara Daroca added. Because there’s a balance
to find between usability and security, a middle ground between neglect and
extreme paranoia, according to all participants.
Another share of concern is the lack of talents in the
cybersecurity field. For Nasir Zubairi, “we need to build a framework where
banks can access high quality of cybersecurity prevention and it is going to be
external.”
Frédéric Becker, Project Manager, Luxembourg Ministry
of the Economy, then, took the stage for a “Luxembourg Trade & Investment
Offices session: connecting with startuppers worldwide”, with Adi Hod,
CEO, Velotix, Chad Duffy, Director of Cloud Engineering and Global
Marketing, CyCraft, and Steven Hsu, Product Marketing Director, TXOne
Networks.
“Luxembourg Trade & Investment Offices are spread all
over the world with two main goals: helping Luxembourg entrepreneurs abroad and
connecting foreign entrepreneurs with the Grand Duchy”, said Frédéric Becker.
He then introduced three start-ups.
Live from Taipei, Steven Hsu, Product Marketing Director,
presented TXOne Networks which is a company offering cybersecurity solutions to
protect industrial control systems to ensure their reliability and safety from
cyberattacks.
Live from Taipei too, Chad Duffy, Director of Cloud
Engineering and Global Marketing, made a pitch about CyCraft, an AI company
that forges cybersecurity resilience through autonomous systems and human-AI
collaboration.
“New frontiers in data privacy” was the name of the next
presentation given by David Dab, National Technology Officer for Belgium
and Luxembourg, Microsoft.
First of all, “data is a strategic asset holding huge value
and must be protected”, said Dab. Some people use the oil metaphor. The mental model we have in mind for data
protection is the fortress, with walls, controls and guards. But
“unfortunately, locking data is suboptimal. Because the value of data is in its
usage.” That brings to a challenge: protecting data while being able to use it.
In order to do that, you need a risk-based approach, a
richer vocabulary to discuss objectives and risks and to consider multiple
boundaries models. “There is a tension between different objectives in data
protection: availability, security, compliance and confidentiality”, Dab
stated. For confidentiality, a new boundary model has emerged: confidential
computing, which closes the encryption triptych (Data at rest, Data in transit,
Data in use).
“The new era of Zero Trust” was the topic of the second
session of the European Security Forum, which started with Christophe
Ruppert, Business Continuity Management - Practice Lead, EBRC, and José
F. Correia, Chief Administration Officer, CISO, Business Continuity
Manager, i-Hub.
They highlighted the way EBRC, a European reliance centre in
the management and protection of sensitive information, and I-Hub, the first centralized KYC
repository for ongoing due diligence in Europe, collaborated and how to step
out of the Zero Trust Zone. They set a cyber-resilient framework based on standards,
especially ISO 22301, the latest standard in place for business continuity
management. EBRC has been assisting several organisations in implementing
Business Continuity Plans, up to the ISO 22301 certification for some of these.
“ISO22301 tends to position a Risk based approach perspective in identifying
the major threats you want to protect from”, Ruppert explained. In order to do
so, you have to be aware of the other pillars which support your company: IT
service management, Quality management, Information security management, Supply
Chain management.
Pascal Rogiest, Chief European Institutions Officer,
RHEA Group, and Managing Director of RHEA System Luxembourg S.A., then gave an
overview of “The Critical Role of Cybersecurity in Space Applications &
Programmes”.
Rogiest first noticed that there is “strong convergence
between the space sector and the cybersecurity sector”. As the space field
becoming more and more attractive and valuable, the threats are coming
out. The structure of the sector has also
increased its weaknesses: from big infrastructures and big investments to an
end-to-end approach where IT is the key. Threats are address to a lot of
components of the space system, specially to the communication links.
Tomas Martinkenas, Director of Privacy and Security,
Vinted, then joined virtually from Lithuania the forum virtually for a CISO
Talk.
To manage and secure the data of its users, Vinted cares
that its infrastructure is secure and efficient and makes sure to be at the
forefront of innovation. “We tried to educate our teams and our members to see
privacy and security as human rights”, stated Martinkenas. Even there is a
global shortage of talents in the cybersecurity field, Vinted is able to
attract the top talents in Europe because of the mission and the culture of
Vinted and the technical challenges. Inside the company, Vinted integrates
privacy and security awareness as a part of its personal employee’s
development. The company also relies on machine learning and AI to treat
millions of operations per day, a scale that humans cannot follow.
The morning session ended with Stefan Umit Uygur, CEO, 4securitas, who pitched about his business model. 4Securitas is an innovative cyber security firm founded in 2017 focused on protecting critical data at the core of every organisation. The company develops and commercialises ACSIA (Automated Cyber Security Intelligence Application) software, based on Open Source technology and affordable to large and SME companies alike. ACSIA is of particular interest to companies in heavily regulated industries such as banking, FinTech, utility and energy sectors as well as government bodies. “The current technology tends to focus on the reactive aspects of a cyberattack when it’s too late to intervene. With 4Securitas, we focus as well on proactive cyberdefence based on information gathering and reconnaissance.”
Article by Nicolas Klein, photo Dominique Gaul
Read more about the European Security Forum:
AI Threats & Opportunities and Post Quantum Cryptography