When it comes to a specialist conference, it is not only the lecturers' quality that matters but it is also important to exchange experiences with other participants who are in similar positions and deal with similar issues. IT-Defense offers a clear framework to discuss security issues and topics with other participating security experts.
Participants can discuss their own problems and other profound issues in small groups. For this purpose, IT-Defense lecturers serve as moderators; however, it is also possible to form individual groups on specific subjects.
Simultaneous round-table discussions will be available on Friday, February 7, 2020.
Risk perception and cyber resilience – How we perceive risks and which ones actually exist – Volker Kozok
Current threats and risks as well as the reaction of the media and politics are presented in an introductory presentation. Moreover, different cyber initiatives on digitization and on improving cyber resilience are critically examined.
The subsequent round table discusses the following questions:
- Have risks actually increased or have they only become more modern?
- Is there really something like cyber resilience?
- How can a layman distinguish actual risks from perceived risks and how can he evaluate the criticality?
- Asking a politician, a CISO and a police officer about the biggest risks – what will they reply?
- The data is available, we just cannot see it. Can cyber intelligence tools really help us, or do we only impress the management with their dashboards?
- Industry 4.0, Management 3.0, Education 2.0 and Security 1.0 – where do we stand?
- Can cyber security not also be a motor instead of only being perceived as a brake?
Incident Response plan to cover social engineering attacks - Jayson E. Street
Incident response programs are generally geared toward and adequate for network attacks, however most programs do not have a sufficient plan for responding to and recovering from social engineering (SE) attacks. Employees know who to contact if they get a virus, but not who to contact or what to do if they receive a suspicious phone call or if someone "piggybacks" them into the building. These attacks require special care, situational awareness, and a strong yet empathetic understanding of human nature. A solid set of procedures and knowledgeable staff are the foundation for proper response. Having these in place prior to an attack is key to ensuring first responders know what to do when something suspicious happens, such as how to avoid dangerous confrontations, de-escalation of encounters with possible intruders, or preventing further intrusions. This round table will highlight the principles of preparing for and ensuring detection measures are implemented to discover and report social engineering attacks, as well as what an incident responder should do.
Incident Response & What We Can Learn from Fire and Rescue Service - Stephan Gerling
In his talk, Stephan Gerling will address the similarities between rescue services and emergency/crisis management. Moreover, he explains what should make an incident commander tick, what prerequisites are required, how the training of rescue workers looks like and what we can learn from them.
We will realize that incident response and rescue services have a lot in common and, based on examples, we will learn that an emergency does not end in chaos with the right training and preparations. This brings many parallels to light, and still today, unfortunately, companies do not implement many factors, or they consider them to be unnecessary and/or a cost factor. It is, however, the preliminary work that is so important for later being able to work through the emergency in a coordinated way instead of wasting the little time available with things that could have been organized in advance. The presentation is filled with examples from typical operations of a firefighter who has many years of experience.
Bypassing Locked Screens with Voice Assistants - Yuval Ron
Voice assistants like Siri, Cortana, and Alexa are becoming an integral part of many computing platforms, including general-purpose computers as well as smartphones. Their usage pattern is such that encourages their use even when the device is in “locked screen” mode. We show how the introduction into voice assistant capabilities over “locked screen” dramatically influences the security of such devices.
In the round-table session we give more context and details about the full scope of our two-years research:
- An in-depth analysis of the numerous security vulnerabilities we have discovered (including new attacks and demos not mentioned in our talk).
- How to improve the architecture of voice assistants to be more secure on lock-screens?
- "Behind the scenes" discussion on our vulnerability research methodology and the responsible disclosure process.
- The participants will have the opportunity to ask questions and share their insights and ideas.
As apps access more and more of our personal data, providing efficiency and convenience, it exposes the user to greater potential risks. While there are techniques to analyze apps from a security perspective when they are already deployed, proactive security scanning during the app development phase can identify and rectify issues in real time. Reactive security measures have not always served and protected the end-user well, as they already may be affected when an issue is discovered. Using source code scanners that directly integrate with Integrated Development Environments (IDEs) for mobile app development can identify security issues while the code is being written and updated. In addition to making mobile software more secure, it also provides security training and awareness to the app developer, so that the mistakes become less prevalent going forward. Proactively scanning source code during development can be paired with additional analysis techniques to provide an iterative secure lifecycle for mobile software.
Pentesting physical security for red and blue teams. A report from the field – Barry & Han
Companies involved in critical infrastructure are aware there is more to pentesting then just the network. Physical security comes more and more in play. At this round table we will share our red team experiences attacking the physical security layers of a critical infrastructure company. We will also discuss what the blue team can do to delay and detect such attacks. If time permits we will go through some examples of high security locks from our extensive lock database of over three thousand different locks.