Security is an enormous topic that cannot, of course, be covered in a single day. But at the X-change of 29 March 2017, we brought together experts to discuss some specific areas of security: endpoint protection, data protection and managed security services. We also welcomed presenters from CFE and BNP Paribas Fortis, who shared ‘real-life’ experiences.
Beltug members can see presentations from the X-change here (after login):
First up was Geert Van de Wielle, Chief Information Security Officer with Belgian industrial group CFE, who spoke on ‘Information security in a complex environment’. CFE uses framework contracts to help different companies in the group. The challenge for the CFO is how to evolve from a cyber- or IT-security approach to an information security focus.
Information security depends on everyone, and CFE has created a brochure to raise awareness amongst its workforce. Geert explained how the company’s security policy was pragmatically split into smaller pieces, which can be brought together afterwards. He also highlighted the importance of standardised tools, and why it is important to involve the business in information security management. Finally, he covered the need for ‘user-friendly’ security.
Bart Van den Branden from Telenet then presented on endpoint security innovation, explaining that companies must adopt a new approach to securing endpoints to protect themselves against modern cyberattacks. He outlined seven types of techniques, along with the advantages and disadvantages of each:
The trick, he said, is to use a combination of techniques. He also described how artificial intelligence can play a role in static analysis, with the software itself understanding how to detect good versus bad files, by learning from known threats.
Peter Beerten, Business Developer Managed Services for SecureLink, explained why so many companies fail at cybersecurity, and how managed services can provide a better return on investment. Companies tend to spend their budget on prevention, which doesn’t leave much resources for detection and response. On average, hackers spend 200 days in a system before being discovered, and in many cases, the security problems are detected by external parties. Detection and response are thus a problem for a lot of companies, and security incidents often are only seen when there is an operational consequence. Peter presented two eye-opening real cases of customer experiences.
Fabrice Wynants, Business Developer Managed Services, Verizon, presented the" Highlights from the Verizon Data Breach Investigations Report (DBIR)". The report uses data from over 100,000 incidents provided by 67 contributors around the world to help organisations gain key insights about what’s really happening in cybersecurity. This helps build an understanding of how breaches occur, the most likely attack types for your industry, and what techniques you can adopt to reduce the risk. As Fabrice explained, even with the strongest defences, you can't bank on not being breached. He also highlighted that fewer than 10% of breaches are discovered internally. But you can deter criminals, with the right, and often basic, security measures. The biggest danger: lack of knowledge.
Wim Bartsoen, Head of Cyber Defence, Awareness and Data Privacy, BNP Paribas, rounded out the afternoon with another real-life case. He first grabbed everyone’s attention with some shocking figures: in 2015, industry spent approximately $100 billion on cybersecurity, while criminals made approximately $500 billion. By 2020, the cybersecurity threat could create a worldwide opportunity cost of $3 trillion.
We could continue to indulge in FUD (Fear, Uncertainty and Doubt), but instead we need to ‘grow up’ and change our paradigm: from fruitlessly trying to avoid bad things to becoming ‘digitally resilient’. Wim presented some provocative cases of companies that were hacked, and how it happened. His main take-away for the day: we are all interdependent.
Access to more information about this topic and/or to download the paper is easy and fast, but exclusively for Beltug members (just login to get access).
Beltug gathers a lot of information. Here you find the advantages of Beltug membership
The Beltug Team
Click here to login