Paranoia 2019. Photo: Mark Stegelmann

Cooperation the watchword of PARANOIA 2019

Preventing and managing cyberthreats is important to industry as well as to the public sector. Paranoia, the Nordic cybersecurity conference, was held 21-22 May 2019. For those who couldn’t attend, please read on. Combitech’s own Tina Lindgren and Jonas Stewén share their reflections.

“My feeling is, as in previous years, that there is a great deal of knowledge within Cyber Security. Many great tools, methods, and knowledgeable experts – but there are also clever hackers who are motivated by totally different purposes,” says Tina Lindgren, doctor of information security and a Cyber Security consultant at Combitech. “A number of speakers mentioned that hacking has become a 9-to-5 job, with their own helpdesks and such. The question then becomes: How should we on the ‘good side’ meet this threat?”

Earlier there was a lot of talk about developing legislation to prevent certain incidents,” reflects Jonas Stewén, Marketing Manager for Cybersecurity at Combitech. “And that’s just fine as a beginning, but many of the regulations we need already exist – what is lacking is follow-up. I agree with the Prime Minister of Norway, Erna Solberg, who said in her keynote talk that ‘we don’t need new regulations, instead we need to use the regulations and standards we already have.’”

Cooperation as the common theme

Michael Daniels, a speaker from Cyber Threat Alliance (CTA) and a former adviser to President Obama, emphasized the importance of sharing our “threat intelligence” in order to improve the basis for making security assessments.

“It’s clear that hackers share information with each other about vulnerabilities and malware,” says Lindgren. “To face this, all of us on the receiving end of these threats need to share information about how organizations protect themselves, and how to focus our protective elements.”

“Of course there are challenges involved with this; for example, organizations don’t normally want to talk about the times their protections failed. But we all realize that 100 eyes or even 10 eyes will see more than a single pair. If you know the full extent of the risks, you can do more to reduce them. It’s important for us to find ways to share relevant threat information.”

Another point of discussion was whom we can actually trust. Olav Lysne, Professor and Head of the Centre for Digital Engineering, put it this way: “Can we verify that we can trust equipment from a supplier we don’t trust?”  The quick answer is that we have no method available that verifies this completely. According to Lysne, all methods now rely on the principle that users and suppliers work together to counter threats from third parties.

Phishing continues to create disturbances

Diana Kelly, Cybersecurity Field CTO at Microsoft, presented trends from the most recent Security Intelligence Report from Microsoft. It’s possible to see, for example, that ransomeware attacks, in which the attacker encrypts your information but will only unlock it after the payment of a ransom, have decreased. Cryptomining, where the attacker uses your processing power without your knowledge to earn cryptocurrency, has increased. There has also been an increase in supply chain attacks. Phishing, in which the attacker uses social engineering to get people to reveal sensitive information, continues to be a serious problem. 

“It’s not so surprising that phishing is still the largest pathway for attackers gaining access to an organization’s information and systems,” comments Stewén. “There are figures showing that about 20 percent of users will click on a link in an email within five minutes. Furthermore, 3-4 percent will click on anything, regardless of how much training they have. So you can’t rely on user training alone, nor on technology alone – the solution is to do this in combination. There will be incidents regardless, and it is essential to be prepared when they occur.”  

“I thought it was interesting when Kelly explained that Microsoft had improved their protection against malware after they realized that they weren’t at the top of their game,” adds Lindgren. “By sharing which steps they had taken, they helped spread important information about today’s threat level, which can help others. It’s a good example of how we can cooperate on dealing with threats.”

Kelly wound up her presentation by sharing a short checklist of recommendations for protection against security incidents:

  • Basic security is critical – the fundamentals have to be in place.
  • Have a good control of authorization levels.
  • Make sure there are backups.
  • Be aware and active regarding Cyber Security.

What are we taking with us moving forward?

A recurrent theme of the conference was how important cooperation and exchange of information are, if we want to grapple with the increased threat levels. Combitech works actively to disseminate information about threats and risks, and how we can reduce them.

“Don’t make it more complicated than it needs to be, and make sure you start cooperating within your own industry – and beyond,” suggests Stewén. “We’re all in the same boat, with systems that are already connected in ecosystems, to different degrees. We need to help each other protect ourselves from threats to our businesses and organizations. Finally, it was really terrific that so many dialogues started with colleagues in the security industry, aiming to learn things and develop future cooperation.”

“In summary, there were many exciting presentations that provided new insights and fresh ideas to work on further,” concludes Lindgren. “There were also many interesting participants who contributed to lively discussions. As a source of business intelligence within Cyber Security, Paranoia is a great annual event that I truly recommend.”