Insights into the SCS program around “The Human Factor”

Prepare for an amazing keynote at our anniversary Swiss Cyber Storm conference on October 24! We are very happy to announce that Eva Galperin, a renowned advocate for privacy rights and a leading voice in the battle against big tech, will be starting our conference. As Director of Cybersecurity at the Electronic Frontier Foundation, Eva brings years of experience defending our privacy and an intriguing focus on fighting stalkerware. Her talk offers a fresh perspective on the security industry and what’s at stake these days.

In the end, it’s all about humans. It’s humans that create computer systems, it’s humans that use computer systems and it’s humans that instruct AI to abuse computer systems (if they are too lazy to do it themselves). Whatever the hard problem in cybersecurity, it’s always the human factor that makes it such a challenge.

That’s why we chose “The Human Factor” as our 2023 Swiss Cyber Storm motto. You can expect a rich interpretation of this focus theme with talks looking at humans and computer interaction from very different angles.

Christina Lekati explains time consuming spear phishing campaigns against high profile victims – and how this may become a commonplace when AI takes over the grooming period. She shares insight into virtual personae that took months if not a full year to build rapport with individual board members of large enterprises. And she will also tell us what she recommends these targeted individuals.

Edzo Botjes has used Nassim Taleb’s concept of anti-fragility and applied it to cloud architecture: How can we design systems, that become stronger when attacked? His PhD is almost finished now and we’re one of the first conferences, where he speaks about his findings.

A regular at Swiss Cyber Storm is Stefan Lüders, the CISO of CERN. A pragmatic user of all new technology, he is facing an over-complex architecture that threatens to overwhelm the capabilities of his operation. While many companies do not admit that they are no longer on top of things, Stefan has the guts to point the finger where it hurts.

Two years after our “Securing the Supply Chain” focus, Swiss company Xplain illustrates the fact that there are untrustworthy suppliers of closed-source code systems. Tim Blazytko is an expert in reverse engineering and malware analysis. He gives us an insight into the options you have to analyze a black box and to learn if it might contain malware.

Another technical talk comes from Joe Slowik. Joe is a very well known incident responder and threat hunter. He joins us to explain how attribution is getting harder and harder since attackers, namely APT, no longer have a unique signature. The techniques, the exploits, the tool set, the methodology, everything is converging and a growing number of attackers no longer download any code at all, they use locally installed tools for most of their work. This results in a situation where defenders no longer know whom they are really facing.

Mauro Verderosa returns the focus to the human factor. He is not only the key figure in the Geneva “Swiss-CyberSecurity” community, but also a hard boiled expert for authentication processes. We need authentication and we still need passwords. Multi-factor is uses as a remedy but even if you leave text messages behind, there are various pitfalls when deploying these schemes. Join Mauro for a deep insight and advice how to improve your setup.

A similar angle is used by Christine Bejerasco from Finnish WithSecure: How can we design secure systems with the user in mind? Admittedly, we can continue to blame all insecurity on the user, but that’s a poor execution of our job. Good security architecture means to take the users and the psychology into account and design systems, so that users will use them in a secure way: secure by default.

And, finally, Jospeh Da Silva: Joe who wrote his PhD about the roles and perceptions of CISOs in various enterprises. It’s obvious that a CISO can be a teacher and at the same time an enforcer of security policies. The “no way” CISO is a familiar figure after all. But did you ever think of the CISO as a messenger from a magic world the C-Level suite can not grasp? That he can be a soothsayer sharing prophecies of daemons and all sorts of evil that tries to break into the enterprise? Who has the authority to dispel the message and whom they’re going to blame if the daemons do indeed penetrate the enterprise? Joining Joe’s closing keynote with be a highlight of the day.

Please find the program with more details (and a few empty slots we are currently filling) here.

Tickets for the conference can be purchased here:

Christian Folini, Program Chair

P.S. We previously announced a talk by Myriam Dunn-Cavelty. Unfortunately, she had to cancel her participation because of an official engagement.