On April 27th, LSEC - cyber security hub - in collaboration with B-Hive - fintech hub - organized a first joint event focused on the ongoing innovative developments in the financial services domain impacting not only financial services, but also its supply chain and operational transactions such as cyber security and information security components.
An insightfull perspective by authentication expert Isabel group introduced us into some of the challenges, including authentication developments and helping understanding some of the complexities which resulted in the current RTS (regulatory technical standard) and SCA (Strong Customer Authentication) for TTP (trusted third parties). The PSD2 directive already exists since January 2016, and is currently being adopted by the European Member States, in particular their NCA (national competent authorities), usually the regulators. Next to the PSD2 directive that amongst other enables other companies to access account information for payment services, new developments such as API's are equally seeing their routes into market. The Glue and Oracle presented insightful views of the current developments towards Open API. The NBB (National Bank of Belgium), one of the co-authors of the RTS, keynoted the event with the core fundamental behind these developments and insights in some of the working that had led to its current state. He also indicated some future routes. Identity technology provider TrustBuilder and authentication providers Vasco and SDO presented their views on the role of existing and developing authentication technologies. During some of the panels, the operators such as Ingenico and Twiki reasoned on their current challenges and how they got there; Finally other security challenges were brought by BAE Systems, indicating that there is much more than authentication in securing these new developments.
For more information and documentation background, visit the event page.
Watch out for one of the latest outbreaks, it has made many high-profile victims in just a few hours. Over 57.000 were reported in just a few hours. The RansomWare Wanna Cry (WCry) is coming through spam, in which fake invoices, job offers and other lures are being sent out to random email addresses. Within the emails is a .zip file, and once clicked that initiates the WannaCry infection. But the most concerning aspect of WannaCry is its use of the worm-like EternalBlue exploit. "This is a weapon of mass destruction, a WMD of ransomware according to Crowdstrike's Vice President Adam Meyers. Once it gets into an unpatched PC it spreads like wildfire," he told Forbes. "It's going through financials, energy companies, healthcare. It's widespread."
Given the malware is scanning the entire internet for vulnerable machines, and as many as 150,000 were deemed open to the Windows vulnerability as of earlier this month, WannaCry ransomware explosion is only expected to get worse over the weekend.
Consider already visiting www.nomoreransom.org, an initiative by Europol EC3, McAfee, the Dutch High Tech Crime Unit and Kaspersky and increasingly supported by many across the globe, including LSEC. The website offers some free support against ransomware attacks. If you have been exposed and the platform has a cleansing solution (without having to pay the ransom), you can feely download the decrypt mechanisms. They are committed in updating their anti ransom libraries regularly.
LSEC is contributing to this year's WEBIT Festival Europe, joining respected speakers and attendees from around the globe from Google, DHL, McAfee, the European Commission and crossing the bridge between IT, education, healthcare, logistics, manufacturing, culture & arts. WIth TED-like talks, WEBIT is one of the most inspiring conferences around the globe, focusing on multiple attention points and raising things such as Artificial Intelligence, Quantum Computing, Social Web of Services, Social Enterprises, e-Educational programs, Industrial challenges and developments and security.
Learn more about WEBIT and its activities at : http://www.webit.bg/security.php
At the age of 67, our friend and cyber security inspiration Howard Schmidt peacefully passed away, last March 2nd in his home in Wisconsin after a long battle of cancer.
A computer crime expert, who advised two presidents and drafted cybersecurity safeguards for the US and the rest of the world, was one of the first recognizing the need to work together in the continuous battle for a safe and secure cyber space. He founded the inpiration for many to start sharing information between law enforcement, government and business. A practice being served throughout the globe.
Rest in Peace Howard, you will continue to be an inspiration for all of us working to ensure a better world, also in cyber. You were a wonderful, amicable person, always available for a talk and support. Condolences to the family from the whole of the ICT Security community in Belgium and beyond.
Or LinkedIn Obituary https://www.linkedin.com/in/schmidthoward/recent-activity/
Industrial environments, manufacturing and other automation driven systems have been part of our core expertise for over a decade. LSEC is working closely with its Core Members and Individual Members helping them to not only improve the security, but also to better understand the opportunities and challenges the fourth industrial revolution (referred to as Industrie 4.0) might bring. For this reason LSEC has joined the Industrial Internet Consortium, and is leading the efforts on bringing together available expertise on industrie40.vlaanderen and in the 3IF.be and Connected Factories projects. 3IF is promoting digital technologies in manufacturing environments, providing insights in the ICT developments allowing for breakthrough innovations and adapting to new business models and advanced customer demand. LSEC is on the edge of the digital transformation and provides insights into its impact on security; or reversely, indicating how the ICT security domain can embrace exciting new developments for the Factories of the Future.
More information on the white paper opportunities for ICT security industry in the evolving industrial automation space, with links and documentation can be found in of the 3IF.be website.
Join in for regular events and activities, such as inspiration workshops, security workshops and more.
May 5th, the European Parliament finally publsihed the GDPR (General Data Protection Regulation), which will take effect on May 25th, 2018. With more than 70% of European companies not even aware of this regulation, let alone be ready to comply to the regulation, LSEC and its Members and Partners started with a series of events and activities that will support the strategic definition, implementation of activities and exchanging expert advice that lead to compliance. During these events all different aspects will be investigated in depth. The major differentiator is that we will not only debate the legal implications, but will deep dive into its implementation best practices, building on top of existing processes and procedures (such as ISO 27k, PCI/DSS, Basel II, ....), using existing technologies (implementing the right rules on NGFW, NGIDS, SIEM, Data Leakage in End Protection, Encryption technologies, ....).
These seminars will be supported with various white papers, expert advisory and sessions minutes.
More information on the Data Protection Regulaton with links and documentation can be found on the Data Protection Section of the LSEC website. Registration to the events can be found there as well.
Join us today in getting ready for first major European Security regulation for enterprises.
The Infradata Security Summit 2016 was a fun gathering of security experts and Infradata partners and customers. LSEC's Ulrich Seldeslachts provided attendees a perspective on the Data Protection regulation, some of the challenges for enterprise market.
Attendees, about 2/3 indicated their concerns in privacy, but zero attendees had either investigated the GDPR, or its impact for their organization. Ulrich Seldeslachts from LSEC tried to give an insight in the regulatory changes, following the current challenges and putting them into a business perspective indicating to security professionals what impact they might cause.
Other interesting contributions from NSS-labs, participating and joing directly from the US, providing insights on their market analysis methodologies for enterprise security products such as next generation firewalls and next generation ids.
More information on the event can be found on the Infradata website. Presentations can be found there as well.
ENISA is conducting a study focused on the understanding of the market outreach of Network and Information Security Products and Services in the context of the Digital Single Market. The aim is to improve the market growth for NIS Products and Services produced by EU companies, by leveraging the opportunities and tools offered by the DSM.
To validate the findings and recommendations of the study, ENISA organized a work meeting with a selected group of industry representatives. LSEC was present at the meeting, providing input based upon its own research, innovation support activities and recommendations towards policy makers from the IPACSO and FIRE projects, and representing the EU Cyber Security community and LSEC Members.
The purpose of this working meeting was to discuss around the current usage and limitations of NIS Products and Services, as well as emerging threats and trends in different market sectors. The objective is to propose recommendations to improve the market growth for NIS Products and Services produced by EU companies, by leveraging the opportunities offered by the Digital Single Market.
The meeting took take place in Brussels, on the 12th of October and was hosted by the European Commission. LSEC will continue to participate in these activities, provide relevant inputs supporting the EU Cyber Security sector, and publish the final recommendations and follow up actions from the European Commission.
With approximately 250 participants, after 150 speed dates in three rounds, 40 pitches in breakout sessions, in total 18 presentations, panel discussions and a main speech, Seaside Matchmaking Cybersecurity 2016 (SMMCS2016) ended on the 14th of October in Zuiderstrandtheater The Hague.
By speed dating, idea pitching, matchmaking, best practice discovering, supply and demand connecting during SMMCS2016 foundations under future cooperation in cybersecurity research and (higher) education were made.
RVO and NWO-dcypher announced new funding rounds for long term and short term research and innovation projects. For a full impression of the event, more information about the Dutch Cyber Security Research and Innovation Agenda and funding mechanisms, visit the dcypher website