(ISC) ²The Security Congress brings together a world community of security professionals. The event offers over 175 training and thought management sessions and promotes collaboration with other advanced companies. The objective of the Cyber Security Conference is to provide for industry professionals and management information, tools and expertise to protect their organizations.
International Information Systems Security Certification is a non-profit organization specializing in the certification of security professionals.
Young people who are studying cyber security are an important part of ISC conferences. This will allow students to learn about the latest opportunities in the field and network with their future employers.
Studies show that over 90% of security breaches are caused by user error
Many people don´t think about the significance of their own actions until it is too late. And despite the security awareness, people make mistakes that lead to security breaches. Also, awareness does not eliminate external security threats.
The Internet of Things is bringing connectivity to new devices. Several speeches raised concerns about the connection of these devices to a company network which includes sensitive information. The new coffee maker in the company’s coffee room may be the weakest link in terms of security within your own network.
However, the practical implementation of security comes from the basics of proper settings, updates, and vulnerability management. The greatest risk, the user, must be instructed by good practices.
At the moment, there are still people behind important decisions, but in the future artificial intelligence is expected to get more power in making decisions about people.
Ethical issues closely monitor cyber security. Who can decide how cyber security algorithms work, who can restrict user freedom? How do we ensure that artificial intelligence does not learn to discriminate against anyone based on the data used as its teaching material? Problems are difficult to predict because, for example, even if the user is not directly provided the information about his gender can artificial intelligence find similarities from the data and draw conclusions from it. Currently, professionals in the field are not yet ready to give the power to artificial intelligence for make decisions about the people, but artificial intelligence is expected to work alongside the people.
Nowadays, criminals are increasingly focused on gaining financial benefits, which it is our common task to prevent. The panelists gave a good picture of the typical attack, phishing and utilizing information to execute the cyberattack. Standard operating procedures, like following ISO27001 significantly reduce the ability to carry out a cyberattack.
Collecting the data from mobile phone users with in-app settings contains each phone user. Prohibition of User Data Collection often prevents the program from being fully used, leaving the user with no choice but to choose another program. App stores contain millions of software, so automated security classification is only able to secure the software in some level. Therefore, the user is required to be very careful when choosing a secure program to find one.
Identity and Access Management
Intelligent systems such as facial recognition will be increasingly used in access control. Multiple authentication, which identifies the user multiple times before entering the system, is recommended for all types of organizations. The user can be authenticated for example using a pass and face recognition, as well as user IDs and passwords what are required for certain files/information. This ensures that unauthorized logins can no longer be done using co-workers logins, and access remains in the right hands within the organization.
Blockchains are on the rise in the form of smart contracts and supply chain transparency.
The European General Data Protection Regulation (GDPR) was considered by some of the speakers as a problematic anti-competitive solution, while others (typically European speakers) praised the respect of users’ rights. On the other hand, the situation was perceived as giving an advantage to large companies that operate mainly outside the GDPR area and gain access to user data more easily.
Edge computing is the answer to the short latency time what is needed to control industrial processes and machines. The optimization of computing will also utilize more and more artificial intelligence all the time. Artificial intelligence is able to learn, for example, data volume variations and user movements. This can help servers be prepared by sharing the computing load and downloading the content beforehand. This avoids network congestion and keeps latencies short.
Cyber security also improves in edge computing, because organizations have no longer need to transfer critical data to the cloud, and they can keep it inside their own organization.