DeepSec 2023 Press Release: Digitalisation Requires More Than Just Technology – DeepSec Conference Combines Digitalisation With IT Security Trainings
Motorola CPU in close-up (Photo: Gregg M. Erickson, 2010)
Digitalisation is a great opportunity and has arrived in all areas of society. However, there is more to it than using digital data and computer systems. Processes and ways of working need to be adapted. In addition, information security must be considered throughout, from design to implementation. The DeepSec conference again has extensive training on this topic in its programme.
Digitalisation generates opportunities and markets
The basic idea of digitalised processes in companies and administration is simplification through the use of IT infrastructure. Data is more easily available. Documents can be searched and found more easily. This also means that more information is available in digital form. The opportunities and markets generated by this are not all legal. In 2022, data from one billion Chinese nationals was copied. In 2018, the Indian government reported thieves accessing the national database of biometric data. 1.2 billion citizens were affected. Western countries are not spared. Reports of this kind can be found in databases of incidents.
Real digital identities are traded because they can be used in follow-up attacks. The data thieves are very well organised. In the shadow economy, there are specialised services to specifically obtain certain data. The term Crime-as-a-Service (CaaS) collectively refers to this outsourcing to criminals. Europol recently published a study on this. The results describe a functioning ecosystem that generates profit. The seized assets amounted to 4.1 billion euros in 2020 and 2021. According to the study, criminal activities also have an impact on state stability because digitalisation can also be a tool for corruption. According to Europol, 60 per cent of criminal groups in Europe use corruption as a vehicle for illegal activities.
New financial products, money laundering and fraud
FinTech (“financial technology”) companies have developed strongly in recent years. They combine financial services with specialised IT technologies. This is not only about the controversial “cryptocurrencies”, but also about highly digitalised applications for companies and private individuals. The Europol study cites misuse of FinTech products as an example. Since money laundering is an important driver of organised crime, any system for transferring money and assets is therefore a target. CaaS groups offer their own money transfer systems, which make it very difficult to track payments because they are operated in secret.
Detecting intrusions made easy
The most effective countermeasure for defence is to understand the technologies used. Unfortunately, there is no way around this, because technology that is not understood is hardly ever questioned. This is an important point in order to defend against attacks from the field of social engineering. Social engineering is aimed only at people. Requests that are not checked technically or in terms of content are the most successful.
At this year’s DeepSec conference, there will be a two-day training on recognising threats in one’s own network. The target group is people from the field of information technology who work for companies or authorities. Knowledge about the detection and neutralisation of threats will be imparted. The widespread Active Directory environments are also part of the course. The trainers Michael Meixner and Rainer Sykora guide all participants through the basic knowledge to activities of forensic analysis, which is indispensable for successful detection with successful break-ins.
Programme and booking
The DeepSec 2023 conference days are on 16 and 17 November. The DeepSec trainings will take place on the two preceding days, 14 and 15 November. All trainings (with announced exceptions) and presentations are scheduled as face-to-face events. For registered participants, there will be a stream of the lectures on our internet platform. Discounted streaming tickets with exclusive access to recordings are also available.
The DeepINTEL Security Intelligence Conference will take place on 15 November. As this is a closed event, please direct enquiries about the programme to our contact addresses. Use strong end-to-end encryption for communication with us as showed on our contact page https://deepsec.net/contact.html.
Tickets for the DeepSec conference and trainings can be ordered online at any time via the link https://deepsec.net/register.html. Discount codes from sponsors are available. If you are interested, please contact us at deepsec@deepsec.net. Please note that we depend on timely ticket orders because for reliably planning of the event.