1 of 35

Slide Notes

DownloadGo Live

Luxembourg's Cybersecurity Ecosystem

Published on Nov 18, 2015

Ljubljana 17.11.2015

PRESENTATION OUTLINE

LUXEMBOURG'S CYBERSECURITY ECOSYSTEM
Best Practices and Business Opportunities

Luxembourg

in 100 words
Photo by 55Laney69

MAIN figures

  • 563 000 inhabitants
  • 46% foreigners (170 nationalities)
  • constitutional monarchy
  • 5-6 common languages
  • 83 000 EUR GDP per capita
Photo by 55Laney69

reliable, dynamic, open, ally

Economy

  • industry / steel
  • finance / banking
  • audiovisual / space
  • ICT / fintech / eco- & biotech
  • logistics

ICT

  • State-of-the-art connectivity infrastructure
  • Award-winning data centers
  • World class R&D facilities
  • Business-friendly security environment
  • Favourable regulatory framework
  • Dynamic start-up scene
  • Innovative financing schemes
Photo by Doha Sam

CYBERSECURITY ecosystem

key elements

  • multidisciplinarity
  • collaboration & competition
  • public & private initiatives
  • scalability & sustainability
  • common public-private effort

national cybersecurity Strategy

  • CS goes beyond ICT
  • CS represents an economic opportunity
  • Democratisation & synergies
  • Reduction/harmonisation of compliance costs
  • Risk governance based approach
  • CS = an infrastructure for all
Photo by zilverbat.

Actors

  • Cyber Security Board
  • Authorities/Regulators (sectoral)
  • Public prosecutor & Police forces
  • (Critical) Infrastructure Providers
  • Operational Entities (CERTs)
  • Awareness raising centres
Photo by jurvetson

THREAT LANDSCAPE

Photo by Furryscaly

Incidents (CIRCL 2014)

Motivations (CIRCL 2014)

EXAMPLE CASES

BASED ON REAL INCIDENTS IN LUXEMBOURG
Photo by el patojo

VoIP/PBX attacks

  • scan for vulnerable PBX interfaces or VoIP servers
  • such systems are often outsourced or outside security scope
  • direct financial benefit by toll fraud

banking/presidential fraud

  • using malware or phishing to access mailboxes
  • banking details are replaced
  • also combined with social engineering (via a phone)
  • extreme cases: dedicated malware targeting corporate banking systems
  • targets: mainly huge invoice processing organisations
Photo by Cold Cut

Ransomware

  • recent ransomware (like CTB-Locker) also encrypts removal drives and shares
  • BYOD increased cases
  • 50% of LU victims had a non-functionnal/incomplete backup
  • ransomDDOS on the rise
Photo by thekeithhall

Success stories

Photo by p_a_h

CLUSIL since 20years
CISO job description, community & federation

Photo by @Doug88888

Untitled Slide

support & methodologies for SME

  • startup kit
  • awareness & training
  • customised check-up (diagnostic)
  • MONARC (optimised risk assessment method & too

+400 WORLD-CLASS SECURITY PROFESSIONALS FROM 40+ COUNTRIES

SnT - Interdisciplinary Institute for Security and Trust -
R&D partnership program :
6 public, 15 private, 2M turnover

Photo by Tom Hoyle

large scale awareness trainings
+10 000 pupils / year

Photo by Keoki Seu

Untitled Slide

DFIR for the economy

  • incident handling / coordination
  • DFIR tools & services
  • data feeds & early warning
  • threat & intelligence sharing
  • joint R&D and innovation
  • technical training & courses

KEY SERVICES & TOOLS

4 public ; 7 private

ICT SPRING

  • 4000 key decision makers
  • +70 countries
  • Presentations, seminars, masterclasses delivered by world’s biggest names in technology
  • Focus on start-ups and innovation
  • Europe-wide partnership opportunities

Untitled Slide

Untitled Slide

Untitled Slide

Key development areas

  • Awareness & training (ECSM)
  • Social engineering, phishing, ransomware
  • ICS & IoT
  • Threat intelligence, early detection
  • Cyber risk insurance
  • Big data & open data
  • E-archiving & secure (cloud) storage
  • CISO / DPO on-demand
Photo by Dex1138

Pascal Steichen
SECURITY
MADEIN.LU

Untitled Slide