In 2020, Mind The Sec adopts innovative format and addresses post-pandemic themes

Last week, on September 15th to 17th, was held the 2020 edition of Mind The Sec, considered the largest corporate conference on information security on the continent. “2020”, however, was in the background in the official communications of the event, and there is a very logical explanation for that. MTS reinvented itself and, more than a conference, it is now a permanent content platform about infosecurity.

Adopting a format that we can describe as an on-demand information security content service, the post-event instantly turns into a growing library of videos that can be accessed throughout the year, available when the user wants. In addition to the clips, there is a directory of companies and industry professionals, as well as networking tools.

Right at the opening ceremony, after a fitness warm-up with none other than ex-fighter Antônio Rodrigues Nogueira (Minotauro), Anderson Ramos, CEO of Flipside and creator of the event, stressed that MTS has been completely redesigned for a better online consumer experience, with the goal of allowing even more people to enjoy the content.

“One of the main characteristics of Mind The Sec this year is the internationalization of the event”, points out Anderson. “Even with the platform only in Portuguese, we were surprised by the scope of the event: we have participants from over 300 different cities and from 30 countries, including Portugal, Angola and Mozambique”, he explains. In total, the platform was inaugurated with eight keynotes and dozens of lectures in five different virtual rooms.

Security and COVID-19

As much as diversity is the rule word in MTS, the topic of greatest debate during the event was, invariably, security challenges in the post-pandemic and the “new normal”. At this point, one of the highlights was the lecture by cryptographer, technologist and information security specialist Bruce Schneier, considered one of the most prominent names in the industry.

With no tongue in cheek, Schneier openly criticized the exposure notification systems for COVID-19 (Exposure Notification System or ENS) created by Google and Apple. For the expert, the idea of ​​using mobile devices for contact tracking may seem smart, but it has flaws that can result in false positives and false negatives.

“In false positive, the app would say ‘Yes, you are at risk’, but you don’t have the disease, and in false negative, it says nothing and you get sick,” he says. The expert recalls that the GPS of telephone devices are not so accurate, failing to be accurate at levels of two or three meters, for example. “There will be times when the app registers that you had a contact, but you didn’t,” he simplifies.

“I can be five feet from someone for eight hours and have no contact. We can be on opposite sides of a wall in an apartment or in a hotel. GPS doesn’t know that. You don’t know that there are different floors in a building, you don’t know that I’m in a car and you’re outside, with a glass window between us. So you have these mitigations that the app doesn’t understand”, He explains.

Finally, Schneier also stressed the importance of ensuring that such systems used against COVID-19 are made based on security in all its aspects and respecting users’ privacy rights. “When we built these systems against COVID, let them not become the new normal. Let us understand that things are different now and everything is fine, but they will be back to normal, ”he says.

Trends for the coming years

Another influential figure who was present at MTS 2020 was Mikko Hypponen, CRO of F-Secure. The executive addressed the trends in cyber threats and pointed out that, due to the increase in human dependence on the internet, we are seeing a frightening growth in the Internet of Things (IoT) market. “Today, many devices that we buy for our homes are connected to the internet. And this is just the beginning ”, he says.

For Hypponen, this segment grows due to its ability to collect more data from the end user, and “data is synonymous with money”. More than use in targeted advertising, this “new oil” has become important for training artificial intelligence systems. “If you want a machine to learn, you are going to have to teach them with something. And that thing is data ”, explains the Finnish.

Talking about other current problems, the executive also highlighted the use of legacy systems in several countries (including Brazil), the increase in malware for Linux systems (precisely because they run on IoT devices) and changes in the way criminal gangs operate ransomware.

“Gangs began to realize that fewer and fewer companies were paying ransoms, and they were not paying because they had good backups,” he realizes. It was then that the Maze gang started a new phase of ransomware operations, which consists of opening a public website where they post the names of the victim companies and publish sensitive materials stolen from such companies.

For Mikko, the conclusion is that “the more criminals are paid for their ransom demands, the bigger the problem becomes”, and therefore, we should never pay the ransom. The expert concluded his talk alerting also to artificial intelligence systems, which possibly in the future may create their own malicious code – a dystopian, but much more realistic, view of how intelligent machines can turn against human beings.

And there’s much more

As previously mentioned, the Mind The Sec platform will be available for permanent access, which means you can get access to the entire library from over 140 lectures and debates at any time. Over the next few weeks, The Hack will delve into the content and presentations of the event. Therefore, continue to follow the newsletter and our portal to check these materials.

Mind The Sec would like to thank the trust of all its sponsors, whose support allowed the event to take place:OneTrust, Cisco Secure, VMWare, Qualys, BlackBerry, SailPoint, Netskope, Guardicore, BigID, Netconn, Cloudflare, CyberArk, AlgoSec and Splunk.