The Future of Cyber Volunteering Across the Atlantic
Low-level cyber attacks on under-resourced organizations like nonprofits, school districts, municipalities, and small businesses continue to devastate these organizations on a regular basis, and have for years. These community organizations face phishing and email scams, financial fraud, data breaches and leaks, and ransomware extortion, impeding local access to critical services and threatening public trust in […]
SOARCA: open-source SOAR for CACAO playbook automation
In an ever-changing landscape of organisational cybersecurity, resilience has become of imperative importance. To be better equipped against threat actors and their increasingly more complex tactics, techniques and procedures, organisations must actively engage in the detection, investigation, prevention, mitigation, and remediation of cyber threats in a timely manner. To accomplish this, organisations are increasingly automating […]
Standardized Incident Reporting for a Stronger Community
The US Cybersecurity and Infrastructure Security Agency (CISA) has developed a comprehensive, in-depth incident reporting form (IRF), along with a Structured Threat Information Expression (STIX 2.1) data mapping to support standardized incident reporting suitable for machine-to-machine processing. IRF data capture relies on STIX extensions, which we introduce after a brief overview of STIX 2.1. An […]
Secure software: new guidelines beyond technology
The C-SIDe project (Cyber Security by Integrated Design) is an interdisciplinary project funded by NWO bringing together researchers from different scientific disciplines from Leiden University and the Hague University of Applied Sciences. The project team presents the first version of secure software guidelines that help relevant stakeholders to integrate the technical and non-technical aspects of […]
NWO showcase: Partners in Cybersecurity Research
The Dutch Research Council (NWO) is one of the most important science funding bodies in the Netherlands. Many NWO instruments revolve around building a successful consortium to perform scientific research and make an impact to societal and/or economic utilization. Three NWO-funded cybersecurity research projects share results and elaborate on their experience in working with public […]
AI in Offensive and Defensive Cyber
This session provides a deep-dive on current and upcoming AI technologies and their application in cybersecurity. Based on a custom-built hype cycle, it delves into AI’s current capabilities and how these can be applied in offensive and defensive efforts. Expect actual examples of offensive AI and how defenders can thwart such efforts with defensive AI. […]
Situation awareness through visual communication
At the National Cyber Security Centre Finland, we employ a dynamic duo: a data scientist and an information designer. Through the fusion of visual communication with journalistic and user-centred approaches, we navigate data, synthesize information, and distill complex concepts for decision-makers, organizations, and internal use. During my presentation, I will introduce several case studies illustrating […]
Cybersecurity training: best practices & future research
End-user responsibility in facilitating or even causing cyberattacks continues to be a growing topic of discussion. Especially in organisational settings, end-users play an essential role in contributing to cybersecurity incidents – or preventing them. Training programs are a popular tool that is used frequently in attempts to mitigate incidents facilitated by end-user action or inaction. […]
Building Cybersecurity of a Vulnerable Sector: A Multistakeholder Approach
In today’s digitally connected world, cybersecurity is a critical concern for all organizations. However, non-profit organizations, often described as ‘target-rich and cyber-poor,’ face unique challenges due to their often project-driven business models, which often result in underinvestment in cybersecurity infrastructure. As cyber threats become increasingly sophisticated, nonprofits are left vulnerable, with significant risks to their […]
Foresight analysis: The magic eight ball of intelligence
The ability to anticipate and predict future threats and events is crucial for Cyber Threat Intelligence (CTI) analysts. However crucial a skill, foresight analysis remains the most challenging analysis process an analyst can do. This challenge is further lamented by the fact that most CTI analysts are data-driven and reactive rather than conceptually driven and […]
