The eighth Information Security Education Day (ISED) took place on 2 June 2023 at the University of Luxembourg. The theme of this one-day event was “Social Engineering and Online Deception”. The event was co-organised by the University of Luxembourg (Department of Computer Science) and the Luxembourg Institute of Science and Technology (LIST).
Author: Prof. Gabriele Lenzini, Head of the Sociotechnical Cybersecurity Interdisciplinary (IRiSC) research group at the Interdisciplinary Centre for Security, Reliability and Trust (SnT).
ISED is an annual interdisciplinary event that gathers students, researchers, and practitioners in cybersecurity. The event provides a forum where academics and practitioners can learn about different perspectives on a key topic, and exchange and discuss ideas. The speakers contribute their expertise in different areas covering the legal, technical, and research aspects of the theme.
The organising committee – in this eighth edition Prof. Yves Le Traon and Dr. Nicolas Mayer, directors of the Master in Information Security System Management, Guillaume Haben (who defended his PhD on the 29 June, our congratulations!), and Prof. Gabriele Lenzini from SnT – selects every year one of the most relevant topics of interest in the field, develops an appealing programme, and invites renowned speakers to give a keynote and engaging speeches. For this edition, the choice was “Social Engineering and Online Deception”. The 2023 edition was sponsored by SnT’s research project REMEDIS, an FNR/FNRS-funded project on REgulatory and other solutions to MitigatE online DISinformation in collaboration with three academic partners, ISACA, the Global Information Security and Technology Professional Association, and Women Cyberforce.
ISED 2023 offered the audience a series of talks from the perspectives of practitioners: Lars Weber, CISO of Spuerkeess, shared how effectively companies in the service sector, such as banks, effectively cope with social engineering attacks like phishing, smishing, and vishing against their clients. Jean-Louis Huynen, an expert researcher at the Luxembourg Incident Response Center (CIRCL), gave a lecture with the provocative title “Human using Technology, Monkeys Living at the Edge of Chaos”, sharing insights on how intrinsic features of our human psychology and the human interaction with technology make us particularly vulnerable to well-designed and well-executed attacks.
A topic at the heart of the research of the REMEDIS project, fake news, was addressed by Xavier Hermès, Business Security Information Officer (BISO) at RTL Group. Hermès gave insights into the threats and strategies adopted by companies in the media business. Close to REMEDIS’ interest was the talk from the regulatory viewpoint on deceptive designs (also known as dark patterns) and personal data, delivered by Vincent Legeleux of Luxembourg’s National Commission for Data Protection (CNPD).
The day was closed by Sylvain Leconte, General Manager of COGICEO, a company whose core business is social engineering penetration testing. He explained a few tricks used by the so-called Red Teams when penetrating an organisation’s digital and physical premises to “steal” specific bounties or targets, of course, after they are legitimately given the mandate to test-stress the organisation’s security.
Of particular relevance was the keynote talk on the threat brought by AI on cybersecurity by Sabika Ishaq and Anusha Moonshiram of the Woman Cybersecurity Force and also, respectively CISO at Grant Thornton, and Advisor at the High Commission for National Protection. The presence of women in a still male-dominated sector such as that of cybersecurity is increasing. However, it is essential to stress that there is still a gap while sending an inclusiveness message to our students and the young generation of CISOs.
Prof. Lenzini’s report has originally been published on the REMEDIS website.