The sixth edition of the Information Security Education Day (ISED) organised on 21 May 2021 by the University of Luxembourg and the Luxembourg Institute of Science and Technology (LIST) gathered almost 50 participants to exchange about the impact of Covid-19 on cybersecurity.

The event was introduced by Nicolas Mayer, Cédric Mauny and Yves Le Traon, respectively Senior R&T Associate at IT for Innovative Services at LIST, President of CLUSIL and Professor in Systems and Software Reliability at the University of Luxembourg.

Then, three speakers presented their findings and shared their experience about the impact of Covid-19 on cybersecurity.

Bruno Halopeau, Chief Technology Officer at CyberPeace Institute, focused on the cyberattacks targeting the healthcare system. The pandemic gave rise to a convergence of malicious and irresponsible behaviours (data breaches, disinformation), exploiting the vulnerabilities in the healthcare sector fragile digital infrastructure and weaknesses in its cybersecurity regime. In addition, threats have been evolving from large and disruptive attacks to very targeted and complex ones with societal, economic and psychological impacts.

Alexandre Dulaunoy, Security Researcher at CIRCL, presented MISP, an open source software created during the pandemic to help information sharing of threat intelligence including cyber security indicators. The platform focuses on two areas of sharing: medical information and cyber threats related to Covid-19. It assists users in creating, collaborating and sharing threat information such as flexible sharing groups, automatic correlation, free-text import helper, event distribution and proposals. More than 1500 persons have already used this tool.

Werner Ansorge, Business Continuity Manager at Proximus Luxembourg and Head of the Business Continuity Management working group at CLUSIL shared some good practices applied for continuity and resilience during the pandemic. For instance, companies which had already crisis management and communication in place, clear definitions of roles and responsibilities managed better the crisis. By implementing the recommendations of the international standard ISO 22301 about business continuity management systems, companies lower the potential negative impacts of a crisis event.

Then, three experts in the financial sector exchanged about the digital transformation due to the Covid-19 during a panel discussion moderated by Pascal Steichen, Chief Executive Officer at SMILE. Stéphane Bianchin, Chief Information Security Officer at Raiffeisen, Eric Bedell, Chief Privacy Officer at Franklin Templeton and Cécile Gellenoncourt, Service Line Head Supervision of Information systems and Support PFS at CSSF explained how their own organisation adapted to the pandemic, evaluated the risks, reassigned priorities, communicated with their employees, dealt with teleworking, developed new tools, and so on.

More information: https://ised.uni.lu