This year's CPX Prague brought together experts not only in the field of cyber security to share their experience, vision and highlight the major risks that threaten not only companies, but also ordinary users.
Where are we missing AI today?
One of the most prominent speakers was Tomáš Mikolov, who shared his insights from working for American giants such as Facebook and Google. According to him, Europe has a fundamental problem with the motivation to innovate compared to the US. In the age of artificial intelligence, we are so far most lagging behind in education and healthcare, where Tomas sees major opportunities for a shift, but also the ossification of the system.
Supply does not arise without demand or why do we suffer from a shortage of security professionals?
Each event of this type gives me valuable insight into the perception of the cybersecurity field in the Czech Republic. While top companies recognize the need for effective cyber defense, many companies still underestimate cyber security or see it as a peripheral issue. The story where the company is growing, but IT isn't, and the owner doesn't understand why they should invest in security when their systems are working is a daily bread and butter story I've confirmed here. We further agreed with the community that the final nail in the future coffin tends to be the phrase "what would they take on us"... This lack of interest and critical shortage of qualified professionals in the field poses a serious risk, especially for the unprepared.
The frightening reality of the identity trade: The dark side of social networks and infostealers
Daniel Hejda's thought-provoking lecture covered the topic of privacy and protection of our data. Social networks and other platforms collect huge amounts of data about their users and then monetise it through advertising services or even sell it to third parties. Infostealers and similar malware then target this data directly to gain access to sensitive information about users. A logged-in session to a service has long been of much more interest to an attacker than a username and password that can be easily changed. This trend poses a significant threat because it changes the picture of access security that most people believe. We need to be wary of the services linked to our accounts, but we also need to be wary of companies that should handle data responsibly and be mindful of the consequences of potential misuse.
Vulnerable Windows drivers: a silent threat to corporate data
Jiří Vinopal spoke at CPX for the second year, this time in his lecture he delved into the analysis of attacks focused on vulnerabilities in Windows drivers that can allow attackers to effectively bypass all security measures of the system. Jiří discussed in detail what such vulnerabilities are and what they are connected with. This detailed analysis clearly shows that protecting against sophisticated attacks requires a comprehensive approach - not only basic security, but also focusing on specific vulnerabilities, such as drivers.
CPX Prague 2024 was very well organized and I thank its organizers, performers and visitors for a pleasant evening. The atmosphere of the evening served to generate stimulating thoughts and discussions and I will be returning to it in the coming weeks.
Honza from Safee