On November 10-11 this year, DefCamp, the largest annual hacking and infosec conference in Central and Eastern Europe, hosted presentations by the world's most experienced cybersecurity experts on personal security in the post-pandemic era, the ”zero-trust” approach - essential for a company's network, the effectiveness of security leaders and their habits, the cyber threat landscape in Romania, planning and building an offensive security operations center (SOC) and the importance of penetration testing.
For the first time in the last two years, the conference was held on-site in Bucharest and brought together more than 1,600 participants, from entrepreneurs to software developers, and especially cybersecurity enthusiasts and specialists from the public sector and academia from over 30 countries.
Over the two days, experts discussed key cybersecurity challenges for businesses in the region, psychological warfare through social media, improving cybersecurity through artificial intelligence, offensive and defensive security measures, device tracking threats in 5G networks, and critical infrastructure security. They also drew attention to the importance of cybersecurity, both at the personal level and in public and private organizations, as the current post-pandemic and geopolitical contexts have facilitated the creation of numerous vulnerabilities.
This year's speakers included Tudor Damian - IT consultant, with over 15 years of experience in managing complex IT infrastructures; Sebastian Avarvarei - IT security manager, working for over 20 years in the IT and security field, which gives him a unique and multifaceted vision of today's security challenges; Ioan Constantin - cyber security expert at Orange Romania, with in-depth knowledge of all IT security technologies and management systems; Chris Dale - IT enthusiast specializing in offensive services, attack surface management and cyber consulting; Andrei Iordan - Director of Advanced Analysis Global Operations at Secureworks who has helped build one of the largest and strongest cybersecurity communities in Romania; Jayson Street - one of the world's best-known and most sought-after experts in the field; and Bianca Lewis - attending DefCamp for the 2nd year, hacker at 15 and CEO of Girls Who Hack and Secure Open Vote.
What individuals and companies need to do to increase their cybersecurity
According to experts at DefCamp, both individuals and organizations need to be prepared for ”when” cyber attacks occur, as the ”if it happens” option is no longer valid in the current context. The likelihood of attacks has become so high that the main objective is to minimize the impact as much as possible. Thus, individuals and companies should understand that ensuring cyber security is a shared responsibility, and awareness and risk prevention falls on both parties.
On an individual level, some simple but fundamental prevention and detection measures that any user can follow are to pay more attention to the links and websites they access, as well as to the emails they open, to update regularly, increase the level of complexity and diversify their passwords for all the accounts they own, and to be constantly aware of the dangers in the online environment.
Companies need to keep all processes up to date, use the latest security technologies, and regularly educate their employees. In broad terms, every company needs to focus on both the offensive and defensive components of its cybersecurity strategies: regular testing to identify vulnerabilities in infrastructures is just as important as monitoring and incident response measures. Reducing the attack surface should also be high on the agenda, by limiting access to sensitive data, encrypting data, multi-factor authentication, or installing anti-virus software and firewalls. Last but not least, companies should pay more attention to cybersecurity (and cybercrime) trends and make their employees aware through regular educational programs, complemented by clear security policies and practices.
Hacking Village, a challenging, competitive, and educational environment for participants, with prizes of over 15,000 euro
The competitions helped participants test their cybersecurity knowledge and acquire new ones. In this respect, the 1st place in DefCamp Capture the Flag (D-CTF), the long-running competition that attracts the most participants every year, was Wreck the Line, a mixed nationality team that won 1,500 euro. The team included Romanians, one of whom was a member of team Romania for the European Cyber Security Challenge. Wreck the Line also won the last D-CTF edition, and the members have consistently competed in this competition, moving up in the rankings each year. Lucky Lucian, a team from Poland, won 2nd place, earning over 1,000 euro. The Few Chosen came 3rd and was also awarded as the best team from Romania, receiving a total prize of 1,000 euro.
Furthermore, conference participants won prizes totaling over 15,000 euro in all 10 Hacking Village cybersecurity competitions (more details here), as well as 3 tombola raffle prizes during the event (more details here).
„We are happy to have been able to organize the conference again in an on-site format. This once again confirmed to us that direct interaction and collaboration are vital to the direction of the cybersecurity field, a field that always brings new challenges that can only be overcome through continuous learning. The response from the whole community was fantastic, and the turnout in such large numbers, together with the enthusiasm and energy of the participants, motivates us to constantly develop the conference activities and look forward to next year's edition. For all these reasons, DefCamp will continue to contribute, with each edition, to strengthening the community and growing capabilities at a regional level”, said Andrei Avadanei, DefCamp founder.
The DefCamp 2022 event was organized by the Romanian Cyber Security Research Centre Association (CCSIR), powered by Orange Business Services. The conference was supported by Secureworks as Platinum Partner, Keysight Technologies Romania, Bit Sentinel, Pentest-Tools.com, Booking Holdings, and CrowdStrike as Gold Partners, Infoblox, Siemens, ExpressVPN, KPMG, Huawei, Thea Pharma and Happening as Silver Partners, and CyberEDU as Hacking Village Partner.
Since 2011 to date, DefCamp has managed to attract over 11,000 participants from over 55 countries and 150 cities, passionate about hacking and vulnerabilities, and interested in developing their technical skills. DefCamp also provides an environment to strengthen the cybersecurity ecosystem by facilitating collaboration and information exchange between experts in the field. The conference audience includes participants from research and project development (45%), cybersecurity specialists (30%), top management and decision-makers in companies (18%), and students (7%).