27. April 2022 | Magazine:

IT-Security Awareness Days 2022 Online event series on information security in May

What is behind the term “digital forensics”? What is social engineering? And what would it be like to be a hacker yourself? These and more questions will be answered by the IT Security Awareness Days (IT-SAD). The joint online event series of several German universities will take place from 2 to 19 May and is already being held for the third time. Everything will revolve around the topic of information security. But not only IT experts are invited to participate! All contents are explicitly prepared for non-IT-savvy employees and students. Among the speakers: Dr. Christian Böttger, Information Security Officer (CISO) at TU Braunschweig and organiser of the IT-SAD. In this article he gives an outlook on what we can expect.

Dr Christian Böttger, Chief Information Security Officer and organiser of the IT-SAD. Bildnachweis: Christian Böttger/TU Braunschweig

Cybersecurity Escape Room

As a very special experience, we are again offering a web-based “Cybersecurity Escape Room”, where you can test your own cybersecurity knowledge and try it out in practice. Participants take on the role of hackers who are supposed to exploit certain security vulnerabilities. The course of events and how to deal with such attacks is taught in a playful way. The game is played in 25 stages for about an hour. Many thanks to the colleagues at Osnabrück University for making this possible. This will be followed by a panel discussion.

Security at every location

The topic of “secure home office” has been particularly important since the beginning of the pandemic and is likely to remain so in the foreseeable future. Shifting work to the home or even mobile environment naturally brings new challenges in terms of information security and data protection. The home IT network cannot be as well secured as the one in the office. Both users and IT departments have to adapt to this and take some additional aspects into account. But don’t worry – it’s not that difficult. During IT-SAD, we will therefore present the most important things that everyone should pay attention to and explain the reasons and effects. We will also look at classic teleworking. All recommendations are based on the publications of the Federal Office for Information Security and have been prepared in a user-friendly way. Everyone can certainly learn something here!

E-Mail, Messenger and Co.

Another very important topic is how to deal with e-mails. This is because so-called “phishing” has become an ever greater problem in recent years. You may have become increasingly aware of it in recent weeks: Hackers regularly try to obtain access data through e-mail-based attacks that use malware or fake websites. The attacks are increasingly well disguised. Caution is advised, because there is often a threat of devastating consequences. Prominent examples are the University of Gießen, the TU Berlin, the Ruhr-Universität Bochum and the Aschaffenburg UAS, whose operations were massively restricted for many months and still are. Hospitals and municipal administrations have also already been severely affected, a prominent example being the district of Anhalt-Bitterfeld.

The special challenge: purely technical attacks can be fended off more and more effectively. With phishing and similar methods, many criminals, but especially now during the Ukraine war also foreign intelligence services, often attack people directly. Psychological tricks and so-called social engineering methods are used that directly target the victim and are technically undetectable. Such attack campaigns are very cheap and widespread nowadays. On this topic, there are both practical events that shed light on one’s own behaviour in such situations and a lecture that explains the inner workings of such attacks.

Further topics

The lecture on messenger services is also part of the programme again. Here, questions are answered about which services should not be used and which “secure” alternatives are available. The topics will be supplemented by lectures on social engineering and the pitfalls of information security in everyday life.

Finally, there will be a panel discussion with the opportunity to ask questions. Two podcasts are planned as a new element.

Invitation to everyone

The events will take place online via Webex and are limited to a maximum of 1,000 participants for technical reasons. In the case of the Escape Room Game, of course, there are considerably fewer. The lectures will be recorded and will be available for streaming after the end of the lecture series. All details and the entire programme can be found on TU Braunschweig’s IT Security Blog.

Author: Dr Christian Böttger, Chief Information Security Officer and organiser of the IT-SAD / TU Braunschweig