How do you hack a computer using only light and sound? You'll have to ask the high-performing group from Deloitte UK who recently attended the Information Security Forum's 28th Annual World Congress in Cannes.

Glitz & glam

We arrived in the French Riviera on Saturday, the glamour of which highlighted by the option of a helicopter transfer from the airport (we declined). Congress was held in the same building as the famous Cannes film festival. It's safe to say this wasn't what we were expecting but it was certainly in line with the undeniable allure of information security.

See no evil, hear no evil

The first keynote speaker was a digital philosopher who spoke about artificial intelligence as one of the biggest threats we face, noting that the amount of data collected by corporations means we are already past the point of no return. The highlight of the day, however, was a penetration tester hacking an air-gapped computer. By modulating inaudible frequencies of sound and the brightness of the screen he was able to register commands and extract data from a disconnected computer, without touching it.

Let's connect everything

The following day was opened by a former prime minister of Sweden, who faced some heavy questioning on the GDPR's impact on organisations across Europe, and the true impact of cyber warfare. The GDPR was clearly the hot topic of the event, with many talks trying to offer different perspectives to experts and beginners alike. There were also plenty of vendors pitching their wares and demonstrating tools for compliance, data classification, and scanning.

A fascinating presentation was delivered by a penetration tester who hacked various Internet of Things (IoT) devices live on stage. He began by accessing the Wi-Fi passcode from a second hand 'smart kettle'. He then turned to the CCTV camera market and showed that, by connecting devices that are meant to provide security, we are actually doing the opposite and allowing people into our private lives. He finished by looking at connected adult toys and how something so personal, without adequate controls, can be dangerous and intrusive.

Equality in cyber security

The final day saw Deloitte Associate Director Naina Bhattacharya co-deliver a presentation on diversity in cyber security. She spoke about the diversity challenges the industry faces, and used her experience of leading the Deloitte Women in Cyber initiative to highlight areas for progress. Her co-presenter described running a cyber security enhancement programme at a pharmaceutical company with a female / male split well above the industry average. She told the audience about the challenges she faced, how she overcame them and what worked well.

This was a fitting end to an ISF Congress that was full of learning and enjoyment but also highlighted that there is still much work to do. We recommend Congress to all cyber security professionals, regardless of your background. We left the Riviera with ideas on how we Cannes change the cyber industry for the better.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.