IGF 2023 Lightning Talk #35 Don't Let the Mouse Outsmart You


Cybersecurity, Cybercrime & Online Safety
Cyberattacks, Cyberconflicts and International Security
New Technologies and Risks to Online Security

European Cyber Conflict Research Initiative
Name: Jakob Bund
Affiliation: European Cyber Conflict Research Initiative
Regional Group: Western European and Others Group (WEOG)
Stakeholder Group: Civil Society

Name: Corinne Casha
Affiliation: Government of Malta
Regional Group: Western European and Others Group (WEOG)
Stakeholder Group: Public Sector


Name: Julian-Ferdinand Vögele
Affiliation: European Cyber Conflict Research Initiative & Recorded Future
Regional Group: Western European and Others Group (WEOG)
Stakeholder Group: Civil Society & Private Sector

Onsite Moderator

Corinne Casha

Online Moderator

Jakob Bund


Corinne Casha



Targets: 9.5: Proactive security measures in cybersecurity support the UN's goal of enhancing scientific research and upgrading technological capabilities. By protecting intellectual property, enhancing data privacy, safeguarding critical infrastructure, facilitating collaboration, encouraging investment, and building a skilled cybersecurity workforce, countries can create an environment that fosters innovation and increases research and development activities.

10.2: Proactive security measures help achieve the UN's goal of social, economic, and political inclusion by protecting personal information, ensuring access to digital resources, safeguarding against cyber threats including cybercrime, nation-state attacks, and hacktivists, promoting economic empowerment, and protecting human rights in the digital realm.

10.3: Proactive security measures contribute to achieving the UN's goal of ensuring equal opportunity and reducing inequalities by protecting against cyber discrimination, securing digital identities, promoting fair access to information, ensuring inclusive digital infrastructure, and strengthening legal and policy frameworks. By addressing cybersecurity concerns, societies can foster a more equitable and inclusive digital landscape for all individuals, regardless of their personal characteristics or backgrounds.

17.9: Proactive security measures contribute to enhancing international support for implementing effective and targeted capacity-building in developing countries by strengthening digital infrastructure, protecting data privacy, fostering trust in digital cooperation, addressing cyber threats, and bridging the digital divide. Through international cooperation and collaboration, developing countries can acquire the necessary cybersecurity knowledge and resources to build secure digital ecosystems, enabling them to effectively implement the SDGs and drive sustainable development.


Presentation / Lightning Talk

Duration (minutes)



Nation-state attackers, cybercriminals, and hacktivists are constantly advancing, leaving defenders struggling to catch up. This relentless game of cat-and-mouse favors attackers, often rendering reactive cybersecurity measures insufficient in safeguarding individuals, organizations, and the internet as a whole. Guaranteeing internet safety makes proactive cybersecurity measures such as threat hunting, attack simulations (e.g. red teaming), and security awareness programmes indispensable, which in turn necessitates acknowledging the ongoing game of cat-and-mouse with attackers. However, the implementation of such measures often involves overcoming challenging thresholds, which limits the benefits to only resourceful and mature organizations, as well as more developed countries. This exacerbates the existing geographical, societal and developmental disparities and negatively affects internet security as a whole. To enhance internet security and create the internet we want, it is vital to reduce entry barriers to proactive measures, extending protection to smaller, less resourceful, and more vulnerable organizations, individuals, and nations.

This lightning talk will start by explaining what proactive security measures are, their advantages compared to reactive approaches (e.g. incident response), their necessity in the current cyber threat landscape, and how organizations of different levels of maturity can implement them effectively. Secondly, we will discuss the various technical and organizational challenges for the implementation of these measures. We will argue that four overarching preconditions need to be fulfilled, regardless of the specific measures and organization involved: attacker knowledge, visibility, organizational knowledge, and process management capabilities. Based on these preconditions, proactive security measures should be developed as systematic, well-defined, and iterative processes. To make this content more accessible for the broader audience, we will present concrete practical applications of this approach. For example, human rights organizations that are often strapped for resources could release more staff-time or funding by using the existing guidelines on proactive measures. These resources could be in turn used to actively engage in threat hunting (e.g. specific, novel techniques used by attackers against other organizations). While this increases their own security posture, it also impacts the safety of their affiliates, including possibly vulnerable communities, human rights defenders, sources, and partners. Finally, we will argue that by understanding these preconditions and perceiving proactive security measures as continuous processes, organizations can gain insight into the investments and adaptations required to promote their growth.

Overall, the talk aims to establish a foundation that enables all organizations to implement proactive security measures, which will contribute to a more secure internet for everyone.

The format of the session will be a presentation followed by questions if time permits. The presenter will require a projector and bring their own laptop. The moderator will be monitoring incoming questions during the presentation and support with the general setup. More details to follow.