In a world where information becomes stale in the blink of an eye and the pressure to instantly share experiences is immense, sometimes it's worth slowing down and listening to the experiences of others. This is exactly what a cybersecurity conference such as CONFidenceis all about. The conference as always took place in Krakow. Between 2 and 3 June 2025 it brought together cybersecurity specialists, but the audience was much broader. The room was filled with hackers, programmers, managers, and professionals from the government and financial sectors, and of course... lawyers such as us.
Particularly valuable were the discussions with a group of experts, as well as the exchange of insights on the exec track and issues related to youth cybercrime and the role AI plays in it. CONFidence is precisely this type of unique event—it not only teaches but also inspires. As a result, it is much more than just another cybersecurity conference. It is a place where experts share their knowledge and practical experience. Without this element, neither compliance nor cybersecurity can truly work.
The lecture: The non existing leak
The presentation concerned a high-profile case of EmpikIt was prepared by individuals directly involved in the incident response. Their presentation confirmed what the industry has long been saying: unverified media reports about such events are no less dangerous than the attack itself. They open up a second front, where the battle is fought with corrections, press conferences, and briefings. The speakers recreated the timeline of events step by step, showing the real problems and challenges their team had to face. This allowed us to experience the entire situation minute by minute, without the cost to our own health and nerves.
This specific example demonstrated how crucial it is to prepare for a crisis response in advance. Why?
- 108 minutes following the initial industry publication, the topic reached the mainstream media.
- 126 minutes - the first official statement was published.
- 168 minutes - the nationwide media was covering the topic at 200%.
- 248 minutes - the topic reached internet forums and quickly went viral worldwide.
That's precisely why it's so crucial to prepare for a crisis response. You need to establish communication paths and a sequence of actions. In other words, this is exactly what the crisis plans mentioned in the NIS2 Directive and the national Act on cybresecurity are all about.
How does the hacking community function?
One of the lectures also focused on how hackers prepare their attacks. It covered how they recruit team members, share knowledge, and create tools to support their activities. The speakers, who are active in the same channels where hackers operate, showed real conversations among criminals and explained how they infiltrate these environments to gain knowledge about threats and assist law enforcement in apprehending cybercriminals.
It's truly impressive when speakers mention that individuals from the "dark side of the Internet" are sitting in the audience alongside regular attendees. Getting an inside look at how attacks are prepared and executed—attacks that a security management system is supposed to defend against—is a crucial experience. It's essential for developing advisory skills, which are key to providing high-quality cybersecurity compliance services today.
Too many events to attend them all.
Of course, the agenda included a huge number of other events, such as workshops on hacking, attack planning, and incident response. There were also plenty of networking opportunities—in the Community Corner or at the booths of industry exhibitors. The parallel sessions made it impossible to attend all the lectures, but there was definitely a lot to choose from. The conclusion is clear—we are eagerly awaiting next year for another dose of knowledge (and experiences).
Do you need help preparing business continuity documentation or developing incident procedures? We can help. Contact us via kontakt@lrs.law or use our contact form.
