The Nasstarian
Brought to you by

Infosecurity Europe: The Place to Shop for Industry Trends

In opinon / By Phil Muncaster / 11 June 2018

If you want a crash course in understanding the cybersecurity industry, there are few better places to go then Infosecurity Europe. Every year for a few days in early June, in a bafflingly difficult to reach part of London, the world’s most prominent security vendors, channel players and thought leaders come together to network, sell their wares and share their insight. As always, this year was a whirlwind of deep technical seminars and high-level industry trend presentations: sometimes challenging but never dull.

Here are some of my key takeaways, in a far from exhaustive list:

Buyer beware

Each year I’m amazed by the sheer range of ingenious security vendors jostling for space on the conference floor. Perhaps more than any other year there were new names out there I didn’t recognise. AI and machine learning continues to be one of the biggest buzz-words in security — you’d be hard pressed to find a vendor not touting this as a feature of their products. But it’s easy to feel in the midst of it all at the centre of London Olympia as if the market has become too fragmented.

Money is being pumped into the industry from greedy VCs at an unprecedented rate, it seems. That means a multitude of niche vendors all looking to make a name for themselves, and a buck for their investors. For IT buyers, more than ever, there’s a real need to conduct due diligence on companies. This also makes the role of the distributor and reseller even more important. It’s all about knitting together innovative niche vendor offerings into value-added solutions and services that solve real business needs. Your channel partnerships are increasingly vital.

You can take advice from a breached CEO

Many might have been surprised to see former TalkTalk CEO, Dido Harding, give a talk at Infosecurity Europe. But while some of her comments raised some eyebrows — particularly that the much-maligned telco is a better, more profitable firm now — some advice was welcome. You could either argue that she’s the best person to be giving advice on incident response, having learned the hard way, or the worst, given the firm was handed a £400,000 fine by the ICO following a massive 2015 breach.

I’ll give her the benefit. She raised some important issues in warning of the dangers of legacy IT; the need for IT leaders to “speak truth to power” when communicating with the board; and the need for board members to improve their understanding of cyber-risk. However, one wonders if Harding was still CEO of the telco, if she’d be practicing what she now preaches.

Time is running out for encryption

Infosec can also be a great place to learn about some of the key trends set to shape the industry in the coming years. So it was that Jaya Baloo, CISO at Dutch telco KPN Telecom, warned attendees that the infosecurity community better start “getting its hands dirty” in preparing for the coming quantum computing revolution.

Why? Because the sheer speed and compute power this advance will herald could make most encryption obsolete. Increasing key size could help keep some versions like AES-256. But longer term, IT security pros must look at opportunities to utilise quantum components themselves in key distribution, she argued.

Firms still getting incident response wrong

Given the compliance deadline was just a week ago, it’s no surprise that the GDPR cast a lengthy shadow over the conference this year. One of the key requirements — mandatory 72-hour breach disclosures — was discussed by a panel of experts on the final day. Unfortunately, it was argued that organisations are still largely failing on this front. Incident response plans cut and pasted from other firms; plans which fail to account for the “reality of uncertainty”; siloed teams; and poor communication internally and with regulators, media and customers, were all flagged as sticking points.

Nation states loom large

Finally, it wouldn’t be a conference about cybersecurity if no-one mentioned the huge uptick in nation state activity we’ve seen over the past few years. Former GCHQ boss Robert Hannigan led the way, with a special mention for Russia. He claimed that the Putin administration’s apparent disregard for being “found out” and intent on destructive attacks which seek to sabotage physical installations in critical infrastructure sectors is a real cause for concern. As the number of supply chain targets grows, the nation state threat becomes less localised and increasingly relevant for all organisations.

Even dotcom pioneer Martha Lane Fox alluded to the nation state threat: specifically the dystopic societies that countries like China, Russia and North Korea are creating in their parts of what is an increasingly Balkanised internet. However, she remains a tech optimist and argued that the UK could lead the way by showing what rules-based, ethical internet development should like. As always, cybersecurity and privacy will be at its heart.

Phil Muncaster

Phil Muncaster

Phil is an internationally known technology writer, having regularly written for The Register, InfoSecurity and IT Week on the subject of technology, IT and security.

Comments powered by Disqus