InfoSecurity Europe 2017: Computer security has become everything security
Security

InfoSecurity Europe 2017: Computer security has become everything security

If events such as InfoSecurity Europe are barometers for the health of each particular segment of technology, security is as fit as a fiddle. Company stands now rival most London flats for floor space, quality, and even amenities such as games and coffee machines. A couple of the larger vendors have stairs leading to whole extra stories which would probably require planning permission if they were outside.

Why is there such opulence on show? Because security is a bigger issue than ever before. But it’s also far more complicated, which means more money flowing to the hundreds of companies in attendance.

 

IoT

The Internet of Things, as was the case last year, was a big topic of discussion.

Security expert Bruce Schneier said that we are almost creating a world that is a robot; where microwaves are computers that heat up food, fridges are computers which make food cold, ATMs are computers that hold cash, and so on. But that means “computer security becomes everything security”, and as these systems become more critical to society, so does the effect of them being compromised.

The Mirai botnet attack was just the first example of how this new interconnected world can be abused. Schneier said that while it was of little surprise to the security industry to see CCTV cameras being used to take down Dyn and a large part of the internet, it was to the wider world, which is why it made the headlines.

 

Ransomware

WannaCry was understandably a common topic throughout the conference. But it wasn’t necessarily about blame; it’s easy to argue the NSA shouldn’t hoard exploits, or that Microsoft could have done more, or that companies affected should have been patching better. But the realities of the world aren’t always so simple. Lack of resources and legacy systems can make patching more difficult than it seems on paper, and governments are becoming more and more interested in the art of ‘cyberwarfare’. Losing such exploits, however, is incredibly dangerous and likened at one point to losing a nuclear warhead.

However, WannaCry is largely seen as an amateur attack that got lucky. According to Sophos’ James Lyne, ransomware is succeeding “despite being hideously implemented” but the nature of Ransomware as a Service and the increasingly modular way these attacks are created means such attacks will only become more sophisticated in time.

The Shadow Brokers group, which revealed the NSA exploit WannaCry was based on, have promised to release more exploits in the near future. Trend Micro’s Rik Ferguson warned that the next leak from them could cause a “shit show” if the impact of WannaCry is anything to go by.

 

Simplicity vs AI

Going back to basics and making security simple – especially for SMBs which lack significant security resources – is a mantra of several companies I spoke with over the duration of the event. Helping those security professionals who often double up as the main IT & network person in their business by making security simple but also ensuring that they do the basic hygiene procedures such as patching is something the security industry needs to make sure is happening, before we start talking about the newest shiny products and the state-sponsored APTs.

Which feeds in Artificial Intelligence and Machine Learning; most vendors at security shows now say they use one or the other, and most willing accept they are buzzterms. Aside from the fact that the two should not be used interchangeably – ML is relatively simple pattern-based learning and rules, AI is more sophisticated and getting towards being truly pre-emptive – too many companies are selling snake oil and/or over-egging their capabilities, and even those who can deliver are more likely to be features waiting to be bought rather than real products.

And that before you address the fact that while these ‘AI’ products are meant to make security simpler, the fact is these are generally very specific tools meant for larger companies, and that one-man-band IT type who does security doesn’t have the time, money, capability, or even need to use these types of products.  

 

GDPR

Last year, the upcoming EU General Data Protection Regulation (GDPR) was mentioned in a few talks but largely missing from the conference floor. This year, GDPR was sprawled across more than a few marketing materials – including Gemalto’s bus outside the venue – but this could well be too late since compliance can often take up to a year, which is well past the May 2018 deadline.

PREVIOUS ARTICLE

«Three things (potentially) holding back your IT career

NEXT ARTICLE

Seven things to know about datacentre deployment in Africa »
author_image
Dan Swinhoe

Dan is Senior Staff Writer at IDG Connect. Writes about all manner of tech from driverless cars, AI, and Green IT to Cloudy stuff, security, and IoT. Dislikes autoplay ads/videos and garbage written about 'milliennials'.  

  • twt
  • twt
  • Mail

Add Your Comment

Recommended for You

silhouette

Everything you need to know about… Tech Careers

IDG Connect tackles the tech stories that matter to you

kathryn-cave

Blockchain For Dummies: What you really need to know

Kathryn Cave looks at the big trends in global tech

martin-veitch-thumbnail

What we know and don’t know about digital transformation

Martin Veitch's inside track on today’s tech trends

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should companies have Bitcoins on hand in preparation for a Ransomware attack?