As security pros return to the office after three days of pitching and networking at InfoSec 2018, we round up the major talking points of this year’s show.
Too many organisations still aren’t getting the basics right
NCSC’s operations chief Paul Chichester took to the stage on Wednesday to warn that executives’ failure to put in place basic cyber security measures represents a bigger threat than cutting-edge exploits.
“We keep wanting to focus on the next shiny thing, but hackers don’t need to be that good to have global impact,” said the security veteran. “Getting people to focus on the basics is far more important.”
While adversaries are continuing to innovate, Chichester said NCSC is more concerned that many organisations are still failing to maintain good cyber hygiene. Getting the essential rights would have “a huge impact across the UK”, he stressed.
Sophos’s security research chief, James Lyne, reiterated Chichester’s warning, but said organisations are doing a better job now than ever before: “I don’t think it’s that everyone here is so saying, ‘oh, well I can’t be bothered to do them’.”
An EfficientIP survey released to coincide with the show indicates that 39 per cent of European organisations have suffered from data theft in the last 12 months, lending weight to Chichesters’ fear that many organisations still aren’t getting the basics right.
Machine learning could alleviate the cyber skills shortage – but it’s not a silver bullet
There will be a global shortfall of 1.5 million cyber security workers by 2020, researchers predict, and it’s feared that Brexit could make it even harder for UK businesses to plug the skills gap.
Vendors seized the opportunity to talk up the prospect of machine learning at this year’s show, and many hope that greater automation will alleviate the shortage by making security pros’ jobs more manageable in the coming years.
“I’m a huge proponent of some of the potential that can come out of machine learning,” said Sophos’s Lyne. “But even that, as an amazing technology, doesn’t eradicate the importance of proper security awareness processes.”
ZoneFox’s chief technology officer, Matt Little, agrees. “You need to be careful of relying too heavily on AI,” he tells NS Tech. “It can be flawed.” Instead, Little says machine learning should be “meshed together” with security pros’ conventional responsibilities.
The true impact of the NIS Directive remains to be seen
Last month saw the introduction of not one but two sets of EU regulation aimed at protecting citizens in an increasingly digital world. While GDPR has stolen the limelight, the Network and Information Security Directive may have a bigger impact on critical national infrastructure providers, whose cyber security the directive governs.
But exactly how the new rules will be interpreted and enforced remains to be seen. “We’re not really sure how strict the regulators are going to be because it relies a little bit on self-regulation,” explains Corero CEO Ashley Stephenson.
Corero president Andrew Lloyd adds: “For the moment, they’re looking for all of the organisations affected to be aware, to put in place their self-assessment and based on that self-assessment the regulators will be making some recommendations in terms of any gaps that they see. The hope then is nobody gets taken offline in the meantime.”
Are politicians equipped to address the big challenges tech presents?
Delivering the keynote speech on day two of the conference, Martha Lane Fox told attendees that the UK “is very far away” from having politicians equipped to deal with technology.
The British peer and Lastminute.com co-founder described MPs’ attitudes to technology as “dangerous” and singled out Theresa May for criticism.
“No politician at the minute is going to lose votes by knocking the internet,” she said. “That’s quite a dangerous place to be because it will lead to bad, reactive legislation.”
Lane Fox added: “Having a prime minister coming out and blaming the internet when things go wrong is not helpful.”
The internet entrepreneur said the prospect of politicians stifling innovation is particularly problematic for the UK as it prepares to leave the EU. “Post-Brexit, we have no choice but to become the most digital nation we can be, to ensure we’re resilient for the future.”