Fasten your seatbelts – it’s going to be a bumpy ride.
As I’ve conducted extensive research to put together the agenda for this year’s Infosecurity Europe Keynote Stage, I’ve been struck not only by the complexity of the challenges facing the cybersecurity community, but also by how central to modern life privacy and security issues are.
Technology is advancing at break-neck speed. Seismic global political and social shifts are challenging the established order of things, and cyber risk appeared in the list of the top five global risks by perceived likelihood in the Global Risks Report 2018.
The high-profile WannaCry attack in 2017 caused global disruption to critical infrastructure. Aside from the financial implications, the attack highlighted the vulnerability of critical infrastructure to attack. It is now a very real risk that a cyber-attack could impact the infrastructure and systems that keep society functioning, with potentially catastrophic consequences.
Claims that the Russian state hacked the 2016 US election and new allegations that Cambridge Analytics improperly used Facebook user data for political purposes have highlighted how vulnerable the democratic process is to cyber risk and the position of privacy and security at the heart of defending democracy.
Technological acceleration is offering potential solutions to human challenges from food security and curing disease to sustainable energy and reducing our environmental impact. For enterprises, new technologies also mean new opportunities. Blockchain and AI have been lauded as offering huge potential, not only to business growth, but also to cybersecurity. The IoT is changing the technology ecosystem and quantum computing is on the horizon. Alongside its potential for supercomputing, quantum presents new cyber risks and opportunities.
At a business level, digital transformation and new, nimble working practices are changing the shape of work. The always-on, always-connected user is demanding flexible, agile systems and processes. New regulation is driving the privacy agenda – reputational damage is only a breach away.
We know cybercrime is a truly global business and to have any chance of shutting down the cyber-criminal, co-operation and collaboration are key. Co-operation between international law enforcement agencies and collaboration between enterprises, government and law enforcement are both essential.
Conflicting priorities can, of course, sometimes hamper this. The enterprise wants to get back to business as soon as possible after a breach and might prioritise this above getting the cyber-criminal prosecuted. Law enforcement is focused on finding the perpetrator – and is often faced with cross jurisdictional challenges. Further, vendors and service providers, whilst driving security research and intelligence, also have sales and marketing targets to meet. As the industry matures, there needs to be a focus on overcoming these conflicting priorities in order to tackle the threats of tomorrow.
From SCADA systems in power plants, to customer data, to connected devices, responsibility for securing all of this sits with the information security community. It’s a daunting task, but it’s not hopeless. The information security community is collaborative and dynamic, faced with a unique opportunity to demonstrate its value to business and society as a whole. To do this, information security professionals need to be constantly looking ahead and scanning that horizon for the next threat or major technological development – because one thing’s for sure, you can be sure the cyber adversary will be doing the same!
The theme for Infosecurity Europe is Building Tomorrow’s Cybersecurity Today reflecting the need for the information security community to be able to predict future risks and get one step ahead of the cyber adversary. Playing catch-up isn’t an option – information security needs to step-up and wrestle back control from the criminal cohort. Central to this is skills, recruitment and retention. Where are tomorrow’s skilled professionals going to come from? How do we build a pipeline of skilled professionals? What needs to happen to encourage diversity in the industry to ensure that we are tapping into the resources and skills available? At a macro level, the community needs to make its voice heard to be part of the international cyber risk conversation – it’s the information security profession that is protecting the fundamental systems that we take for granted, from water to energy to food manufacturing. It’s only by coming together as a community that cyber defenders will be able to address the challenges of today and build resilience for tomorrow.
The Keynote Stage will address the challenges of building strong cybersecurity strategies and tactics to protect an organisation’s critical information assets as the world transforms. I’m currently finalising the programme so make sure you check back in a few weeks to start to plan which sessions to attend.
Content Manager, Infosecurity Group