What is the biggest information security threat to your industry?
The biggest threat is the large number of devices that are designed and sold with inadequate security. Each device has a limited scope and limited capabilities, which is why they are typically not considered critical infrastructure. Their value does, however, obey Metcalf’s law, also when used maliciously. Therefore, these devices become a significant threat when they reach a critical mass.
What can delegates expect to learn and hear about during your session on the Keynote Stage?
Delegates can learn how to build security into inexpensive IoT devices.
The key theme for this year’s Infosecurity Europe is Building Tomorrow’s Cybersecurity Today. What advice do you have for practitioners building a strategy to defend against the threats of today and tomorrow?
It is impossible to predict the adversary of the future. Therefore, you have to assume that the adversary of the future is much more powerful than today. This requires 1) a strategy to keep evolving with new threats, 2) a strategy for dealing with a security breach. For device vendors, a key part of this strategy involves in-field upgradability and strong device security.
The revelations about Facebook and the misuse of their user data have made headlines. What would you say is the main learning point to take-away from the incident?
The recent Mark Zuckerberg US Senate hearings revealed how many legislators are digitally illiterate. One of the purposes of legislation is to protect society against dangers to citizens. This means that in the case of cybersecurity, we cannot rely on legislators to handle the threats rationally and from a position of knowledge. Therefore, it is important to take responsibility and proactively ensure that the industry ensures sufficient security for connected devices.
What are we, as an industry, doing right?
My experience is that the industry is quite collaborative in dealing with the security threat.
What one piece of advice would you give to someone who is entering the information security profession?
Remember to take a high-level perspective from time to time. It is easy to become professionally paranoid and see risk everywhere. In the process, it is easy to become academic and lose track of the bigger picture.
What are you hoping to see/do/hear about at Infosecurity Europe 2018?
I hope to see powerful solutions at Infosecurity Europe that will make me confident that the future of the IoT will be adequately secure.
Lars Lydersen will be speaking about ‘Building Security into the Design of Billions of Cheap IoT Devices’ at the Keynote Stage at Infosecurity Europe on Wednesday 6th June, 12.35 – 13.10