Blood, sweat and cyber threat at Infosec 2017

Fiona Bates

12 Jun 2017

Less than a month after WannaCry hijacked hundreds of thousands of computers across the globe, experts flocked to Europe’s biggest cybersecurity conference last week to discuss the industry’s hot topics. Unsurprisingly the recent attack was high on the agenda, with many lingering questions about how it spread so rapidly and what comes next. But AI cyber skills, ransomware and electoral hacking were other big themes of the week. While Team Harvard was running around the show floor, filming interviews, hosting umpteen journalist briefings, taking in the buzz of what was one of the busiest InfoSecs we’ve seen in years (and yes…enjoying the beer at the InfoSec Magazine drinks reception), we also had time to catch some of the interesting discussions taking place across the three days. Despite Jeremy Paxman’s opening address doing little to answer those questioning why the tough political interviewer was doing a keynote at a cyber conference (openly admitting he doesn’t understand encryption: “I wish I understood cryptography”), others shared thought-provoking stances on some of the industry’s biggest issues.

Bruce Schneier, Security Technologist at IBM

The award for the most interesting talk at the show, in our humble opinion, goes to Bruce for his fascinating look at the risk versus opportunity of artificial intelligence and machine learning. He discussed how, as we move to an IoT world where computers infuse every object in our lives, computer security will also infuse every object; meaning the lessons we learn in computer security will impact the world. The key takeaway was that governments will undoubtedly become more involved in the industry. With IOT medical devices and self-driving cars, the industry essentially has a responsibility not to kill people, so much more stringent regulation is coming. Bruce’s rally cry was that in order for new regulation to be a good thing, the industry needs to get ahead and work together to device it before something is imposed.

GDPR focus panel

Talking of regulation – over on the GDPR focus panel, the impact of Brexit led the conversation. Cameron Craig, group head of data privacy at HSBC, warned the audience of security professionals that close attention needs to be paid to the ramifications of the GDPR during the negotiation and that “without a data agreement, business would grind to a halt”. Fellow panellist Steve Wright, group data and information security officer at retail chain John Lewis, discussed how a far-reaching challenge in GDPR is the language around it causing confusion – forcing Peter Brown, the ICO’s senior technology officer, to clarify certain elements. Brown was emphatic on one rumour in particular – one of the new elements of the regulation concerns appointing a Data Protection Officer (DPO): “I’ve heard plenty of people talking about there being a DPO exemption for SMEs – this is absolutely not the case.” So the discussion around how SMEs, with less resources and budget, will adhere to such significant changes, continues. That’s all for this year, folks. 364 days until InfoSec 2018…see you there!