Infosecurity Europe: Focus on Incident Response as AI Floods Security Show

Print Friendly, PDF & Email

If you work in the cybersecurity sector, three days in early June will probably be penned into your diary every year. Infosecurity Europe is one of the biggest shows of its kind in the world, with hundreds of exhibitors and over 20,000 cybersecurity professionals crammed into London Olympia to network, share best practice and see the latest tech on offer. To the untrained eye, it can seem a little overwhelming, but it’s actually a great place to go to better understand the market and the key issues keeping security practitioners awake at night.

This year it was hard to get out from under the shadow of the GDPR, while AI and machine learning technologies dominated the conference floor.

Mind the hype

I’ve never seen Infosecurity Europe on quite the same scale as this year’s event. In fact, the organisers were forced to open an adjacent hall to fit in more exhibitors, as well as the nearby Olympia Conference Centre which for the first time housed the keynote theatre. While the tried-and-trusted names were all in attendance, I’ll admit for the first time not recognising a fair number of the vendors exhibiting at the show.

This is primarily reflective of the rapid growth of the sector, which is no bad thing — after all, we all agree that cybersecurity is absolutely critical to organisations’ success. But that growth can also make it difficult for IT buyers to sort the real from the VC-backed hype. To that end, it’s hard to find a vendor today that doesn’t promote its AI/machine learning capabilities. But not all AI capabilities are created equal. Now more than ever it’s important for IT security bosses to do their due diligence on the market before making important investment decisions.

I’d always be more skeptical of the AI tech claims coming out of unknown start-ups than the capabilities offered by more established players. AI is well suited to some use cases. The technology can be used to good effect, for example, in spotting and blocking spear-phishing. It does this by learning and baselining the way organisations communicate which each other, so that it can then detect attempts to mimic those communications. However, in other situations, it can be a case of marketing style over substance.

GDPR starts here

While a large part of Infosecurity Europe is an IT vendor expo, there’s also a growing conference track which attracts some big industry names and thought leaders. This year the likes of dotcom pioneer Martha Lane Fox and former GCHQ boss Robert Hannigan took to the keynote stage to share some fascinating insight into the industry.

Unsurprisingly given that it came into force at the end of May, the GDPR was front-of-mind for many attendees, vendors, and speakers. Of course, the new European privacy regulation has many varied aspects, but incident response is one that could have the biggest impact. The legislation mandates 72-hour breach notifications, severely reducing the potential window organisations have to keep incidents from their customers and regulators. This makes effective incident response an even bigger priority for any organisation handling EU citizens’ data. Unfortunately, the new laws appear not to be making a huge difference so far.

A panel of assembled experts including CISOs, and legal and PR practitioners argued that many incident response plans fail because they’re cut and pasted from other firms, or else fail to account for the “reality of uncertainty” by making too many convenient assumptions about what might happen. The key is for organisations to assemble a broad team from across the company and ensure communications lines are well established in the event of an emergency situation. The bottom line is you must think the unthinkable, plan for it and then practice those plans.

Interestingly, several on the panel believed that not much intelligence could be gathered by an organisation within 72 hours. However, embedding forensics as a key part of the security team was seen as a crucial step in accelerating post-incident info-gathering.

Lessons learned

One of the best attended keynotes was given on the first day by former TalkTalk CEO Dido Harding, who described the events following a serious 2015 breach at the UK telco. Interestingly, she revealed that the firm became “a honeytrap for any hacker” once the incident went public, changing the risk profile of the organisation. This made it even more tricky to decide when to bring key systems back online: security teams wanted more time, but take too long and customers start to leave, she said.

It was the kind of insight one very rarely gets into the heart of a major organisation during a cyber-attack. Harding’s takeaways: CISOs need to “speak truth to power” in the boardroom more often to get their point across, but the board also needs to ask more probing questions around cyber-risk and not let the issue be taboo.

Whatever her motivation, it’s certainly a positive for the industry that Harding is speaking out about her experience so that others can learn from it. I hope that we see more of this kind of thing in the future, although any type of cross-industry info-sharing remains frustratingly piecemeal. We’ll just have to wait for next year’s show.

Scroll to top