Emerging trends from Forrester at Infosecurity 2019

Rarely a week seems to go by without another massive data exfiltration coming to light, usually running to the millions of sets of personal data being copied from an organizations vaults, and made available to anyone with a few dollars to spend on illicit information.

While the City of Baltimore’s troubles continue to dominate headlines in the technology press, some companies and organizations continue to exhibit practices that, when cast even in the best of lights, might be considered lackadaisical, such as leaving huge databases unencrypted, unprotected and available on standard ports.

The timing of today’s Infosecurity Europe 2019 event in London could not be better, as cybersecurity professionals, companies and interested parties converge in the UK capital.

Like many of these types of events, there will be plenty of speculation as to what the next few years might bring the online security situation. Particularly apposite for Londoners will be issues surrounding IoT (Internet of Things), as two of the UK’s mobile phone networks (EE and Vodafone) are beginning the roll-out of 5G in that city (plus a handful more across the UK).

But blockchain, cryptography, and, of course, artificial intelligence are all set to play well among the thousands of attendees, exhibitors, and speakers.

Like many agencies attending the event, Forrester will be making its presence felt at Infosecurity, especially in a discussion surrounding quantum computing and the emerging technology’s potential effects on cybersecurity in years to come. We spoke to Paul McKay, senior analyst at Forrester, and asked how the situation might play out as quantum becomes a reality.

“What is likely to […] occur is when we get to a situation where a quantum computer is able to decrypt an encrypted message successfully, that in the short term key length sizes are likely to increase somewhat,” he said. Primary uses for quantum might not be found in solving or cracking cryptography at all, McKay surmised. Communication links would be one area that might lead the vanguard, he said.

And speaking of vanguards, we considered the potential initial use by malicious parties of new artificial intelligence algorithms– which are at least in part published in the public domain by the scientific community.

It’s up to security companies to take this IP and make proprietary modifications to it to produce “a more optimized implementation of the artificial intelligence that achieves a better result. This derives the company competitive advantage in the market, and they will put effort into protecting such an application,” said McKay.

If you don't have a process to identify, prioritize, and remediate critical vulnerabilities in your environment, you're failing key security responsibilities. Luckily, the #ZeroTrust framework lays everything out for you. https://t.co/5krcG4voxr pic.twitter.com/PHHDlTBKni

— Forrester (@forrester) May 31, 2019

Ethics in artificial intelligence deployment is a hot topic and one that Forrester representatives have spoken on at their events in the US and Europe. The company’s perspective is that “companies in the security industry need to recognize that AI techniques can be used for good and bad purposes and that they should give due consideration to the potential ethical uses of the security innovations we have been seeing in AI in recent years.”

McKay calls for a cybersecurity industry-wide code of conduct based on ethical practice, and to lay out ways in which artificial intelligence IP can be protected from the industry’s adversaries. Perhaps Infosecurity Europe 2019 this week will provide the germinating point for just that. Watch this space.

TechHQ is an official media partner of Infosecurity Europe 2019.