Five experts on cybersecurity’s biggest 2019 advances
Like any kind of active ‘warzone’ (excuse the hyperbole) it’s hard to find good news in the world of cybersecurity. Successful defense doesn’t make the headlines, and occasions in which attackers get their comeuppance are few and far between in the grand scale of things.
That said, TechHQ was determined to leave Infosecurity Europe 2019 with some good news. So, during our time at London’s bustling meeting point for cybersecurity, armed with the caveat that exhibitors couldn’t ‘talk shop’, we set about the exhibition floor in pursuit of some positivity.
Responses painted a picture of a siege still in motion and far from being won— but also one in which a combination of regulation, advanced technology, and growing awareness is steadily leading to stronger fortifications.
The compliance gauntlet
Tim Mackey, a regular industry commentator and Principal Security Strategist at Synopsys CyRC (Cybersecurity Research Center) praised the ongoing impact of GDPR (General Data Protection Regulation).
Introduced only last year, the EU law on data protection was a landmark for compliance, laying a global gauntlet for other markets to follow in a similar fashion. For Mackey, the periodic reviews of security efforts and investments enforced by massive potential fines have been a “key component” in the avoidance of complacency.
“It is complacency – better known as IT laziness – which allows a legacy best practice mindset to be overlaid upon new digital initiatives,” said Mackey.
“GDPR forces us all to ask ‘what are we collecting?’, ‘why are we collecting it?’ and then ‘how are we properly securing the collected data?’. With similar legislation to GDPR being enacted or contemplated across the globe, it’s long term impact cannot be understated.”
One glance at the Infosec exhibition floor was enough to get a sense of the volume of solutions and tools vying for a slice of a lucrative market.
For Cybereason’s Chief Visionary Officer, Yossi Naar, this intense competition is giving rise to an incredibly rich and diverse arsenal of specialized tools. This ensures every type of business— old and emerging, across industries— can access the right protection.
“There are several trends that are evolving quickly in the market. Advanced protection capabilities such as anti-ransomware, Powershell protection, and machine learning-based protection are starting to reach a larger audience,” said Naar.
As the sophistication of attacks keeps increasing— enterprises are turning to specialized vendors to help them with their day-to-day security operations. IoT (Internet of Things) and automotive security are two important fields where vendors are seeing more interest for advanced protection.
Machine learning & AI
AI (artificial intelligence) and machine learning are becoming somewhat of a cliche in cybersecurity technology— or in any field of technology for that matter. But it’s not to say there isn’t some substance to it.
Lookout’s Chief Security Officer, Mike Murray, said: “The promise of incorporating algorithmic machine learning and AI into technologies in order to stay ahead of bad actors is one of the biggest advancements in the past year.
“As cyber threats become increasingly more sophisticated and complex, we need to find new and improved ways to detect, analyze and address them. Machine learning and AI can do that.”
A prominent user of AI in cybersecurity is Darktrace, whose co-CEO, Poppy Gustafsson, told TechHQ earlier in the year that “attacks are outpacing humans’ ability to combat them.” She predicted that the rise of “AI-powered malware” would lead to a “cyber arm’s race”.
Cybersecurity risks are one of the most “disruptive problems” for global business, said Bindu Sundaresan, Director of AT&T Cybersecurity. And that’s seen the topic finally become a pressing matter in the boardroom.
The increased awareness surrounding all matters cybersecurity— and the massive damage it can cause to a business— has helped organizations make the case for investment “beyond it being a technology issue or simply for compliance.”
Meanwhile, company executives are beginning to look at cybersecurity as more than the prevention of financially and reputationally-damaging data breaches, to its role in supporting digital trust.
“The biggest advancement we have seen in cybersecurity over the last year is its elevated status as a business risk,” said Sundaresan.
“For organizations across the world, to be successful as a digital business, cybersecurity has become a ‘non-negotiable’ due to the heightened awareness of it being a risk that boards care about and need to manage at scale.”
It’s by no means just businesses that have become cybersecurity conscious.
High-profile events like Facebook’s Cambridge Analytica have put the commonality of data breaches and the very real risk to privacy well-and-truly in the public eye. With an estimated 90 percent of cybersecurity breaches traced back to human error, this heightened awareness means business, staff, and customers can start to sing from the same hymn sheet.
“If they do not like the constraints of security, users are very attentive to their data,” said Ben Miller, SVP International, IDECSI. “If you receive an alert informing you that someone has accessed your mailbox, OneDrive, or SharePoint folders, you will behave as if someone breaks into your home.
“In this age of cloud and collaboration, fighting the digital threat demands a high budget. Therefore user engagement is crucial.”
4 October 2022