Moving Cybersecurity Forward: Takeaways from International Cyber Expo 2022
Cybersecurity is not just a tick-in-the-box exercise, nor simply a product to sell.
Cybersecurity is not just a tick-in-the-box exercise or a product to sell. It’s an ecosystem composed of brilliant minds in a variety of functions, from government officials, entrepreneurs and academics to technical experts, executives and venture capitalists. Each plays a role in influencing the future of cybersecurity as well as protecting businesses and the broader public from cyber threats, shares Rachael Shattock, event director of International Cyber Expo, as she focuses on key takeaways from this year’s expo.
Being part of a community is so important for the cybersecurity industry. Without collaboration, things simply could not move on, which is why events like International Cyber Expo have become so crucial to all working in the industry. The event was created for the community by the community and hosted a world-class Global Cyber Summit, exhibition space, immersive live demonstrations and informal networking.
Being able to share experiences and knowledge was high on the agenda for many, highlighting the importance of working together.
“Collaboration, not audit and judgement! Large scale events like Log4j and Solarwinds have shown us that a self-centred approach to cyber security does not work. Sharing data, resources and experiences takes a lot of trust and bravery but is essential if we are to make any tangible difference to security resilience across organizations, industries and supply chains. Those brave enough to take the plunge will be the first to benefit,” comments Emily Hodges, chief of staff – Risk Ledger.
See More: Cyberstorage: The Data-first Answer to Ransomware
Prioritizing Cyber
Day one of the Global Cyber Summit covered everything from cybersecurity’s image problem to the potential demise of the internet. Erika Lewis, director of cyber security and digital identity at DCMS, kicked off the day by enlightening her audience with the government’s cyber priorities.
Later, Juliette Wilcox, cyber security ambassador – Department for International Trade, discussed the UK’s cyber power strategy and how trust is integral to its realization. Her five pillars of the cyber power strategy aim to set the UK on the path to becoming a global cyber power, strengthening trade relations and bolstering the trust between trading nations. A panel of cyber powerhouses, Dr. Hugo Rosemont, public policy manager – Defence and National Security, Dr. Maria Lema co-founder of Weaver Labs, Rob Demain, CEO & founder – e2e-Assure and Ben Jenkins, director of cybersecurity at ThreatLocker, then discussed the industry’s role in realizing Wilcox’s vision.
“International Cyber Expo is a showcase for the best of UK cyber security capability and technology, including emerging technologies such as quantum, artificial intelligence and blockchain which will be critical to the future of effective cyber security and vital to economic growth and prosperity. I am very proud of the expertise the UK can offer the world and look forward to promoting our outstanding cybersecurity products and services.” Juliette Wilcox, cyber security ambassador – Department for International Trade.
The second keynote of the day was delivered by Christine Berjerasco, chief technology officer at WithSecure advised on how organizations can realize resilience by accelerating the transition to outcome-based cybersecurity.
Tresorit’s CEO, Istvan Lam, took to the Tech Hub Stage to discuss the risks of shadow IT and the risks of document and contract exchange. Lam commented how, “Digitally signing a document in the EU is either easy or binding – but not both. This blocks businesses from digitalization because for legal purposes, paper-based, wet-ink signatures need to be used. And this is the case for companies who otherwise are fully digitalized – still, employment, rental, car purchase, banking etc, contracts are signed on paper. Why? Because properly binding digital signature setup takes days for a business partner. The goal should be to fully digitalize document management, from creation, approval to signing, archiving.”
The day closed with an enthralling talk from Daniel Siu, the chief cryptographer at Arqit Quantum Inc., who discussed the existential threat quantum computing poses to the internet. Passionate, knowledgeable and energetic, Siu elevated an interesting topic to a fascinating one as he explained the looming issue of quantum computing rendering public key encryption and, by extension, the internet obsolete.
The first day of the event really got people thinking about how quickly the threat landscape is developing, with Jake Moore, global cybersecurity advisor at ESET, reflecting on this by commenting, “Sophisticated attacks are not only escalating on a technical level. We will continue to see a sharp increase in sophisticated human hacking attempts where spear phishing and social engineering work together in collaboration in the initial phases of an attack. Cybercriminals remain acutely aware of the value of targeting staff of all levels. Recent high-brow attacks highlight the importance of better protection from these relentless attempts to enter company networks on a human level.”
Behavioural Change
Onto day two, which saw the City of London Police’s assistant commissioner, Peter O’Doherty, open with a talk that looked at the latest initiatives that have been created and being put in place to tackle current and upcoming threats. The biggest takeaway from the talk was the understanding that cyber policing is a challenge for all and one that must be tackled together as a community.
Diversity in cybersecurity was one of the most talked about themes throughout the show. A panel discussion among experts such as Christine Bejerasco, CTO at WithSecure Jitender Arora, Partner and CISO at Deloitte North and South Europe (NSE), Anne Woodley, security specialist for Microsoft and Vicki Gavin, head of information security & compliance at Kaplan International discussed how true diversity is normality within cybersecurity. They talked about how critical thinking requires different thinking, including women’s vital contribution. The discussion also looked at how having a truly diverse workforce encourages more young people and individuals from different backgrounds to explore opportunities within cybersecurity.
“A major prediction for the future of cyber is a much-needed increase in diversity. As with many industries, cyber suffers from a stark lack of diversity in many forms, including gender, age, ethnicity, and neurodivergence. Starting to remedy this problem would help to close the UK cyber skills gap.
The more our cyber workforce reflects the diversity of our society, the better our cyber solutions will be. We need people from all walks of life to enter the cyber industry. There are huge amounts of untapped talent in these demographics, and the cyber landscape will be much improved if we can make the industry more inclusive and accessible,” comments Dr. Andrea Cullen, co-founder of CAPSLOCK.
Ethical hacker and head of cyber innovation at Falanx, Rob Shapland took an enthralled audience through how cybercriminals design, plan and maximize the success of their attacks in an effort to steal Covid vaccines.
Thoughts then turned to the Industry Contribution to UK Cyber Strategy and the next steps to make it workable in a global setting. Prof Lisa Short, global technology influencer & founder – Areté Business Performance, alongside Johan Dreyer, EMEA Field CTO – Mimecast, Chris Roberts, development manager, security operations – Fortinet and Simon Maple, field CTO – Snyk, all took part in the panel discussion that looked at where the UK’s strategy is heading.
Chris Roberts, business development manager, security operations at Fortinet, concluded, “As the world continues to evolve, technology becomes ever faster and more agile and consumer expectations continue to rise, we’re seeing the cyber market adapt to keep pace with the need to address the resulting threats. The current economic climate worldwide is also driving different risk dynamics that drive the need for more agile cyber solutions to enable organizations to push their critical time to detect and remediate metrics down. Integration, consolidation, cost base demands and service level expectations are pushing re-evaluations of how a positive security posture can be achieved and maintained. Deception and detonation are examples of solutions that can dramatically drop the metrics, protect against zero-day attacks and increase operational uptime while decreasing alert fatigue amongst affected teams. 2023 looks to continue these trends yet be an exciting time as the industry continues to understand and meet global expectations.”
The UK’s cyber strategy became a hot topic with John Davis, UK & Ireland director, SANS Institute, commenting, “Awareness and vigilance are vital weapons in our response to cyber threats. Businesses are battling enormous pressures in today’s climate amid rising inflation and supply chain issues, and hackers are looking to exploit this. Cybercriminals are leveling up. Their attacks are more prevalent, more sophisticated and harder to detect.”
Davies continues, “When building robust defences, the golden rule to remember is that prevention is always better than cure. Power comes through knowledge about how cyber-attacks could happen and flagging them to the UK’s national reporting centre for fraud and cybercrime. This is why cyber security training shouldn’t just be a tick-in-the-box exercise, but an ongoing journey of education for us all.”
Future Challenges
After two very busy days of talks, live demos and networking events, there was much talk about the upcoming challenges and what lies ahead for the cybersecurity industry and its community.
“Cybersecurity departments’ biggest challenges are identity theft and a new generation of ransomware with double extortion. In the era of recession, both hackers acting on behalf of companies and taking on the business themselves are hoping to receive the benefits of stealing data and reselling it or blackmailing it into disclosure. The spread of MFA, including biometric and behavioral solutions, even in basic services or applications. The term “end-to-end” is not enough for the informed customer. Data privacy and data leak protection trends are becoming asymmetric encryption without any third party,” said Przemysław Kucharzewski, VP of sales – Cypherdog.
Salt Security’s VP of research, Yaniv Balmas, looks at the benefits of APIs discussing how “Leveraging APIs, financial services organizations can innovate and quickly bring to market unique customer experiences and services. While more than three-fourths of software developers say API development is or will be a top business priority, the figure is even higher in financial services – topping all other industries at more than 80%. Because successful attacks are so lucrative against financial institutions, they have always been a top target. The growth of the API economy has made the financial sector an even bigger target, which is why minimizing API security risks has become the top priority.”
As Niklas Hellemann, CEO of SoSafe GmbH, concludes, “We must abandon the idea that the issue of cyber security will ever be ‘solved’. Cybercrime is on the rise and is becoming increasingly professionalized. With new tactics and strategies being developed every minute, and geopolitical and social events constantly being exploited, we must ensure we keep pace with these developments and stay one step ahead. Cyber security must be seen from a holistic perspective – technical and human solutions must be considered.”
What are your key takeaways from the latest trends in cybersecurity? Share with us on Facebook, Twitter, and LinkedIn.
Image Source: Shutterstock
MORE ON CYBERSECURITY
