This year marked my first visit to Infosecurity Europe, and with over 400 exhibitors competing for the attention of 19,500+ visitors, Olympia London was a feast for the senses – stands were adorned with waterfalls, popcorn makers and fidget spinners, and one stand even had an escape room. However, behind the freebies were important key themes and learnings that provide a useful picture of the current state of cybersecurity in 2018. Below, I revisit those identified in our pre-Infosec blog post and add my personal reflections.
‘It’s not if, it’s when’
In 2017 the National Cyber Security Centre (NCSC) reported that online crime made up the majority of UK fraud offences at 53%, spurring organisations to re-evaluate the likelihood of them falling victim to cybercrime. Furthermore, the news in May 2018 that Durham Sixth Form Centre paid a £1,500 ransom after suffering a cyber-attack serves as a reminder that it is not just big businesses that are vulnerable, organisations of all sizes are at risk. In January, the head of the UK’s NCSC, Ciaran Martin, warned that major cyber-attacks are a case of “when, not if”, and at the very least organisations should be following the guidance set by the NCSC’s government-backed cyber essentials scheme to protect themselves.
During my visit, the topic of GDPR – unsurprisingly – kept resurfacing. The significance of the penalties for breaking the regulation and the deadline for compliance (25th May) has forced organisations to re-think policy and protocol for data protection. With cybersecurity being such a major element of GDPR compliance, businesses have had to drastically improve web-based security as a priority.
If organisations can’t address the skills gap, they risk not being able to properly identify and swiftly respond to a cyber-attack, putting them in danger of huge financial losses and reputational damage. Governmental organisations, businesses and individuals alike hold a shared responsibility to address the issue. Capgemini research earlier this year – which surveyed 1,254 employees and executives across nine countries including the UK – identified a 25% gap in supply and demand for cyber skills in the workforce and found that 72% of respondents expect high demand for cybersecurity in 2020. However, according to the results of a survey released in June 2018 from the Institution of Engineering & Technology, one quarter of parents believe they have affected their child’s proficiency in STEM due to their own lack of confidence. Therefore, the trend of a lack of cybersecurity talent is unlikely to change in the near future without significant intervention from businesses or government.
At the NCSC stand, exhibitors shared information on how they are encouraging school girls to consider a career in cybersecurity. However, more must be done. For example, businesses could visit schools to educate pupils on cyber threats and invest more in cyber skills training for their current employees.
Threat prioritisation, automation and consolidation
There are now a huge amount of tools on the market for monitoring threats and tackling cybercrime, something clearly apparent from a lap around Infosec’s exhibition hall. However, with the number of cyber-attacks on UK businesses increasing year on year, according to the NCSC’s 2018 annual report, it is more difficult than ever for them to know which to prioritise. As such, automation will be invaluable for easing pressure on resources and optimising ROI.
As a discussion with a senior executive and a research analyst at Infosec emphasised, companies are also focusing on consolidation by reducing the number of vendors they work with to be able to manage them more easily and reduce costs. This has led to a shift away from clients buying into point product security solutions for specific threats and are moving instead towards platforms upon which various technologies seamlessly work together. Offering an integrated approach should therefore be high on the agenda of vendors when developing new products.
As black hat hackers identify new opportunities for exploiting organisations’ vulnerabilities online and deploy ever more sophisticated attacks, the need for cybersecurity is more pertinent than ever before. Businesses and individuals alike must continue to stay alert and aware to protect themselves and their data.