This week I was mostly visiting this conference at the Institute of Engineering and Technology in London.
Going to cyber-security conferences can be problematic for those interested in the field.
- How can you get past the end point security booths – I’m not responsible for it so I don’t really know what to say to them…
- How many suppliers tell you that they are now using machine-learning & AI to boost their cyber-security software….you can stack up 10 of these before you reach the first loo…
- What a mix you get at these conferences, some folks talk the jargon, some wear a smart suit…you just know who really knows their stuff…
- Blimey there are 20 new companies every time I go. If you are starting a company in cyber-security you have to call it some like Cy-thing or Seco-Bot. Names, it seems are important.
Well, Info Sec World was not like that. It’s a first-class event, with a full programme of lectures & talks plus a very limited selection of approved vendors – did I sound like an advert there? I didn’t mean to – it really is a good conference…I great one day event to stock up on the latest trends. We had a futurist looking at the next 10-20 years, we the VP from Symantec with some great insights then I broke into one of the tracks to focus on the challenge of cyber-cost & complexity in the digital world….
I came back with a back of goodies & pages of notes. Goodies below – were of high quality & will give you enough reading for months….
That’s why these events are worth going to. I chatted to a few folks around the conference – here’s what one well-known author on cyber-security told me off the record:
“Insider threats account for over 80% of breaches….”
I know it’s not revelation of the year but for me it was one hell of reminder that you don’t just need to learn about firewalls.
In fact, several of the talks highlighted some fundamental truths I’d kinda lost sight of. Here are a few well-known pearls:
- Patching is important – the boring stuff makes a difference
- Segmentation is something you need to act on – validating who has access to what
- Data management – talked about often, done not so much
- Identity Management – hell yeah, login credentials, compromised administrators & crappy passwords
I hope this doesn’t all sound very flippant – I know its basic stuff but it was a great remember. One of the speakers told us that in his experience over 90% of breaches were avoidable by making effective use of standard controls & processes. That’s the basics – no need for AI here.
Finally, the VP from Symantec talked to us about the Law of Unintended Consequences.
He didn’t use the following example but it’s a good one. Something in hard facilities management think it’s a good idea to hook up the heating system to the Internet.
Smart stuff.
We’ll be able to control the heating via a mobile….you know where this is going.
I think the point he was trying to make was to think through the headlong rush towards Smart-pants & Smart-socks…
All in all, a really valuable conference. I know I haven’t done it justice here but well worth a look next year….
Crazy Adventures in Cyber Security 