Infosec Report Card: Must concentrate better, but don't stop talking

Posted by: Ed Macnair  /  09 June 2017 10:00:00 BST

Find me on:

CensorNet Blog: Infosec Report Card 

Infosec Europe is undoubtedly one of the biggest trade shows in the calendar, and again it demonstrated its gravitational force this week with what I’m told are record numbers getting sucked into its orbit to discover how to better protect organisations from tougher and more complex cyber threats.

This morning, beyond the crusty walls of Olympia - back in the real world - a new UK government prepares to assemble, and the importance of cyber-related security to its policy program has never been so crucial. Spare a thought for the challenges they face.

They should know that all effective security responses demand coherence, a view I covered in my blog post on the eve of Infosec proceedings. Sadly, the once dynamic and collaborative IT security industry is losing its way, splintering its capabilities into smaller rather than larger spheres of influence. Solutions are for sale, not strategies. Marketing flim-flam is winning out over coherent answers.

If anything cut through the expo hall noise to achieve a consistent resonance then it was the regulatory argy-bargy of GDPR. As other commentators have noted, GDPR experts seem to be growing on trees now that May 2018’s deadline is upon us. But, scratch beneath the surface, and most have nothing to say but “buy my product to solve 1% of your problem”. So, it is that parts of our industry begin to resemble ambulance-chasing PPI claims merchants. It must do better.

All effective security responses also demand skill, and this is of deep concern when the right kind of intelligence just isn’t available, no matter how much time and money you have to invest. Infosec offered up snatches of clarity in this regard, with some of the brightest sparks I’ve met in a while sharing their insights into the next generation of machine-learning and artificial intelligence. The growing size and complexity of threats is such that cognitive overload is an inevitable consequence. Compounding the issue is a global cyber skills shortage. Perhaps we should focus efforts on making technology more joined up!!

For all its drawbacks, the beauty of Infosec is the conversation – meeting people to listen to their challenges, and finding new sources of expertise to help understand the best way to approach IT security in the future.

In the spirit of keeping that conversation going, I’m hosting a Twitter chat at 1pm today. Send your question to me via @censornet, or else drop in on the #postinfosec17 hashtag.