ITsec Budgets, BYOD and Social Media in the spotlight
The huge InfoSecurity Europe event (otherwise known as Infosec to the regulars) took place for the 17th time between 24-26 April atEarls Court, London. Members of the eco team were there to get a feel for what claims to be ‘Europe’s No.1 Information Security Event’, check out the latest trends andconcerns from the industry, and meet some peers to promote eco – in particular our own Internet Security Days event inSeptember.
It appears that IT security, in times of economic hardship, is still considered too important to include in organisational budget cuts, proof of which could be seen at this year’sInfoSecurity event. Visitor numbers were up from 10,462 to 12, 959 on 2011 and there were over 350 exhibitors. The show floor was busy and bustling with businessactivity. And it’s not surprising given cybercrime reportedly cost the world an amazing $380 billion a year â“ claimed Neelie Kroes, the EuropeanCommission Vice-President, in her keynote speech at Infosecurity Europe â“ making the protection of IT users and citizens a costly business that can’tafford cuts.
Kroes continued to explain that since everyone uses computers,cyberattacks can affect everyone, meaning that cybersecurity is no longer the domain of national security authorities and needs a comprehensive solutionthat involves governments, businesses and individuals. To assist this she explained that the European Commission will present a plan – a European strategy for internetsecurity – in the third quarter of this year. The plan will be based around five key areas. Firstly, there is a need to build a network to respond to cyber threats and sharethat information – EU member countries will be asked to guarantee their minimum capabilities to respond adequately to threats, as well as sharing critical information in asecure and confidential manner.
Secondly, says Kroes, there needs to be a governance structure with member countries being required to establish competent authorities to centralise
information and create regional forums to support collaboration with the private sector. Kroes added that the third aim of the strategy plan will be to improve security atevery point in the supply chain. The fourth aim, she says, will centre on the creation of a vibrant IT security market. The fifth prong of the EC’s strategy, sheexplained, is that Internet security is not a Europe-only problem, but an international one, meaning that everyone must be involved in the creation of a more secureInternet.
During the event we discovered a few underlying themes from talking tothe exhibitors and attending a few of the many key-notes and sessions. The first was the increasing trend towards BYOD, or ‘bring-your-own-device’, into the workplaceand the security implications of this trend. Most IT security professionals speaking at the event were shouting loudly about the dangers of BYOD. In particular, Simon Wise, deputy head ofthe Ministry of Defence’s (MoD) global operations security centre, commented, “We have a bring you own policy and it’s simple: Don’t!”
The key risk with BYOD, he told delegates, is the fact that unauthorized devices pose a serious threat to the rest of the network â“ whichin the MoD’s case involves around 750,000 IP-enabled devices. Wise revealed that the MoD deals with 200 different firms’ IT systems, of which it has 20 main suppliers. As a result, hesays, its suppliers need to be more honest about their position in the market, rather than claiming they have a `magic box’ solution to cyber security requirements.
The second most prominent theme seemed to center around social media, specifically security coming more and more into the world ofcorporate communications. It seems the days when a simple press release approval process would suffice have well and truly gone. There are now multiple customerengagement tools online that involve real-time reactions and publishing of information to keep up with competitors in the online social sphere.
Martin Alldrick, CISO of Lloyds, commented that ‘There is a plethora ofvery detailed information constantly being submitted via the likes of Twitter, and I’m amazed at what people are prepared to post regarding their own personal lives and data…this iswhat fraudsters harvest.’ Alldrick continued to explain that companies absolutely need to authorize specific employees who are trained and skilled at using social media inthe right way and understand the risk. Policies should be in place and those authorised should be educated about those policies. He continued to explain that this also protects acompany in the case they need to fire an employee for publishing confidential or inappropriate content via social media. Alldrick commented, ‘If you have the policies and you’veprovided the appropriate training then the courts will be more likely to favor the employer in any arising employment tribunals.’ Alldrick also highlighted that,‘IT security professionals should remember, however, that they are their to help enable business not disable it.’
Besides social media being a hot topic in the event’s sessions it also seemed to be a hot security issue on the exhibition floor, with many of the exhibiting companies taking advantageof the increasing headache for security professionals and promoting their last product and service offerings for social media monitoring, analysis and encryption tools.
Parallel to the Infosecurity event, in Earls Court 2, was InternetWorld, a large digital business event, tailored more to front end web professionals dealing with digital marketing,email campaign management and web development. We took the opportunity to swing by and chat to a few email companies regarding eco’s mass-mail whitelisting service for ISPsand recipients, Certified Senders Alliance.
Infosecurity Europe 2013 will run from the 23rd â“ 25th April next year, in Earls Court, London.
