Infosecurity Europe 2013: Round Up

This week saw London bathed in glorious spring like sunshine, just as the 3 day annual Infosecurity Europe conference took place at Earls Court.  Over 330 vendors, 190 press representatives  and 12,000 attendees converged to make a interesting and thought provoking look at information security in 2013.

The keynote panel discussions focused on best practices as identified by experiences CISO's and security managers, with the general theme of education, awareness and training being top priorities, for organisations wishing to develop a sustainable and adaptive security posture.  Budget management is also a tough nut to crack, but it is becoming clear that technical point solutions don't always deliver what is required and properly training security practitioners, coupled with cross department accountability make for a more cost effective approach.

Advanced Persistent Threats, cyber attacks and SCADA based vulnerabilities were all up for hot discussion, by both vendors and attendees alike.



See below for a detailed write up of some of the keynote sessions.

Hall Of Fame Inducts Shlomo Kramer & Mikko Hypponen
Keynote Panel: Smarter Security Spending
Technical Strategy: Defining APT
Keynote Panel: Battling Cyber Crime
Keynote Panel: Embedding Security Into The Business
Technical Strategy: SCADA The Next Threat
Analyst Panel: Future Risks

Infosecurity Europe 2014 will run from April 29th to May 1st 2014

By Simon Moffatt

Infosecurity Europe 2013: Analyst Panel Keynote: Future Risks

At the end of day 1, of the Infosec Europe conference, on a wonderfully warm Spring afternoon at Earls Court, saw the keynote theatre host an interesting panel discussion focusing on future risks.  Andrew Rose from Forrester, Wendy Nather from the 451 Research group and Bob Tarzey from Quocirca provided some interesting sound bites for what future threats may look like.

Hacktivism versus Financial Reward
All panelists acknowledged that hacktivism has been a major concern for the last few years, with Andrew pointing out that attacks are now becoming more damaging and malicious.  Bob produced a nice soundbite of "terrorists don't build guns they buy them", highlighting the fact that hacktivists can easily leverage available tools to perform sophisticated and complex attacks, without necessarily spending time and effort developing bespoke tools.  Wendy pointed out that attacks driven by financial reward have somewhat different attack patterns and targets, with new avenues such as mobile, smart grids and CCTV devices being identified as potential revenue streams for malicious operators.

Financial reward is still a major driver for many attacks, with new approaches likely to include mobile devices, to leverage potential salami style SMS attacks.  Intellectual Property theft is still a major obstacle at both a nation state and organisational level.

Extended Enterprises
Andrew commented on the increasing complexity many organisations now face from a structural perspective.  Increased outsourcing, supply chain distribution and 3rd party data exchanges, make defensive planning difficult.  Bob also pointed out that the complexity of supply chain logistics have made smaller organisations, traditionally thought to be more immune to larger scale attacks, are now more likely to be breached, simply due to the impact it may have on their business partners.

Insider Threat and Privileged Account Management
Trusted employees can be still be a major headache from a security perspective.  Non-intentional activity such as losing laptops, responding to malicious links and being the victim of spear-phishing attacks, were all highlighted as being the result of poor security awareness, or a lack of effective security policy.  Bob argued that privileged account management should be a high priority, with many external attacks utilising root, administrator and service accounts with their escalated permissions.

Data Chemistry and Context Aware Analysis
Whilst there is no 'silver bullet' to help prevent against the known knowns and unknown unknowns, the use of security analytics can go some way to help detect and ultimately prevent future attacks.  Wendy used the term 'data chemistry' to emphasise the use of the right data and the right query to help provide greater detail and insight to traditional SIEM and log gathering technologies.  Bob promoted the use of greater profiling and context aware analysis of existing log and event data, to further highlight exceptions and their relevance, especially from a network activity perspective.  Andrew also commented that information asset classification, whilst a well known approach to risk management, is still a key component in developing effective defence policies.

By Simon Moffatt