This year’s InfoSec, held at Earls Court in London, did not disappoint. A wide range of issues were addressed throughout the three-day event, with speakers from all over the world (including our own Stephane Vinsot) giving their expert analysis on what lies ahead, what can or should be done, and where the future of the security industry lies.
Once again, InfoSec saw a number of high profile hacks and system failures take place in the run up to the show. So far in 2014, Heartbleed, the Target hack and the Yahoo Mail account hack (to name just a few) have rocked the world of CIOs and everyday internet users alike. It’s no wonder that nearly two thirds of InfoSec attendees this year thought cyber-attacks have increased in the past twelve months.
What can we, as professionals who dedicate our careers to security, learn from InfoSec so that we can help safeguard our cyber future? Here are four we observed, drawing on some insights from the European Information Security Survey 2014.
- Plan for the long term: 47.4% think the industry has a short-termist approach to information security strategies. We must start thinking ahead. Certainly hackers and fraudsters are playing a long game.
- Phishing is still a major issue: With two thirds of InfoSec 2014 attendees believing that the volume of cyber-attacks has increased in past twelve months; the biggest risk identified by these attendees was phishing attacks, followed closely by financial gain attacks. Banks in particular need to adapt their security to this ever evolving threat. For more info on this, have a look at my colleague, Arta Sylejmani’s blog on what banks can do to protect themselves and their customers from phishing.
- The rise of cloud security: At every InfoSec there is usually a buzzword or phrase that is visible everywhere. This year it was cloud security: the question “Is cloud computing secure” was brought up many times, our view is that cloud computing is the future and it can be secure; we just need to ensure that we employ the best solutions to protect our businesses. OTP (One Time Password) is a key example of how we can do this. For more info on this, see how French cloud service provider, SFR, has adopted cloud security.
- There is no ‘one size fits all’ solution: Organizations, depending on size, business type and structure will need to adopt different approaches. Some of the key themes from this year’s show included the importance of strong authentication methods, which help protect executives despite their location; executive education, particularly in relation to mobile devices and security; and, the ability to implement appropriate security measures without compromising convenience or accessibility for the end-user.
Were you at or following InfoSec 2014? Let us know what you thought of the event by tweeting us @Gemalto, or leave a comment in the section below.