It's been an action-packed and enlightening day at Infosecurity Europe 2023, so I decided to take some time to reflect on everything I've learned. From the legendary sprinter Michael Johnson's talk on preparing your team for the unknown; to the Bank of England's Duncan Mackinnon advising on how to build operational resilience; to a radical shift in industry trends, buckle in because we've got a lot to cover.
Collaboration is Key
Following a brief introduction from Beth Maundrill, Editor at Infosecurity Magazine, the day's first keynote speaker took the stage. By his admission, Michael Johnson, legendary sprinter, former world record holder, and twelve-time Olympic and World Champion, isn't a cybersecurity expert. However, we have much to learn from his decade-long career at the pinnacle of professional athletics.
Johnson began his talk by reminding us of something all cybersecurity experts are keenly aware of: the finest margins determine success or failure at the top level. Whether it's the fraction of a second Johnson shaved off his race time by incorporating weight training into his regime; or the minute improvements in incident detection cybersecurity tools can afford security teams, the most minor refinements can be the difference between gold and silver, protected and breached.
But that wasn't all the wisdom Johnson had to impart. Reflecting on his time as an Olympic sprinter, Johnson made a surprising admission: he didn't like his relay teammates, and they didn't like him. In Johnson's heyday, the US men's relay team were fierce rivals, competing year-round to qualify for the Olympic team, win medals, and break records. But once their individual races were over, the sprinters would have to settle their differences and run their final race as a team. And they did just that; Johnson won four 4x400m gold medals in his career.
The cybersecurity industry would do well to learn from Johnson and his teammates. The security industry must accept that cybercriminals, not competing vendors, are the real enemy. We can't tackle cybercrime alone; vendors must put aside their differences and work together to fight cybercrime effectively.
While we already see some level of collaboration between security vendors, siloed information has always been a significant problem for the cybersecurity community. Equally, organizations must talk more openly about their security controls so that smaller organizations can mature without lengthy trial-and-error procedures. Allowing cyber criminals to succeed only fuels the beast, as they reinvest stolen funds and develop better capabilities.
I've also enjoyed the opportunity to educate the industry on Fortra. We offer so much now that I have a solution for every query, and that's a great feeling. Our comprehensive suite of cybersecurity tooling means that we can help any organization with almost any problem and have unrivalled tool interconnectivity, providing our customers with one best-in-class portfolio.
Resilience Rhetoric
Later in the day, Duncan Mackinnon, Executive Director for Supervisory Risk Specialists at the Prudential Regulation Authority (PRA), took to the keynote stage to talk about the work undertaken by the Bank of England and through the cross-market operational resilience group to build the UK finance sector's operational resilience.
Mackinnon noted that 2023 has already seen two significant attacks on organizations providing services to the UK's financial sector. Both incidents were disruptive and substantially impacted PRA and Financial Conduct Authority (FCA) regulated organizations. As a result, the PRA, alongside the FCA, His Majesty's Treasury, the National Cybersecurity Centre (NCSC), and the UK financial sector, started working to understand the root causes of recent attacks and how to mitigate their impacts.
It's incredibly encouraging to hear organizations talking about resilience, and initiatives like the Bank of England's Digital Operational Resilience Act (DORA) have gone a long way in facilitating that conversation. Early in my career, resilience was taboo; suggesting that a customer might suffer a compromise was not done. Fortunately, the perspective has shifted and regulations such as DORA have truly validated this reality, with messaging now focusing on an organization's ability to withstand attacks and respond to compromise. This attitude is a much more practical approach to cybersecurity and acknowledges that not all attacks can be prevented, putting more emphasis on recovery through rapid detection and response and minimizing the likelihood and reducing impact of successful attacks.
Bye-Bye, Buzzwords
At other conferences earlier this year, AI was undoubtedly the topic of the moment. It’s become a buzzword, and yet despite the fact that almost every vendor here can claim some level of AI implementation, I was surprised by the lack of messaging on the booths.
API security, however, is enjoying its moment in the sun. I've seen more API-specific vendors than ever before and learned from analysts that many of their financial services clients are concerned about API issues. APIs facilitate innovation, and organizations are scrambling to develop and adopt APIs and realize their benefits; as a result, APIs have become a more prominent attack surface. It's encouraging to see that the market has responded to this development.
All in all, it's been a busy but fascinating day. I can't wait to see what the rest of the event brings.
To find out more about what Fortra has to offer, come and visit us at stand M40 or head to www.fortra.com.
