The future is in AI, DevSecOps and zero trust, say Cybersecurity Festival speakers

Tom Allen
clock • 3 min read

"We all have to live and breathe the same language", says panel

The final day of the Cybersecurity Festival covered a wealth of subjects, with the main takeaway - seemingly shared by every speaker and delegate - being that we must all work together to combat the rise of increasingly professional cyber attacks. The onus isn't purely on the business side to come to IT, either: cyber professionals must make an effort to work with employees, and look past their traditional recruiting grounds to ensure they have a diversity of thought.

Former hacktivist Jake Davis, previously of Anonymous and Lulzsec, began the day by speaking about his criminal past and hacking with a purpose, which segued into the inability of laws to keep up with the changing pace of technology.

"In 2011 prosecuting this type of attack was so novel, the legal teams and judges didn't know how to get to grips with it.

"I spent five years, until 2018, banned from encryption. Which makes no sense, the law made no sense. I spoke to someone from the serious crime prevention squad to explain I needed to draw some money from the bank. Technically I'm using encryption when I put the card in, because you enter your PIN, that goes to the bank and it's encrypted. If I turn on my computer, that's encryption."

In a Q&A session with hosts Tom Allen and Zoe Kleinman, Davis touched on topics including cyberinsurance, bug bounties and the endless attempts to outlaw or bypass end-to-end encryption. His entire talk is available on-demand now.

Computing's John Leonard and Darktrace's Max Heinemeyer both spoke about the dangers of AI in security, particularly trust. Heineymeyer showed a very convincing spearphishing email written with no human involvement at all, and warned that attacks like this - nearly undetectable by most security products - are on the rise. More than nine in 10 executives Darktrace has talked to are preparing for this type of attack, so make sure your business is counted among that number.

Two mid-morning sessions covered digital skills and culture. In the first, John Higgins of BCS highlighted the importance of looking beyond qualifications when trying to fill IT roles, especially in security. Following this, panellists Diane Gan (University of Greenwich), Goher Mohammad (L&Q Group), Shelton Newsham (NBS) and Stephen Owen (esure) discussed the effect of Brexit on the UK's skills gap, and talked about how to ensure security is involved in business decisions from the start of a project. This is especially important in an all-remote environment, where silos can creep up on teams and days of video meetings kill productivity.

Okta's Kevin Butler and Synopsys' Boris Cipot also touched on the pandemic and its effect on security, stressing that now may be the perfect time to rethink your security posture. Cipot especially highlighted open source technology, which nearly every businesses uses in some capacity - but without visibility into the software stack, it can introduce vulnerabilities.

The final sessions of the day were two case studies: the first from the Bank of Ireland's Francis Gorman on security versus agility. He emphasised the need to challenge the status quo and working with industry peers (even at competitors) to counter security threats. Finally, Westminster City Council's Zakki Ghauri covered ways to reduce people-based risk, especially as we return to the office: two key points brought up again and again throughout the day.

We loved running this inaugural Cybersecurity Festival - now fully available on-demand - and look forward to welcoming you back to the next.

You may also like
The changing face of shadow IT

Security

Cloud, smartphones and the pandemic. How to maintain control over proliferating devices and services?

clock 17 May 2023 • 4 min read
Is cyber insurance ready for SMEs?

Management

Panellists say the market is complex and costly – but not unreasonable

clock 29 November 2022 • 2 min read
Cybersecurity: Deliveroo's three lines of defence

Security

Security operations lead Danielle Sudai on following the IIA's security framework at the delivery company

clock 29 November 2022 • 4 min read

More on Security

'Gay furry hackers' breach conservative US think tank behind Project 2025

'Gay furry hackers' breach conservative US think tank behind Project 2025

Heritage Foundation calls group "degenerate perverts"

Tom Allen
clock 11 July 2024 • 2 min read
Why 'change' for the UK must include cybersecurity

Why 'change' for the UK must include cybersecurity

Labour needs to to get ahead and demonstrate a commitment to security from the outset

Rick Jones
clock 11 July 2024 • 4 min read
Mammoth Microsoft Patch Tuesday fixes four zero-days, five critical bugs

Mammoth Microsoft Patch Tuesday fixes four zero-days, five critical bugs

142 holes plugged this month

John Leonard
clock 10 July 2024 • 3 min read