Summer in the UK means a lot of different things to different people; it’s defined by music festivals, huge sporting events such as Wimbledon and the FIFA World Cup, and enjoying the brief respite from the rain! For the InfoSec community however, it only means one thing; Infosecurity Europe.
Infosecurity Europe, taking place annually at London’s world-famous Olympia, is the largest European trade show for companies, media outlets, and individuals interested in the evolving landscape of the information security industry. In the past few years, we have seen the industry expand in size, as well as enter the public consciousness in ways that veterans like us could only have hoped for when InfoSec was in its infancy. So, what did we learn from this year’s show? What were the hot talking points, and what can we expect from next year’s show?
The Talking Points
To nobody’s surprise, the shadow of GDPR still looms large over the Infosecurity world. Many of the discussions we had with the media, including with IT Security Guru (included in this post), BBC Click and the New Statesman all centred around DomainTools’ unique take on the GDPR conundrum; that as PII data is redacted from Whois records, security researchers will need to diversify the information they analyse in order to keep Internet users safe. We recognized this need well in advance of GDPR and are enabling that capability with recent updates in the Iris Investigation Platform).
Aside from the Whois aspect of GDPR, the new legislation still dominated proceedings at this year’s conference. Exhibitors seemed to be shifting focus away from their technical prowess to a more pragmatic discussion of data protection issues and breach detection capabilities necessary to achieve GDPR compliance.
One of the notable developments I spotted from walking the show floor was the presence of law firms. Infosecurity conferences were once the domain of the highly focused security professionals, but GDPR and numerous widely publicized breaches is shifting the industry to a more critical function in most organizations.
This sentiment was also reflected in the conference talks, which were targeted at business people attempting to navigate the expanding world of cyber. Session titles included “View from the Board: A CEO’s Perspective on Cybersecurity,” “Security at the Speed of Business: Supporting Digital Transformation with Cybersecurity” and “Patch or Perish: Strengthening Cybersecurity Controls to Reduce Risk & Mitigate Threats.” It’s clear that today’s Infosecurity show is aimed more at decision makers across the breadth of a business than simply the technical people it once catered to.
Another popular topic at this year’s show was helping to remediate the much-discussed cyber skills gap. The UK government’s Department for Digital, Culture, Media and Sport was in attendance with a booth, as well as a variety of MSSPs, cyber-oriented university departments, and other security training programs – all hoping to ease the skills gap.
Where Are We Heading?
Looking forward to Infosecurity Europe 2019, what should attendees expect to see? I think it’s a fair assumption that as GDPR starts to result in fines for organizations that are out of compliance, the legislation will remain a hot topic. Expect a wealth of attendees and exhibitors focusing on data protection, breach detection, and compliance.
Likewise, I believe we will see organizations focusing on the skills gap taking up an increasing amount of space on the show floor. As an element of this–and simply because it is a hot topic in the industry now–we will also see the growth of interest in machine learning and artificial intelligence. Orchestration solutions will also continue to grow in interest and usage by companies as the skill gap widens, and they need to deal with more security alerts.
In my opinion, we will also see the growth of government agencies and national players engaging with InfoSec. The world in which governments now operate is increasingly a cyber-world; retaliation for political decisions and engagement in or disruption of democratic process happen in cyberspace now. Therefore more and more governments and affiliated agencies will need to engage in cybersecurity–something that will undoubtedly be reflected at next year’s Infosecurity Europe.
Conclusions
Infosecurity Europe remains Europe’s best vessel for the information security community to wax lyrical on the big ideas of the day. This year, GDPR reigned supreme, but the skills gap, and the engagement of business more broadly in the InfoSec world were also present to an extent not seen in past years. As to whether my assertions for next year’s show will ring true, only time will tell; Cybersecurity and InfoSec are notoriously unpredictable. One thing I can say with confidence however is that cybersecurity is here to stay–and consequently, so is Infosecurity Europe.
