The standoff between the FBI and Apple in early 2016, and subsequent resolution when a third party unlocked an encrypted iPhone, served to highlight once again the complex challenges facing information security professionals. Not only did the case throw into sharp relief the conflict between notions of privacy and national security, it also demonstrated that a hack can be found to bypass even the most rigorous security controls.
Whilst the high-level encryption debate rages on, at an organizational level information security professionals are charged with protecting increasingly connected organizations. The extended enterprise is connected to multiple partners and suppliers leading to a myriad of governance and assurance challenges. Tech savvy employees and customers are utilizing new technologies to connect, collaborate and work smarter, often bypassing security controls and accessing shadow IT to improve efficiency and drive the business forward.
At the same time, a seismic technological shift is taking place towards machine-to-machine communication and the Internet of Things (IoT). Gartner predicts that 6.4 billion IoT devices will be used globally in 2016 and by 2020 they forecast that number will reach 20.8 billion. The potential privacy and security implications of the deluge of data generated by connected things are vast especially as for the manufacturers of IoT enabled products the priority is speed to market rather than security, so products aren’t being designed with security in mind. As the cyber-physical threat landscape evolves, information security professionals need to ensure their organization’s security posture is such that they can manage existing risks while being prepared to tackle the emerging challenges on the horizon.
The need to communicate information security risk effectively to the board and wider business has never been more important as the threats become increasingly complex. There is no doubt that information security is seen as a business risk by senior management, and information security professionals really do have the board’s attention. Yet, with dramatic headlines about cybercrime causing alarm in the boardroom, information security professionals are still struggling to cut through the hype to turn that attention into genuine understanding of the risk to ensure security is a top-down priority. The Talk Talk breach in 2015 illustrated very clearly that information security is a CEO’s concern and that the board needs to be on top of this threat.
As cyber-attacks become increasingly sophisticated and cybercriminals themselves become more connected and collaborative, highly-skilled cyber defenders are needed to protect an organization’s sensitive information security assets. Yet the industry is facing a global skills shortage and as a result, information security leaders are grappling with the challenges of upskilling their security team to ensure it is equipped to deal with the challenges of the future.
Securing the connected organization is the theme of this year’s Infosecurity Europe, being held at Olympia, London 7th-9th June, the event will provide you with the intelligence, insight and solutions you need to enhance the maturity of your organization’s security posture. Bringing together everyone and everything you need to know in information security, the event represents the highlight of the industry’s event calendar.
Whether you want to keep up with the strategic direction of the industry, catch-up with colleagues and peers and make new connections, engage with vendors and service providers to find out about the latest solutions, hear about the latest technological developments and research, or develop your career, Infosecurity Europe is the event for the information security community. I look forward to welcoming you to Olympia London in June.