When I wrote my first editorial comment of the year, I did so on the day of David Bowie’s death and since then the news has sadly been filled with other famous names leaving us. Of course this is security, and while the sudden passing of Prince, Alan Rickman and Johan Cruyff among others has been bad news, the security industry has not faced much happier tales.
2016 has seen enterprises battle with ransomware as the most malicious of malware hit and shut down hospitals, while wearables, devices and industrial control systems deemed to be “the Internet of Things” has the promise to puncture more holes in an already aerated perimeter.
One story that has dominated the headlines in the first part of this year is that of the FBI’s efforts to install a backdoor inside the Apple mobile operating system. In this case, the bureau wanted to access the San Bernandino gunman’s iPhone, but despite the back and forth of the case going to court and eventually an iPhone being hacked by a third party, what this story did raise was the issue of device security and how private communications are crucial.
Yes the likes of Piers Morgan may have claimed that he could “take that terrorist’s iPhone down to Tottenham Court Road right now & they'd get into it”, but this story raised awareness of personal privacy and device security to the most common denominator – the general public.
In this issue, Dow Jones head of cyber content and data Rob Sloan looks at this matter from an enterprise perspective, and how vulnerabilities exist, but how deliberately added backdoors add a completely different side to the debate.
Also in this issue, I take a lengthy look at the state of retail security two years on from the major breaches at a number of retailers. What interested me in particular was how there was a large number of breaches reported in succession, and then they suddenly and dramatically reduced.
While attending this year’s RSA Conference, I was able to share some time with the Retail Cyber Intelligence Sharing Center (R-CISC) who have enabled retailers to exchange threat intelligence and knowledge to make a more secure sector. Also while working on this angle I got to sit down with M&S head of information security Lee Barney, who I first spoke to a few years ago and with a strong background in the retail sector, now finds himself at the UK high street giant.
Of course the reason why so many of those retail security breaches were reported by US companies comes down to state-led mandatory data breach reporting, and another area of interest in the past few months has been the proposed general data protection regulation (GDPR) being approved. In this issue I talk to two senior members of the National Association of Data Protection Officers (NADPO) about this, and in particular how data protection officers will play a major part in the rollout of the framework in the next couple of years.
Statistics from the International Association of Privacy Professionals published in April revealed that there will be availability for 28,000 data protection officers when the new data protection standard is rolled out. Should I call that availability or yet another shortage? I first wrote about the need for the data protection officer in 2011 and it does seem to be one thing that businesses have embraced already, but perhaps it is a sign of the times.
Finally, you may be reading this at the annual extravaganza that is Infosecurity Europe and sitting here at my desk in our office in Richmond with the team responsible for putting this show together, the level of organization is really something to admire.
This year will see record numbers attend and floor space sold faster than ever before as the industry sets up camp in Olympia for three days. In particular I’m really interested in seeing the winner of the “UK's Most Innovative Small Cyber Security Company of the Year” named. This is something I have been delighted to have been involved with this year and it is great to see yet more innovation in this industry, particularly from those new companies that will be first time exhibitors this year.
I concluded my last editorial comment saying that this remains the most dynamic sector of IT, and with headlines driving interest in IT security and people and technology set to meet the challenge, I don’t see that changing.
Dan Raywood, Editor