Infosecurity Europe 2023 In Review by Infosecurity Magazine Editor, Beth Maundrill 

After an attending Infosecurity Europe 2023 event in London its time to reflect on some of the highlights of this year’s event.

One of the stand-out things for me is that there is definitely a positive shift in attitude among the cybersecurity community. Yes, there are still huge challenges and, yes, the cybersecurity landscape is full of uncertainties but overall, there is a willingness and drive to work together, share learned experiences and evolve past the old tales of doom and gloom.

In this blog I’ll highlight some of the big events from this year’s show and some of the most important takeaways for cybersecurity professionals. 

This year’s keynote conference started with a spectacular opening keynote from legendary Olympian and star of track and field, Michael Johnson.

“The fundamentals, you can’t avoid them,” Johnson said while reflecting on his time avoiding parts of the training fundamental to becoming a four-time Olympic gold medalist. Translating this to the cybersecurity world doesn’t take too much imagination, we’re reminded that having the security basics right is always the first step to maturing your cybersecurity posture.

Johnson also highlighted how it pays to prepare for the unknown, study your opponent and take control of the situation wherever possible, but also to be flexible enough to respond with agility to changing conditions if required.

Later in the week we heard from ‘friendly hacker’ Keren Elazari who reminded us that despite all the innovation in the cybersecurity sector, cybercrime innovation has accelerated in the ransomware space.

It’s only a matter of time before they also deploy generative AI tools like ChatGPT to produce file-less polymorphic malware and other threats with little effort, she argued.

To tackle this Elazari urged Infosecurity Europe attendees and their peers in the cybersecurity industry to fight back by utilizing an underused asset: ethical hackers and bug bounty programs.

Infosecurity Europe continues to recognize people and organizations that make a difference in the world of cybersecurity.

This year, the UK Department of Science, Information and Technology (DSIT) selected Angoka as the 2023 Most Innovative Cyber SME.

Angoka’s offering focuses on smart cities and mobility. During Infosecurity Europe the company highlighted the cyber-threats associated with drones and found that, based on three years of research on drone control systems, there are 156 different threats associated with commercial unpiloted vehicles. 

Becky Pinkard, Managing Director of Global Cyber Operations at Barclays, was inducted into the Infosecurity Europe Hall of Fame 2023.

Becky highlighted her dedication to cybersecurity during her Hall of Fame lecture at the event.

Pinkard’s experience in this industry throughout her 27-year career had helped her grow both personally and professionally and she said: “What I realized is that security gave me a home.”

During her heartfelt talk she implored the audience to be open to others who might not fit in. “Remember who they are at home is who they are as a person. That is who they bring to work and that is why they are successful. We have to embrace that and won’t be successful if we don’t,” she said. 

Learning from others’ experiences is important for those attending Infosecurity Europe and the cybersecurity industry at large.

In one talk, Dunelm’s DevSecOps principal engineer, Jan Claeyssens, explained how a move to infrastructure as code (IaC), updated web application firewalls (WAFs) and a programmable content delivery network (CDN) allows the retailer to push out as many as 250 updates to its e-commerce platform each month.

The move has been supported by a new approach to security, with a larger cybersecurity team, a move to DevSecOps and ensuring that security experts are on hand to help developers pre-empt any issues before they release updates.

Meanwhile, the UK’s largest building society, Nationwide, shared how it is trialing the use of a new team within its cybersecurity operations, specifically to manage its attack surface. The new team will have the use of a digital twin of the organization which will take data from its security tools and create a digital version of its technology.

Finally, a Bank of England official spoke on the keynote stage about cyber-resilience and how it is now a key component of operational resilience for the UK’s financial markets.

During the presentation the official highlighted how UK authorities – including the Prudential Regulation Authority (PRA), the Financial Conduct Authority (FCA) and the Bank of England – are building operational resilience across the sector. The goal is to protect the UK’s financial markets, firms and customers.

With over 330 exhibitors Infosecurity Europe is the place to showcase new products, technologies and innovations in the cybersecurity world.

AI was of course a huge talking point at the event and BlackBerry’s Cybersecurity President, John Giamatteo, warned against heavy-handed AI regulation in an interview with Infosecurity Magazine.

Speaking about an upcoming AI summit in the UK, Giamatteo said: “I’d like to see the organizing countries setting, not regulations, but suggestive parameters and recommendations around how you securely manage this new environment.”

While AI was somewhat a topic of conversation at the event it didn’t dominate, after six months of speculation as to how ‘bad’ it will be for cybersecurity there are still many unknowns when it comes to how AI will impact the sector.

Another discussion highlighted at Infosecurity Europe was around API security and why this could present a huge threat in cybersecurity. Mayur Upadhyaya, CEO of Contxt said that APIs are one of the top attack vectors today because their usage keeps growing.

He commented that API security solutions are not widely adopted yet and, as there is no clear owner of APIs within the enterprise, there is usually not a single stakeholder that will be responsible for protecting APIs and API security tend to be overlooked.

Upadhyaya spoke at the Innovation Showcase which was a major hit at this year’s event and saw visitors submerge themselves in new tech ideas and approaches. 

Finally, insider risk and how to work with employees successfully was discussed by Adarma Security’s head of security engineering, and Proofpoint’s resident CISO. The pair commented that transparency and context key to insider risk management.

“It’s as much about protecting the employees as protecting the company,” Adarma Security’s Donna Goddard argued. “When they have confidence in you, they may actually proactively come to you with issues.”

Looking for something else?