Transcript
This transcript has been edited and refined for clarity.
Anna Delaney: Hello! I'm Anna Delaney with ISMG. Welcome to the Editors Panel at the end of Day 1 of the InfoSec Europe 2024. I'm joined by my colleagues, Akshaya Asokan and Mathew Schwartz. Great to see you both.
Mathew Schwartz: Great to be here.
Delaney: How's the event been for you today?
Schwartz: Buzzing. I am surprised by how many people there are here, and the density of the stands and booths and exhibitions - got some standouts. There's an old English pub over there, which I think is quite fetching. There's also an arcade zone with some classic arcade games. So I'm hoping, if our packed schedule permits to get over there.
Delaney: Some sweeties too, some socks I spy over there, aperol spritzs. I don't know what you seen Akshaya.
Akshaya Asokan: It's packed and buzzing and lots is happening in the same venue. I wanted to be able to check everything out, but I haven't even got to the half of it.
Delaney: Lot of steps.
Asokan: Yeah.
Delaney: Mat, you've been interviewing all day. Any standouts for you or any interesting points raised?
Schwartz: It’s been fascinating - the range of topics. As always, with so many cybersecurity conferences, lots of different angles that people are discussing. No surprise to anybody - AI - maybe we can come back to that if you want. But some of the other discussions I've had today - ransomware - one of my favorite topics, and also my favorite topic because of the amount of innovation that happens. So had a great discussion with Bitdefender talking about what they've been seeing in terms of shifts and how criminals are continuing to earn their money, edge devices under fire, huge one. I've been hearing that a lot lately when it comes to ransomware from major cyber insurers and also with incident responders like today investigating various calamities that have happened and that have been brought in to assist with. Another great topic - secure by design - and a wonderful interview with John Goodacre, professor at Manchester University, but also director of digital security by design at UKRI. Talking about the state of attempts to hopefully entice vendors to build things so they're more secure by design and by default so it takes less effort to try to get it locked down. So great discussions.
Delaney: That ties in quite nicely with one of the keynote speakers you met earlier. Was it the same professor?
Asokan: Yeah. I found it very interesting, because that is one of the U.K. government's projects that's going on, and what Goodacre had said in a speech was that around 69% of the vulnerabilities that we see are caused by memory safety. And what this project entails or ceases to do is to address the vulnerability in the security stage of the software itself. And the project is already on trial, and they are going to the U.K.'s CISA, among other international agencies, that have shown interest in the project and is probably going to replicate this model of addressing vulnerabilities in the software design stage. And again, like Mat said, ransomware has been a hot topic, and there's another keynote panel from the City of London - the Police Chief - about ransomware banning. He said that banning ransom payment can potentially criminalize the victims. So that was an interesting viewpoint to the trends that we are seeing now.
Delaney: And it's coming up so much more often. Mat, any surprises or anything new, anything different this year?
Schwartz: More nuanced, thankfully, around the AI discussion. So I had a great discussion with Alistair Peterson, who is the CEO of a venture-backed startup that's looking to do security for AI. We need to understand how it's being used inside organizations, because it is being used inside so many organizations, and CISOs are looking for a way to not make it an all or nothing thing, which people are probably going to be using it anyway - Shadow IT - so great discussion there. I suspect we're going to be hearing a lot more about AI over the course of the week, but it's always great to take the temperature of AI because it's changing just so quickly and there's so much to try to keep up with. So it's great to be able to talk to people who know or are in the now at events like this.
Delaney: I've had a rather, a few reflective conversations. I love these events because you might not see somebody for a year but then you come together and you take a debrief of what's happened over the year. But also it has been 30 years since CISSP was first introduced. So thinking about how the role of the CISO has evolved in that time and the list of expectations of the strategic folks is so much more different and broad than it was 30 years ago. We had some great conversations with Channel 4, the deputy CISO there, Ian Thornton-Trump from Cyjax, CyberEdBoard members as well about how they're approaching AI and he termed it constrained AI. He's taking a more constrained approach to managing this technology. Lovely conversation with Javvad Malik. I've known before as well on election security and thinking about misinformation and disinformation and the psychology behind what you're shown, what you believe and how to manage that in organizations as well. So great conversations all around. Thank you so much for these reflections. One word to describe today, Mat?
Schwartz: Buzzing!
Delaney: Buzzing.
Asokan: I'd say packed.
Delaney: I'll say lively. There you go. And thank you so much for watching. We'll be back in a couple of days to wrap this security conference up. Until then, thank you so much and goodbye.