Over the last few months, security experts have had to contend with the General Data Protection Regulation (GDPR), ransomware, and AI as the three most pressing IT issues companies have to face at present.
Organisations are still dealing with the fall out fromWannacry, which brought NHS hospitals to a standstill; GDPR is on its way with very few getting to grips with it still; and artificial intelligence is still some way off and may not deal with security problems the way we expect.
Back in the GDPR
Virtually every vendor has a view on GDPR, the EU's more stringent data protection law due to come into force next year and introduce fines of up to 4% of turnover for security breaches. Endless surveys and research suggest very few organisations are prepared for the rules. Although, to be fair, it is hard to be ready when the Information Commissioner's Office (ICO) itself hasn't yet published its final guidance on certain aspects. Adhering to the eight data protection principles still appears to be the best way forward in order to be compliant with GDPR.
Peter Brown, a senior technology officer from the ICO, told attendees in a keynote speech at Infosecurity Europe 2017, held in London last week, that with a year to go, it would be better for firms to think of GDPR more positively and emphasise the opportunities. If a company can demonstrate it is fully compliant, its reputation will be enhanced.
He was quick to point out that come 26 May next year, when the GDPR applies, the ICO wasn't going to start banging down doors and demanding 4% of a company's turnover in case of a security breach.
Ilias Chantzos, Symantec's senior director of government affairs for EMEA and Asia, said there is no box that can "solve" GDPR problems.
Brexit is also making its presence felt. In another keynote speech, Microsoft's CISO, Bret Arsenault, spoke against "digital xenophobia" criticising how different countries handle data protection. Brexit is very likely to result in the UK drawing up its own data protection laws and these will not completely overlap with the EU, meaning companies having to deal with any differentiations.
Wannacry me a river
The recent Wannacry attacks had a silver lining, according to Rik Ferguson, who is vice president of security research at Trend Micro and a special advisor to Europol. This is that the trust model between victim and criminal in a ransomware attack may have been broken. People have become more aware that paying the ransom doesn't always result in getting data back from criminals - it's much better to keep regular backups.
James Lyne, a security researcher with Sophos, who was in the same panel discussion at Infosec with Ferguson, said that Wannacry has seen ransomware getting more sophisticated, and this means that organisations and people cannot rely on tools to decrypt locked files. He added that the danger has become more real in many people's minds, increasing awareness of it, which could ultimately be good news as the more people take seriously the threat of hacking and cybercrime, the more people will be cautious about suspicious content.
Unsurprisingly, Wannacry has been good financially for the channel. According to channel analysts Context, the malware outbreak has increased sales of cybersecurity goods and services by a significant margin.
Internet of Things can only get better?
Another issue was the increasing use of automation within technology as well as its impact on IT security. In a keynote speech, security guru Bruce Schneier said that with the internet now meeting the "classic definition" of a robot as far as it being able to sense, think and act, we are creating a world-sized robot without even realising it. He argued that IoT systems such as self-driving cars, power stations and medical devices can be hacked with real consequences, more so than with a traditional PC.
Once more, governments will have to step in to force companies to improve security rather than relying on the market to deal with things. He just hoped that any regulation would be "smart" rather than "stupid".
Artificial intelligence as a basis for IT security also got a grilling from Giovanni Vigna, CTO ofLastline. In a speech at Infosec, he said such technologies only really work when they have large data sets, and you can only learn from "things you know".
But machine learning could be used to reduce the number of security analysts needed and direct focus on more important issues, he added, acknowledging that there is a renewed interest in anomaly detection using machine learning, but this would require modelling good behaviour and this takes time.
Ultimately, artificial intelligence, machine learning, and deep learning cannot be used in a simple way, according to Vigna. Organisations need to start at breach detection events to teach such systems to look for similar patterns elsewhere.
