May 17, 2018 By Louise Byrne 4 min read

To quote Keren Elazari, “The immune system requires us all to collaborate.” On May 15, 2018, that’s exactly what over 100 security leaders from across the U.K. and Europe did, coming together for a day of thought leadership, learning and sharing at the Institute of Engineering and Technology (IET) in London.

The event was especially significant because it was the first ever IBM Security Summit to be held in London. As a major center of business and enterprise, London was the perfect location to bring people together. We were even lucky with the weather, with glorious sunshine throughout the day helping to make the event truly memorable.

Three Key Lessons For Security Leaders

Throughout the summit, three key themes and lessons emerged. The first was the importance of security for everyone — not just chief information security officers (CISOs) and security leaders, but also ordinary people on the street. The growing awareness of security issues and the ways in which vulnerabilities can be used to affect everyday life in catastrophic ways means that security is now a rapidly growing concern for customers. Therefore, it should become a higher priority for every area of a business.

Another key lesson from the day was that security professionals must work together or risk falling behind. Cybercrime is quickly becoming a very profitable venture and to be successful against it, CISOs must find ways to share their knowledge with each other safely and quickly.

The third lesson from the day was that to outsmart the cybercriminals, security leaders need to think creatively about where to find help. Untapped talent can be found in unexpected sources. For example, companies might consider offering rewards to friendly hackers who choose to report the vulnerabilities they find.

Everything in the World Is a Computer

In his session Bruce Schneier gave a fascinating talk on how since everything in our world is now essentially a computer, the rest of the world needs to learn some crucial lessons about cybersecurity. The theme of cybersecurity for everyone arose repeatedly throughout the sessions and keynotes.

In her inspirational keynote on the future of cybersecurity from a hacker’s perspective, Keren Elazari spoke about how cybersecurity is about our way of life. It is no longer just about protecting our secrets or our bank details — it’s about protecting the very way we live.

This theme was also clear in Dr. Saif Abed’s captivating talk on healthcare as the new frontier for cyber warfare. In this industry, breaches can be deadly — patient records can be compromised, blood test results can get mixed up, and this should be a major concern for everyone.

Abed highlighted the increasing digitization of hospitals, which expands the threat surface and puts more patients at risk. Humans often implicitly trust systems, meaning that integrity-based attacks are a real concern. Any system that becomes digitized in a hospital is a prime target.

Coming Together to Improve Security

Collaboration was another theme that repeatedly surfaced during the London Security Summit. In his opening, Rob Sedman, director of IBM Security in the U.K. and Ireland, asked the attendees to think about how they could work better together and learn from each other. By the end of the day, he said, everyone in the room should have three or four new security contacts. It is safe to say that many of the attendees achieved this goal because there was active participation and networking throughout the day, with security leaders in the breakouts frequently raising their hands to share their opinions and perspectives and speaking openly about their experiences and challenges.

The CISO panel offered some great perspectives on collaboration, particularly the importance of trusted networks and one-to-one relationships between CISOs for coaching and guidance. IBM’s own CISO, Shamla Naidoo, spoke about the practicalities of collaboration and how tools such as the IBM X-Force Exchange allow security leaders to consume important information about indicators of compromise (IoCs) and cyberattacks more easily. This helps them avoid the difficulties that can arise with duplication, validation and different formats.

A Hacker, a Doctor and a Best-Selling Author

Summit attendees noted that they enjoyed the variety and range of perspectives from the speakers and breakouts. “The content was relevant and ranked very highly,” said one attendee. “Brilliant breadth of speaker, industry and topics,” said another. “It’s been an exceptionally inspiring event with great insights and engagement!”

This was due in part to the fact that attendees were able to choose any two of three very different breakout sessions: A “Design Thinking” session that discussed how to influence the board with regard to cybersecurity investment, a simulated security operations center (SOC) experience, and a session on innovating with cloud. All three sessions had great engagement and questions from the audience.

The attendees also appreciated the focus on thought leadership and vision rather than technology. In “Right of Boom: Leadership-in-Crisis Post Breach,” Caleb Barlow, vice president of threat intelligence at IBM Security, conducted an interactive exercise with the audience. Attendees were divided into groups to unpack a scenario in which a board member received a call from a journalist asking to comment on a breach.

The groups thought about the response from either an HR/legal, IT/security or press/communications perspective, focusing on what needs to be done once a boom moment happens — and the need to practice those situations so everyone knows what to do when they occur.

The message of the session was clear: A company can damage its brand and lower its stock value by the way it reacts (or doesn’t react) to a data breach.

Friendly Hackers Could Be Our Greatest Allies

The main content of the London Security Summit ended with an invigorating and inspiring talk from Elazari, a self-professed geek and friendly hacker.

Elazari shared her journey into the cybersecurity industry and the highlighted the amazing talent that exists within the friendly hacker community — researchers who use their curiosity and creativity to show the myriad ways in which technology can be used and exploited. She also spoke about how organizations must work together and humans must learn to work alongside technology to perform the crucial work that machines are unable to do, such as making others care about cybersecurity, digital forensics, incident response and threat hunting.

This glimpse into the future of cybersecurity was a brilliant way to the end the day, and attendees left the event with a revitalized passion for cybersecurity, as they headed for drinks and networking on the roof terrace.

https://www.youtube.com/watch?v=CGymFEKXguY&amp=&feature=youtu.be

More from

Zero-day exploits underscore rising risks for internet-facing interfaces

3 min read - Recent reports confirm the active exploitation of a critical zero-day vulnerability targeting Palo Alto Networks’ Next-Generation Firewalls (NGFW) management interfaces. While Palo Alto’s swift advisories and mitigation guidance offer a starting point for remediation, the broader implications of such vulnerabilities demand attention from organizations globally.The surge in attacks on internet-facing management interfaces highlights an evolving threat landscape and necessitates rethinking how organizations secure critical assets.Who is exploiting the NGFW zero-day?As of now, little is known about the actors behind the…

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Roundup: The top ransomware stories of 2024

2 min read - The year 2024 saw a marked increase in the competence, aggression and unpredictability of ransomware attackers. Nearly all the key numbers are up — more ransomware gangs, bigger targets and higher payouts. Malicious ransomware groups also focus on critical infrastructure and supply chains, raising the stakes for victims and increasing the motivation to cooperate.Here are the biggest ransomware stories of 2024.Ransomware payments reach record highRansomware payments surged to record highs in 2024. In the first half of the year, victims…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today