To quote Keren Elazari, “The immune system requires us all to collaborate.” On May 15, 2018, that’s exactly what over 100 security leaders from across the U.K. and Europe did, coming together for a day of thought leadership, learning and sharing at the Institute of Engineering and Technology (IET) in London.
The event was especially significant because it was the first ever IBM Security Summit to be held in London. As a major center of business and enterprise, London was the perfect location to bring people together. We were even lucky with the weather, with glorious sunshine throughout the day helping to make the event truly memorable.
Three Key Lessons For Security Leaders
Throughout the summit, three key themes and lessons emerged. The first was the importance of security for everyone — not just chief information security officers (CISOs) and security leaders, but also ordinary people on the street. The growing awareness of security issues and the ways in which vulnerabilities can be used to affect everyday life in catastrophic ways means that security is now a rapidly growing concern for customers. Therefore, it should become a higher priority for every area of a business.
Another key lesson from the day was that security professionals must work together or risk falling behind. Cybercrime is quickly becoming a very profitable venture and to be successful against it, CISOs must find ways to share their knowledge with each other safely and quickly.
The third lesson from the day was that to outsmart the cybercriminals, security leaders need to think creatively about where to find help. Untapped talent can be found in unexpected sources. For example, companies might consider offering rewards to friendly hackers who choose to report the vulnerabilities they find.
Everything in the World Is a Computer
In his session Bruce Schneier gave a fascinating talk on how since everything in our world is now essentially a computer, the rest of the world needs to learn some crucial lessons about cybersecurity. The theme of cybersecurity for everyone arose repeatedly throughout the sessions and keynotes.
In her inspirational keynote on the future of cybersecurity from a hacker’s perspective, Keren Elazari spoke about how cybersecurity is about our way of life. It is no longer just about protecting our secrets or our bank details — it’s about protecting the very way we live.
This theme was also clear in Dr. Saif Abed’s captivating talk on healthcare as the new frontier for cyber warfare. In this industry, breaches can be deadly — patient records can be compromised, blood test results can get mixed up, and this should be a major concern for everyone.
Abed highlighted the increasing digitization of hospitals, which expands the threat surface and puts more patients at risk. Humans often implicitly trust systems, meaning that integrity-based attacks are a real concern. Any system that becomes digitized in a hospital is a prime target.
Coming Together to Improve Security
Collaboration was another theme that repeatedly surfaced during the London Security Summit. In his opening, Rob Sedman, director of IBM Security in the U.K. and Ireland, asked the attendees to think about how they could work better together and learn from each other. By the end of the day, he said, everyone in the room should have three or four new security contacts. It is safe to say that many of the attendees achieved this goal because there was active participation and networking throughout the day, with security leaders in the breakouts frequently raising their hands to share their opinions and perspectives and speaking openly about their experiences and challenges.
The CISO panel offered some great perspectives on collaboration, particularly the importance of trusted networks and one-to-one relationships between CISOs for coaching and guidance. IBM’s own CISO, Shamla Naidoo, spoke about the practicalities of collaboration and how tools such as the IBM X-Force Exchange allow security leaders to consume important information about indicators of compromise (IoCs) and cyberattacks more easily. This helps them avoid the difficulties that can arise with duplication, validation and different formats.
A Hacker, a Doctor and a Best-Selling Author
Summit attendees noted that they enjoyed the variety and range of perspectives from the speakers and breakouts. “The content was relevant and ranked very highly,” said one attendee. “Brilliant breadth of speaker, industry and topics,” said another. “It’s been an exceptionally inspiring event with great insights and engagement!”
This was due in part to the fact that attendees were able to choose any two of three very different breakout sessions: A “Design Thinking” session that discussed how to influence the board with regard to cybersecurity investment, a simulated security operations center (SOC) experience, and a session on innovating with cloud. All three sessions had great engagement and questions from the audience.
The attendees also appreciated the focus on thought leadership and vision rather than technology. In “Right of Boom: Leadership-in-Crisis Post Breach,” Caleb Barlow, vice president of threat intelligence at IBM Security, conducted an interactive exercise with the audience. Attendees were divided into groups to unpack a scenario in which a board member received a call from a journalist asking to comment on a breach.
The groups thought about the response from either an HR/legal, IT/security or press/communications perspective, focusing on what needs to be done once a boom moment happens — and the need to practice those situations so everyone knows what to do when they occur.
The message of the session was clear: A company can damage its brand and lower its stock value by the way it reacts (or doesn’t react) to a data breach.
Friendly Hackers Could Be Our Greatest Allies
The main content of the London Security Summit ended with an invigorating and inspiring talk from Elazari, a self-professed geek and friendly hacker.
Elazari shared her journey into the cybersecurity industry and the highlighted the amazing talent that exists within the friendly hacker community — researchers who use their curiosity and creativity to show the myriad ways in which technology can be used and exploited. She also spoke about how organizations must work together and humans must learn to work alongside technology to perform the crucial work that machines are unable to do, such as making others care about cybersecurity, digital forensics, incident response and threat hunting.
This glimpse into the future of cybersecurity was a brilliant way to the end the day, and attendees left the event with a revitalized passion for cybersecurity, as they headed for drinks and networking on the roof terrace.