May 17, 2018 By Louise Byrne 4 min read

To quote Keren Elazari, “The immune system requires us all to collaborate.” On May 15, 2018, that’s exactly what over 100 security leaders from across the U.K. and Europe did, coming together for a day of thought leadership, learning and sharing at the Institute of Engineering and Technology (IET) in London.

The event was especially significant because it was the first ever IBM Security Summit to be held in London. As a major center of business and enterprise, London was the perfect location to bring people together. We were even lucky with the weather, with glorious sunshine throughout the day helping to make the event truly memorable.

Three Key Lessons For Security Leaders

Throughout the summit, three key themes and lessons emerged. The first was the importance of security for everyone — not just chief information security officers (CISOs) and security leaders, but also ordinary people on the street. The growing awareness of security issues and the ways in which vulnerabilities can be used to affect everyday life in catastrophic ways means that security is now a rapidly growing concern for customers. Therefore, it should become a higher priority for every area of a business.

Another key lesson from the day was that security professionals must work together or risk falling behind. Cybercrime is quickly becoming a very profitable venture and to be successful against it, CISOs must find ways to share their knowledge with each other safely and quickly.

The third lesson from the day was that to outsmart the cybercriminals, security leaders need to think creatively about where to find help. Untapped talent can be found in unexpected sources. For example, companies might consider offering rewards to friendly hackers who choose to report the vulnerabilities they find.

Everything in the World Is a Computer

In his session Bruce Schneier gave a fascinating talk on how since everything in our world is now essentially a computer, the rest of the world needs to learn some crucial lessons about cybersecurity. The theme of cybersecurity for everyone arose repeatedly throughout the sessions and keynotes.

In her inspirational keynote on the future of cybersecurity from a hacker’s perspective, Keren Elazari spoke about how cybersecurity is about our way of life. It is no longer just about protecting our secrets or our bank details — it’s about protecting the very way we live.

This theme was also clear in Dr. Saif Abed’s captivating talk on healthcare as the new frontier for cyber warfare. In this industry, breaches can be deadly — patient records can be compromised, blood test results can get mixed up, and this should be a major concern for everyone.

Abed highlighted the increasing digitization of hospitals, which expands the threat surface and puts more patients at risk. Humans often implicitly trust systems, meaning that integrity-based attacks are a real concern. Any system that becomes digitized in a hospital is a prime target.

Coming Together to Improve Security

Collaboration was another theme that repeatedly surfaced during the London Security Summit. In his opening, Rob Sedman, director of IBM Security in the U.K. and Ireland, asked the attendees to think about how they could work better together and learn from each other. By the end of the day, he said, everyone in the room should have three or four new security contacts. It is safe to say that many of the attendees achieved this goal because there was active participation and networking throughout the day, with security leaders in the breakouts frequently raising their hands to share their opinions and perspectives and speaking openly about their experiences and challenges.

The CISO panel offered some great perspectives on collaboration, particularly the importance of trusted networks and one-to-one relationships between CISOs for coaching and guidance. IBM’s own CISO, Shamla Naidoo, spoke about the practicalities of collaboration and how tools such as the IBM X-Force Exchange allow security leaders to consume important information about indicators of compromise (IoCs) and cyberattacks more easily. This helps them avoid the difficulties that can arise with duplication, validation and different formats.

A Hacker, a Doctor and a Best-Selling Author

Summit attendees noted that they enjoyed the variety and range of perspectives from the speakers and breakouts. “The content was relevant and ranked very highly,” said one attendee. “Brilliant breadth of speaker, industry and topics,” said another. “It’s been an exceptionally inspiring event with great insights and engagement!”

This was due in part to the fact that attendees were able to choose any two of three very different breakout sessions: A “Design Thinking” session that discussed how to influence the board with regard to cybersecurity investment, a simulated security operations center (SOC) experience, and a session on innovating with cloud. All three sessions had great engagement and questions from the audience.

The attendees also appreciated the focus on thought leadership and vision rather than technology. In “Right of Boom: Leadership-in-Crisis Post Breach,” Caleb Barlow, vice president of threat intelligence at IBM Security, conducted an interactive exercise with the audience. Attendees were divided into groups to unpack a scenario in which a board member received a call from a journalist asking to comment on a breach.

The groups thought about the response from either an HR/legal, IT/security or press/communications perspective, focusing on what needs to be done once a boom moment happens — and the need to practice those situations so everyone knows what to do when they occur.

The message of the session was clear: A company can damage its brand and lower its stock value by the way it reacts (or doesn’t react) to a data breach.

Friendly Hackers Could Be Our Greatest Allies

The main content of the London Security Summit ended with an invigorating and inspiring talk from Elazari, a self-professed geek and friendly hacker.

Elazari shared her journey into the cybersecurity industry and the highlighted the amazing talent that exists within the friendly hacker community — researchers who use their curiosity and creativity to show the myriad ways in which technology can be used and exploited. She also spoke about how organizations must work together and humans must learn to work alongside technology to perform the crucial work that machines are unable to do, such as making others care about cybersecurity, digital forensics, incident response and threat hunting.

This glimpse into the future of cybersecurity was a brilliant way to the end the day, and attendees left the event with a revitalized passion for cybersecurity, as they headed for drinks and networking on the roof terrace.

More from

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today