View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 5, 2016updated 13 Jan 2017 12:01pm

“We’re all failing” – Experts slam enterprise cyber security failings at IP Expo

IT Expo panel blasts enterprises for not taking “basic” cyber security steps.

By Alexander Sword

Cyber security was one of the main topics on the IP Expo agenda, but a ‘Future of Cyber Security’ panel featured an unusually strong message from participants to enterprises: you are failing.

Rory Cellan-Jones from the BBC

BBC’s Rory Cellan-Jones moderated the panel at IP Expo 2016.

Rik Ferguson, Global VP of Security Research at Trend Micro, asked by moderator Rory Cellan-Jones from the BBC what scared him most, said “the people in the room.”

Apologising for “alienating” most of the audience, he said that the people responsible for security in enterprises were doing a poor job.

“TalkTalk is a great example: it shouldn’t be possible in 2016 to carry out an SQL injection.  A SQL injection should fail.”

The castigation of enterprise security professionals came as TalkTalk was hit with a fine by the Information Commissioner’s Office (ICO) for failing to take basic steps to protect customer information.

The fine of £400,000 comes in response to the theft of the personal data of around 157,000 customers in October 2015.

The ICO found from its investigation that TalkTalk hosted three webpages that were vulnerable to SQL injections.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

To demonstrate his point, Ferguson asked the audience a series of questions around basic security, asking for a show of hands, with very few raising their hands to say that their data was encrypted or that they used multi-factor authentication.

“Because enterprises are not doing enough about the basics of security, these attacks continue. Citizens are impacted by these hacks. They are all related to an enterprise,” he said.


Security Panel at IP ExpoJames Lyne, Head of Security Research at Sophos, agreed that “we’re all failing” but said that not all organisations were as culpable as those which were impacted by basic attacks.

“We’re about to enter a period where we’re going to name and shame,” he said, referring to the introduction of GDPR in 2018.

“I’m concerned that we’re putting all of those people in the category of negligent idiots,” said Lyne.

“There are also cases where people get hit by zero-days that they really couldn’t do anything about.”

The two were speaking on a panel also featuring Eugene Kaspersky, CEO of Kaspersky Lab.

Ferguson said that the solution for enterprises was to educate themselves and their workforces about security, as well as addressing basic issues such as encryption of data and defending against well-known vulnerabilities such as SQL injections.

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.