Infosec Europe 2014 arrives hot on the heels of one of the most high profile cybersecurity vulnerabilities there’s been in years. The Heartbleed bug, a security flaw in the OpenSSL encryption technology that protects websites’ data, has cast the spotlight on just how at risk sensitive digital data is.
Chema Alonso, CEO at security firm Eleven Paths, believes the bug has informed the ‘human weakness’ theme for this week’s Infosec conference.
He takes CBR through the hottest topics on the Infosec agenda this week.
Will Choose Your Own Device solve BYOD security fears?
With it now being commonplace for iPads and other tablets to be utilised both at home and in the workplace, the question mark over the security of BYOD policies has been lingering for a number of years. According to research carried out by Microsoft, 67% of people use personal devices at work, regardless of the office’s official BYOD policy.
The Choose Your Own Device (CYOD) model is an approach that’s emerging as a means to overcome the security challenges of BYOD without compromising the choice and usage of cutting edge devices that BYOD brings. But the human-factors mean that risks remain inherent and the concern over security will likely be a key debate topic at Infosec.
Securing the Internet of Things
This year’s show will also see some much needed dialogue take place around the risks associated with M2M. As with any emerging technology, M2M comes with its own set of security issues that businesses need to be prepared to tackle. With Gartner predicting that the Internet of Things (that’s connected objects excluding PCs, tablets and smartphones) will grow to 26 billion units installed in 2020, it’s no wonder that this explosion of new networks and devices is also leading to an increase in attack vectors. Debate around this topic will seek to shed light upon the best practices required to reduce risk and ensure that security measures are developed and implemented as this industry expands. Leaving it to an afterthought is not an option.
Social engineering
Returning to the notion of the human-factor, something which is becoming more prevalent with the rise of a BYOD and CYOD culture is a technique called social engineering. This is where somebody is lured into taking an action which compromises their security, or that of a business – much like a traditional con.
Content from our partners
This can occur in many ways, including via malicious apps which contain a Trojan and are placed on a vulnerable app store for download. The malicious app usually mirrors a popular paid-for app but offers it for free. The app looks and feels the same, but provides an easy entry point for mobile infiltration.
Thinking like a hacker
Set to be a hot topic at this year’s event, the ‘thinking like a hacker’ trend will once again attract interest and debate around the merits of enlisting those who know the cyber threat landscape from the inside out. To me, any modern security taskforce today shouldn’t just include security experts and engineers but ‘ethical’ hackers too, who can provide the vital outside eye required to fortify against the ‘bad guys’.
As the cyber threat landscape is continuously evolving, the importance of getting one step ahead at all times will be top of mind at Infosec 2014, particularly as there’s never been a more important time to make security a top priority.
