10th e-Crime & Cybersecurity Mid-Year Summit
October 18th, 2018, London, UK
The first era of cybersecurity is over. It was an era of myths and half-truths that obscured the business realities of both providing and implementing cybersecurity, driven partly by venture capitalists and entrepreneurs jostling for position on the bandwagon, and partly by confusion among end-users over the nature of cyber-risk and the appropriate risk management structures and staffing.
But it’s time to confront the inconvenient truths of cybersecurity. Unless we do, cybersecurity effectiveness will continue to fall as spending rises, the cybersecurity industry’s credibility as a whole will suffer and ultimately end-users will turn to government and regulation to enforce security at a more fundamental level.
So what are some of these inconvenient truths?
- Cybersecurity is just another operational risk and needs to be managed like one.
- Cybersecurity is a business risk and so must be evaluated like any other business proposition.
- Companies will not definitely experience an existential threat to their operations from a cyber attack.
- Everything cannot be protected equally.
- Most companies cannot afford on-premise cybersecurity or even IT. The answer is the Cloud but security there is still a huge problem.
- Third-party security is a bigger issue than your own security and management by questionnaire is absurd.
- Cybersecurity spending should be tailored to the threats and vulnerabilities specific to a particular organization – so all cybersecurity should be based on threat intelligence.
- Current cybersecurity strategies are not scalable to the threat: only automation offers an answer.
- Physical and cybersecurity are not separate and must be managed together.
- Cybersecurity solution providers must work together to share threat information and ensure interoperability.
- Most cybersecurity solution providers in existence today will not be around in the same form in three years’ time.
- The current unwillingness to disclose breach and loss data and to detail cybersecurity precautions is untenable as stakeholders, customers and government demand this governance information and companies begin to use cybersecurity as a competitive differentiator.
The list goes on. Some end-users and solution providers are already working to these assumptions. Those that do will increasingly pull ahead.
e-Crime and Cybersecurity Mid-Year 2018 will look at the realities of achieving cybersecurity and resilience today. What is realistic? Which solutions providers can deliver it? Who at end-users should be making the key decisions? And what is the true role of the CISO in all this?