Insights from Infosec Manchester 2019

On November 28, the Infosec Manchester 2019 event took place. While initially mistakenly classified as a purely sponsored, marketing-driven event and a humble venue (compared to its London cybersecurity conference counterpart), it was quite refreshing to see the event shatter initial expectations and touch upon key challenges in the cybersecurity market landscape. From cyberwarfare to Artificial Intelligence (AI)-powered cybersecurity tools and addressing the human element in security operations, this ABI Insight is dedicated to outlining and examining the key insights, issues, and trends gathered from the event.

The Current Information Security Landscape and Budget Constraints: According to a triple-threat panel featuring experts from enterprise (Trend Micro), government (FBI and cybercrime units), and academia (the University of Liverpool), the current information security landscape is woefully unprepared for the veritable storm approaching. Quoting data created in conjunction with the Ponemon Institute, the global annualized monetary loss from cyber-attack incidents almost tripled from approximately US$50 billion in 2011 to US$140 billion in 2016. During this six-year period, however, the annualized spending in cybersecurity increased only slightly, from US$30 billion in 2011 to a mere US$50 billion in 2016. This gap is expected to be exacerbated in the following years and will cause a significant drain on resources for both government and private enterprise. But is budget by itself really to blame here? How can the market move forward without the paralyzing fear of budget constraints which constantly gnaw at the back of the mind of security experts?

Is Budget the Only Deciding Factor? Budgetary constraints and the understaffed Information Technology (IT) security workforce are indeed two point challenges. However, some critics posit that oftentimes security professionals quote budgetary issues as a form of “learned helplessness” (i.e., a convenient monetary scapegoat) ready to take the hit and provide a suitable explanation which usually goes along the lines of: “we don’t have enough of a security budget, therefore it’s no wonder that this incident occurred.” Some speakers made the case that management is unable or unwilling to adapt to rising cybersecurity threats. Even in the case of incident response operations after a major attack has occurred, the moment that the communication trail from the security engineers reaches the higher levels of management it often hits a brick wall and communication breaks down. From that point on, the entire focus is on salvaging what is possible and emphasizing on the particular threat vector that compromised the network rather than revisiting the internal agenda and security protocols.

There is no denying that: a) security operations are (on average) woefully underfunded and b) higher-ups are usually reluctant to invest into newer technologies without a clear Return on Investment (ROI) in mind. As ABI Research has stated previously, however, determining the ROI of cybersecurity operations is currently easier than ever. Security tools and services targeting at endpoint, network, cloud, and platform security are not only essential for modern IT environments but also help the bottom line by streamlining processes, empowering IT personnel, and increasing organizational confidence both for internal and external interactions overall. “Empowering the human element” is the key term here.

ABI Research suggests that people are usually the leading cause of most breaches while email/messaging is the leading threat vector—which is also stated by other cybersecurity studies (e.g., Ponemon Institute). However, humans can make use of mental faculties and critical thinking which is far superior (at least for now!) than most Machine Learning (ML) security tools and they can make the call about what can constitute a threat. But they do need the appropriate tools to do so. If humans are judged (and blamed) for the inefficiencies of the tools they have to use on a daily basis while top-tier management is unwilling to understand the emerging threat horizon, then people are not to blame here: their tools are. Don’t just think of people as the leading threat vector but as the stalwart defenders of their organizations, too.

A first good step would be implementing an intelligent Endpoint Detection and Response (EDR) solution like the one created by Trend Micro, which makes use of telemetry, metadata, and a host of data logs from security tools like Security Information and Event Management (SIEMs) to provide automated correlation and detection and outlines Indicators of Attack and Compromise (IOA/IOC). So why is this considered an “intelligent tool” that fits the description mentioned above? It makes use of sophisticated ML algorithms that enable root cause analysis and security analytics across multiple and multifaceted layers, including endpoint devices, servers, communications, network, cloud, and IoT integrations. For implementers looking for similar solutions, a few other leading innovating organizations in endpoint protection include Symantec, Cynet, Crowdstrike, and SentinelOne.