Euro Security Watch with Mathew J. Schwartz

Cyberwarfare / Nation-State Attacks , Events , Fraud Management & Cybercrime

Visual Journal: Infosecurity Europe 2018

Cybersecurity Conference Tackles GDPR, Cybercrime, Nation-State Attacks and More
Visual Journal: Infosecurity Europe 2018

When it's June in London, that means it's time for the annual Infosecurity Europe conference.

See Also: 5 Requirements for Modern DLP

Last week's conference featured 240 sessions, more than 400 exhibitors and an estimated 19,500 attendees (see 10 Hot Sessions: Infosecurity Europe in London).

Here are visual highlights from the annual, three-day information security event, which offered analysis of nation-state attackers and cybercrime trends as well as hints for complying with the EU's General Data Protection Regulation.

Bigger, With New Layout

Assembly in progress on June 4 inside the Olympia, one day before the conference opened

Once again, the conference was held at Olympia London, an exhibition center, event space and conference center in the West Kensington district.

Attendee with black duck

The centerpiece of the Olympia, which was built in 1886 - one year before the Eiffel Tower - and originally called the National Agricultural Hall, is its glass ceiling and wrought iron interior. But the space can become sweltering on hot summer days.

This year, however, the conference expanded its footprint, and the increased interior space - and reasonably cool weather - appeared to help with air flow.

Another change: The keynote stage, instead of being a too-small, tented space on the mezzanine level, was instead moved around the corner to another part of the Olympia - a third-floor lecture hall. Cue decent seats and sound, amphitheater-style seating and air conditioning. Score one for the conference organizers.

Networking Galore

The networking bar on the conference floor.

The Olympia blends a glass ceiling, wrought-iron-age details, and lots of floor space, leaving plenty of room not just for exhibitors but also food stands and networking zones.

400 Exhibitors

Meanwhile, Infosecurity Europe has continued to grow.

View from the show floor.

This year's conference logged 40 more exhibitors than last year, plus about 1,500 more attendees.

Lots of Swag

One attendee takes home an Apple Watch.

Beyond sessions, technology talks and hands-on demos via the new "Geek Street," conference-goers also had the opportunity to get their badge scanned in return for swag, from light sabers to black ducks, as well as the chance at some bigger prizes.

Insights From Cybersecurity Experts

Talking GDPR and breach notification with Allen Rogers, vice president of engineering for IBM Resilient, at the ISMG stand

This year, from Information Security Media Group's stand, I interviewed dozens of information security luminaries. Stay tuned for all of the interviews, but just to name a handful of the folks I spoke with:

  • Jaya Baloo, CISO of KPN Telecom, who delivered a keynote presentation on quantum computing;
  • Troy Hunt, an Australian data breach expert, who described the worrying rise in credential stuffing attacks;
  • Thom Lanford, CISO of Publicis Group, who talked about his organization's approach to GDPR compliance;
  • James Lyne of Sophos, who addressed ransomware and new criminal business models;
  • Rapid7's Tod Beardsley, who offered highlights from his firm's third annual "National Exposure Index" study of open and unsecured ports on the internet.
Talking turkey with James Lyne of Sophos (Photo: Mike D'Agostino, ISMG)

That's just a small selection of the many great conversations I had, which touched on everything from machine learning, staffing and DDoS to alert fatigue, cybercrime trends and nation-state attacks.

Analysis: Nation-State Hacker and Cybercrime Gangs Commingle

Robert Hannigan, former director general of GCHQ, speaks at Infosecurity Europe on June 7.

Robert Hannigan, the former director general of Britain's signals intelligence and cryptography agency, GCHQ, delivered a riveting keynote speech on Thursday, titled "Weaponizing the Web," focusing on "nation-state hacking and what it means for enterprise cybersecurity."

Hannigan retired from GCHQ at the beginning of 2017. During his tenure, GCHQ launched the U.K.'s National Cyber Security Center, which is designed to help British organizations better defend themselves against cyberattacks and respond to information security incidents (see UK Stands Up GCHQ National Cyber Security Center in London).

In his presentation, Hannigan paid special attention to the online threat posed by North Korea and Russia.

He also traced the recent evolution of cybercrime gangs and said there's been an increased blurring between cybercrime groups and nation-state attackers. "In some cases, you can see these groups sitting in the same room, and in some cases, you can see where people have been conducting state activity during the day and then doing crime activity at night."

GDPR Enforcement Looms Large

With GDPR, "you need to keep this up now, it's a continuous process," says Nigel Houlden, the ICO's head of technology policy. "You have to keep on top of your security policies, your education, your security training."

Infosecurity Europe occurred less than three weeks after the May 25 enforcement deadline for the EU's General Data Protection Regulation. GDPR requires organizations to be transparent and accountable about how they handle Europeans' personal information. Organizations that willfully and negligently flout those rules face fines of up to £17 million ($23 million) or 4 percent of annual global revenue - whichever is greater.

This year's Infosecurity Europe conference was again held at the Olympia in London.

One big question on people's minds: Who in the U.K. will get fined first under GDPR, which is enforced by the Information Commissioner's Office?

The ICO has also been staffing up to help investigate organizations, especially because GDPR mandates that organizations inform relevant authorities when they lose control of personal data.

Speaking on a panel discussion about GDPR at the conference, the ICO's Nigel Houlden, head of technology policy, said that while the fines might be grabbing headlines, organizations should be more concerned about their ability to continue to be entrusted with personal data, because the ICO can revoke their processing power.

"Forget the £17 million fine. If we can stop you processing, that's pretty much the end of your company," he said (see GDPR: UK Privacy Regulator Open to Self-Certification).

Privacy: The "New Normal"

"Privacy is the new normal," says Vivienne Artz, chief privacy officer of Thomson Reuters.

Other GDPR panel participants included privacy and technology experts from Thomson Reuters, Trainline and Microsoft. They talked about how they have been putting GDPR's requirements into practice, and doing so in a manner that can be both demonstrated - to regulators - as well as sustained.

Getting ready for the GDPR panel discussion at this year's conference

"The phrase we've coined in my organization is, 'privacy is the new normal'," said Vivienne Artz, chief privacy officer of Thomson Reuters. She said GDPR had enabled her firm to take "the opportunity now to streamline what's been a very manual process" around handling customer data.

"Going forward ... it needs to be much more automated," she said.

Numerous organizations appear to have overhauled or refined their approach to data security and privacy in light of the GDPR enforcement deadline.

The Eurovision of Cybersecurity?

Sophia M. takes home an award for "best new security blog."

Infosecurity Europe isn't just a conference; it's also a social networking event for cybersecurity aficionados and practitioners.

Jack Daniel is GDPR-compliant.

Cue the night of June 5, when information security veteran Jack Daniel took to the "stage" at the Crown and Sceptre pub and quipped: "There's nothing wrong in America that would make me want to have a lot of friends in Europe."

Daniel, a strategist for Tenable Network Security and co-founder of the Security BSides, was one of a handful of judges for the European Cyber Security Blogger Awards. The event doubles as a social night for a motley assortment of cybersecurity industry types, ranging from blogger-practitioners and media types to researchers and media relations folk.

Judges for this year's awards also included cybersecurity consultant Brian Honan, AlienVault's Javvad Malik, journalist Dan Raywood and Yvonne Eskenzi from Eskenzi PR. While candidates were nominated and voted for by the public, the judges also got to add their own points to the proceedings.

The list of winners included ESET for best corporate security blog, Digital Shadows for the best European corporate security blog, Jenny Radcliffe for her "The Human Factor" security podcast, and Sophia M., a cybersecurity student at Bournemouth University, for "best new security blog" with her blog "Hacker Not Found."

Other winners included Graham Cluley and Carole Theriault for their Smashing Security podcast, and porg-obsessed Twitter enthusiast Kevin Beaumont (@GossiTheDog) for "best European security tweeter," among others.

Meanwhile, Australian data breach expert Troy Hunt bagged the award for best overall blog.

"I'm not sure how I found myself in a European award program, maybe it's like Australians in Eurovision?" Hunt says in a blog post.

Jenny Radcliffe takes home an award for "best security podcast."

Not a category: Best information security T-shirt. But if such an award existed, Jack Daniel would have won it, hands down, for his custom-printed, GDPR-themed shirt encapsulating his unique approach to the "right to be forgotten."

All photos by Mathew Schwartz unless otherwise indicated.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.