Cyber security experts agree: building walls is not enough
For the eleventh consecutive year, the largest cyber security conference in the Nordics, Paranoia, was recently arranged in Oslo. The conference was an opportunity to listen in to some of the leading experts in the industry, such as Bruce Schneier and ethical hacker FC. As usual, Paranoia was also a meeting place to discuss current cyber security issues. From this year’s conference there are above all three things I take with me:
Assume breach – we will be hacked
We must accept the fact that we can’t only build walls and hope that no one succeeds to break in. Like Bruce Schneier said in his presentation – the internet was not designed with security in mind. The large networks we have today are not possible to secure from breaches and therefore we have to assume that we will, or already has been, hacked.
Cyber security expert Mikko Hypponen shared a parable of a bank vault without motion detectors on the inside. If someone manage to get into the vault this person is free to grab anything he or she can, and the same goes for our IT systems. Therefore, we need a strategy for detecting and responding to breaches. Rob Wainwright, previously director of Europol, also talked about the importance of gathering and analysing data in order to maximize knowledge about the threats we face. The more knowledge we have, the easier it will be to act efficiently in the security work.
The past year we have seen many examples of attacks where organizations that are not the main target ends up as victims to collateral damage. We also need to bear in mind that today even nation states are sometimes initiating attacks, something that we likely will see more of in the future. Therefore, we need increased cooperation between organizations and countries, but this needs to build upon trust – and the question is, who can we really trust?
Ongoing lack of resources
There is a lack of resources within cyber security – in terms of competence as well as efficient tools. This is no news, but during Paranoia we got to listen in to discussions on the issue from both EU and US perspectives. Several speakers, such as Rob Wainwright and Bruce Schneier, emphasised that the lack of competence already reaches hundreds of thousands people, even millions depending on which regions in the world you include.
How to deal with this shortcoming was a recurring topic during Paranoia. On the one hand, we need to attract more people to the industry through, for example, education and gamification of the recruitment process. On the other hand, we also need to start using automation and AI to make jobs more efficient and easier. In the future, I think we will get the best results if we combine human with AI.
Cyber security for a safe society
Cyber security is not just about privacy – cybercrime can physically harm people unless we help protect the critical infrastructure. Today, cyber security is a must for a society to be safe. Håkan Buskhe, CEO of Saab, talked about the importance of companies being aware that they are also part of a country’s cyber security puzzle and that through their security work they support critical societal functions.
There is a lot happening in cyber security and this year's Paranoia gave me – and certainly all other participants – many interesting insights and things to ponder. Thanks to everyone involved for a brilliant conference, see you at Paranoia 2019!
In the latest episode of the Combitech pod, I and my colleague Johan Thulin report directly from Paranoia. We interview Håkan Buskhe, CEO of Saab, ethical hacker FC and Dr. Jessica Barker, security expert focusing on the human part of cyber security. Listen to the pod here.