Analysis: As cyber security stakeholders from around the world descend upon London for the conference, what is on the agenda?
This year’s Infosecurity Europe conference, often shortened to Infosec, kicked off today and will continue throughout the week.
But just in case you don’t have chance to head over to Kensington Olympia for the conference, CBR has rounded up some of the big trends being discussed there.
Word of the day: Ransomware
Ransomware has landed. Discussion of ransomware is ubiquitous at Infosec this year, as the encryption malware hits an increasing number of businesses.
Ransomware is malware that encrypts files on a victim’s device and forces them to pay a ransom to the attacker before they can access the files.
The Infoblox DNS Threat Index saw a 3500 percent increase in the creation of ransomware domains in Q1 2016, so it’s not surprising that in terms of its sheer quantity ransomware is causing ripples.
Then there is the increasingly high profile of some of the victims: video streaming site Pirate Bay was hit by an attack in April, discovered by Malwarebytes, while in February Los Angeles hospital Hollywood Presbyterian Medical Center paid $17,000 in bitcoin to ransomware hackers after it locked down its systems.
Ransomware has been out in the consumer world for some time but is now making more inroads into businesses.
According to Gunter Ollmann, CSO, Vectra Networks this is not so much a repurposing of ransomware towards the enterprise but the employees bringing the consumer-targeted threats into the enterprise with them.
This is a particular danger of bring your own device policies. Ollmann says that enterprises will have basic protections built into the end-points such as firewalls that should stop direct attacks from malicious domains. However, there is no way of mandating these on employee-owned devices.
A major theme coming out of the conference was the need to stop paying ransoms. Bogdan Botezatu, Senior E-threat Analyst at Bitdefender says that the $300 million ransomware industry was "not sophisticated", and it would continue operating while it continued to make such returns.
"It should never get to the point of paying the ransom," says ESET Security Specialist Mark James.
As James argues, even paying the ransom is not a guarantee that you will get the result you need.
But just setting up regular back-ups of data is not enough to avoid getting to this stage. As James says, the auto back-ups could end up replacing your old back-ups with the encrypted data.
A proactive strategy that responds to the threat from ransomware is perhaps the big lesson from Infosec.
Debate of the day: A holistic view, or individual products?
Several vendors at Infosec this year talked of the increasing appetite for a ‘holistic’ view of security.
No, they weren’t advocating a new spa treatment: this holistic view of security means one vendor or product offering a complete security solution rather than a range of separate products being combined.
Stuart Clarke, CTO of Cybersecurity at Nuix, refers to this situation (the non-holistic one) as a ‘Security Frankenstein’.
"Each arm or leg is a disparate solution which the organisation has stitched together into a monster that it hopes will streamline the steps in the security kill chain and deliver an adaptive approach to security," Nuix explains in a blog on its website.
ESET’s Mark James disagrees; he says that people want to be able to "pick and choose different products" rather than have a single all-encompassing product.
Where people are in agreement is that people would ideally like to move to a single vendor and improve visibility over all of the solutions. Like with everything technology-related, there are vendors who are keen to help them do so.
Slow-burner: Look beyond malware
A continuing, not new, discussion point at Infosec this year was the need to look beyond malware. So many of the threats that exist at the moment have nothing to do with malware, but can come from all kinds of places, including the people within an organisation.
"If humans are the problem, we need to focus on that before technology," says Nuix’s Stuart Clarke.
For this reason, Clarke says that using anomaly detection will be crucial, rather than simply deploying a firewall. This is particularly important when use of the cloud is increasing in the workplace and the perimeter around the network is less established. This means looking at what people actually do within an enterprise and looking for potentially dangerous behaviour.
As CrowdStrike CEO George Kurtz says, "the industry is stuck in malware-only attacks."
This is why he criticises malware-driven solutions such as firewalls.
"If you have a hammer, everything looks like a nail," says Kurtz. "If you’re looking for malware you won’t see breaches using legitimate credentials."
As he says, there is a media obsession with an external hack, which can sound more exciting than the way many hacks actually take place.
One to watch: Virtualisation
Virtualisation as a technology has been around for a long time as a technology, but when it comes to security the applications are still emerging.
Virtualisation means creating a virtual version of virtual computer hardware platforms, operating systems, storage devices, or computer network resources.
In security, the use of virtual machines could be critical in isolating threats within a device, especially as the ransomware machine revs up.
For example, Bromium has pioneered a technology which allows an ordinary PC to spin up virtual machines for every function the computer needs to carry out. This means that if a malware is hidden in a file and tries to take over a computer, it is locked within that virtual machine where it can’t do any damage.
Vendors such as Bitdefender are also looking extensively at virtualisation.