ISF Conference 2020

The ISF Conference 2020 took place 16-19th November as a virtual event, having initially been scheduled to take place in Poland.  The virtual experience was extremely impressive and the technology ran throughout each day without fault.  Other than the inability to see or talk to actual people all the key components were there, with full bio’s on all the speakers, key note sessions, a library to browse and download ISF white-papers and materials, auditorium, which you entered to here the key note speakers, break-out rooms and interactive workshops via zoom.  Chapter Officer Liz Banbury had the following to say about the event.

The calibre of the key-note speakers was extremely high and I listened to:

  • Hannah Fry, a mathematician studying the patterns of human behaviour, such as interpersonal relationships and dating and how mathematics can apply to them. 
    • Key messages were that with all the data analytic tools and algorithms used to predict events and behaviours you must still pay attention to the data from a human element.  It is not what you see in front of you but you must question what you don’t’ see.  We need to recognise the limitations of data and use it to assist humans, not replace. 
  • Sir Bob Geldof who focussed on how we can change the mindset from its current orthodox thinking,
  • Dame Inga Beale, the first female CEO of Lloyds Insurance Group. She also spoke about the challenges of changing the mindset from the norm and took us through the evolution of Lloyds under her leadership. 
    • Key messages were to be yourself, embrace mentorship, have faith in the impact you have in others and to continue to talk about and act on diversity and inclusion.  Diversity = Innovation. 
  • Rik Ferguson talked to us about cyber security during the global pandemic and how data as a criminal commodity was now worth circa $1.5Tn in annual turnover and with the acceleration towards digital combined with working from home and shared spaces the lengths criminals will be going to will rise exponentially. Sim-jacking was cited as another one in the long list of ‘jacking’ methods used. Ultimately the pandemic has done organisations good in some ways as it has accelerated programs and change that should have taken place a lot quicker in the first place: Put everything in the cloud, users and devices to be distributed globally, IT to be more business-process focussed. 
    • Key messages – areas for concern are volatility, new subscriber types [M2M/MIoT] the vast amounts of data that now exists and the fact that data centres are still non-data centric centres, combined with the lack of skillset.

Other key notes spoke about the age of digitisation, where the word ‘digital’ stopped being an adjective in 20th Century and if you are using that word to describe something then you are in the wrong generation.  The changers today are the ‘influencers, bloggers, you-tubers’, mas surveillance where our habits and experiences are bought and sold on the market like stocks and shares.

Key Themes [outside the key-notes]:

  • Privacy and how much privacy do we really have? 
  • The threat landscape, threat intelligence and the threat horizon 2023, where the ISF had a particularly interesting talk.  The ISF predict the top threats for 2023 – so a very forward look:
  1. Biological Data – driven by the increase in bio-tech and health data
  2. Manufacturing Industry – increase in surveillance cameras, gadgets, fitness tracking devices
  3. Digital Doubles – fuels and identity crisis where criminals can create digital doubles of a person which can then be used in ever increasing sophisticated phishing /social engineering attacks.
  4. IoT moves to IoB [Internet of Bodies] where the value of the real person increases.  A rise in biometric compromises
  5. Reliance on emerging technology backfires – ensure the basics are in place first!
  6. Renewable Energy switches – attacks to cause either power surges or power outages/forced blackouts.  The outage/blackout will allow the criminals to target their attacks and also weakens the ability of the organisation to meet demand/customer service ..  A rise in IoT and use of ‘smart’ grids will increase the number of critical systems in place.
  7. Digital camouflage – behavioural data becomes increasingly unreliable
  8. Security fails to adjust to the ‘new’ ‘never’ normal – in the wake of covid-19 a new distributed model emerges leaving organisations struggling to keep up with the BAU and accrue escalating debt.
  9. Extreme isolation deepens security ‘fault’ lines – Regulation will stop globalisation!
  • Multi cloud encryption & key management – assume everything is in the cloud and ensure key management across multiple cloud providers
  • Digital Transformation – the increasing number of organisations adopting a zero-trust strategy.  Look at what hurts the most and where the weakest points are, start from there and ensure the business strategy aligns with the security strategy.
  • Cryptography – the need for cryptographic agility.   Have a crypto-board where key concepts such as centralised services are progressed.
  • Fake News and misinformation vs disinformation – fast becoming an influencer and cause for public harm or profit. Creates fear and uncertainty which create opportunity for attacks on society and organisations.