So, Infosecurity Europe is over for another year. What did 2024 bring other than the inevitable loss of voice and sore feet?
It definitely felt like a lower-key affair this year. A lot less razzmatazz with many well-known big brands choosing not to attend and save some of their Marketing funds. But perhaps, because of that, there was more focus on the real security agenda.
A New Approach to Data Breaches & Holistic Data Protection
Based on the conversations I had with attending security professionals, there seems to be a shift toward an acceptance of inevitable breaches and attacks. While it seems fatalistic, this is a positive position because it ensures a focus on detection and response at speed. In other words, minimise your window of vulnerability, prevent serious data loss, and mitigate the threat to ensure you’ve learnt from it and are now stronger because of it.
This leads customers towards those vendors that are driving integrations and workflows. The need to do it all, do it at scale, and get to ROI quickly also supports the market for platforms that simplify and automate detection and response, effectively reducing your exposure time for those “inevitable breaches.”
Using AI for Good (and How Bad Guys Are Using It for Bad)
There was inevitably much talk about AI. This typically sits in three buckets:
How do I use it to make my security infrastructure more effective?
How does it not become another risk vector for data loss and privacy issues?
How are the bad guys using it against me?
Most vendors will have “AI functionality,” but there is still some distance to go to determine what that actually means and how it can practically help.
Better to focus on who is helping with the second point and ensuring you are not dropping your intellectual property into the public domain or exposing your personal data. The major buzzword around the last point is obviously deepfakes, with many news stories of how this is the “new social engineering.” The nature of this risk must first be dealt with by education, so once again, security awareness training is becoming a must-have for most organisations.
Supply Chain Attacks: Targeting the Good Stuff
Another major talking point was about supply chain attacks with a focus on compromised legitimate applications. Effectively, bad actors can use valid but vulnerable applications in your environment to gain access and deliver payloads. Making sure your suppliers are all doing the right things with regard to security in software development and services, is critical to avoid becoming another data-compromised news story.
Data Protection Reemerges as a Focus
Interestingly for me, data protection seemed to be back on the agenda. What should be a mature and understood market is still perceived as difficult and often deprioritised.
Organisations that do not have teams of analysts and the resources of large-scale SOC teams often struggle to get value from an investment. My observation is that those organisations that drive critical focus in data protection programs (zeroing in on the biggest risk) will be the most successful. Plus, these organisations do not try to do it themselves but rather leverage expertise from the market in the forms of delivery and managed services, making it a much easier proposition for all.
Lastly, a clear classification program can drive efficacy in your protection tools and ensure your ability to demonstrate value and meet business objectives.
Final Thoughts
In summary, I would definitely say the three days constituted time well spent. My faith in these kinds of events had started to wane, but I believe those customers who attended gained much value from it, as did Fortra and many of the vendors present. There is also always the additional added value of meeting old friends and colleagues and laughing over a beer at how amazing or how terrible it all used to be... But for now, it seems that the security industry will keep pushing on for another year with even more productive insights on how to do so. But I’m sure we’ll talk about that at Infosec 2025.
Make Fortra Your Cybersecurity Peer
Our mission at Fortra is to help organizations increase security maturity while decreasing operational burden. Our vision is a stronger, simpler future for cybersecurity. Who’s with us?
