Parliament Street: Cybercrime Summit

In this week's opinion piece, EM360 Editor Max Kurton reviews a recent discussion at the Houses of Parliament around cybercrimes impact on organisations with some Keynote speakers from this year's Info Security event.

Cybercrime Sumit With Infosec 2019 Keynote Speakers

We attended another fascinating panel discussion hosted by the Parliament Street think tank around the impact of cybercrime on organisations. This discussion was a precursor to the upcoming Info Security at the Olympia in London with some Keynote speakers forming the panel.

The amount of publicly disclosed breaches is growing year after year. With 2.5 billion data records being compromised in 2017, and more than 5 billion breaches in 2018. With GDPR in effect, organisations must report a breach of security by law, meaning that you would naturally see an increase of incidents. However, organisations need to reduce these figures significantly and a good starting point can be looking internally at their security practises.

“It’s critical to recognise that the bad guys are no longer outside of the organisation; they have already broken in or are insiders with legitimate log-in credentials. That’s why identity-based security is so important because businesses need to know exactly who these bad actors are and limit where they go, what they do and always record and monitor activity.  We always recommend a zero trust approach, to prevent malicious parties from gaining access to privileged accounts, which is now the number one source of data breaches.”
Andy Heather, VP, Centrify

Good Hackers Supporting Business

The bug bounty industry has become big business in recent years. Laurie Mercer explained how a 19-year-old became the first millionaire on their HackerOne platform. Santiago Lopez has earned over USD 1 million from reporting security vulnerabilities through vulnerability coordination. In 2018, the researchers on HackerOne earned over $19 million in bounties; the amount is a substantial growth compared to the $24 million paid in the previous five years. This approach allows the good hackers of the world to assist organisations in tightening up the flaws in their system. Unfortunately, like Santiago, the consensus seems to be that the majority of these hackers assisting businesses are self-taught.

“Cybercrime affects all of us, but like in the real world, there are many more good hackers than cybercriminals. As a community we must face this challenge head-on, asking the question: how can we unlock our hidden cybersecurity skills? How can we efficiently fix vulnerabilities before they can be exploited by cybercriminals? Millennials, veterans, gamers and students will all have a role in making a safer digital Britain.”
LAURIE MERCER, SECURITY ENGINEeR, HACKERONE

A Focus on Education

During the Q&A section to round out the evening, a general consensus of concern was around the lack of educational resources and opportunities available.  As the number of hackers implementing increasingly sophisticated methods and tools increases, the gap for skilled professionals widens. According to recent estimates, there will be as many as 3.5 million unfilled positions in the industry by 2021. The panel seemed to believe that a focus on making cybersecurity more appealing to a younger demographic is key. This includes targeting people with specific skill sets and showcasing how lucrative employment in cybersecurity can be.

“A key theme raised by the panel was the lack of educational resources and systems in place, which is reducing the supply of candidates in the marketplace, as well as the need for businesses to identify which data is the most important before implementing a cybersecurity programme.
Tim Dunton, MD, Nimbus Hosting

If you enjoyed this piece, check out our last visit to the Parliament Street Think Tank