Security practitioners from around the world are in London for this week’s InfoSec Europe 2017 gathering at the Olympia Grand.
This year’s agenda covers everything from threats against the Internet of Things (IoT) to GDPR readiness and the ongoing scourge of ransomware. Among the speakers: Sophos Global Head of Security Research James Lyne.
Lyne participated in a keynote discussion about the things he believes are hurting businesses the most today, as well as where we think attackers will go next. To sum it up, he said:
It’s all about ransomware and IoT.
During Tuesday’s keynote, Lyne talked about the “continued professionalization of ransomware as a service,” which he called, “sublime to ridiculous”. He noted how the dark web’s ransomware-as-a-service (RaaS) market even includes a rating system where criminals “earn stars for stealth, evil, value and price.
.Lyne’s advice for those in attendance:
- Don’t get distracted by the “big, sexy talks” like government-sponsored attacks and nation-state cybercrime. They are interesting topics to be sure, but …
- People should stay grounded in the opportunistic attacks that target businesses every day, like ransomware and the recent WannaCry outbreak.
- Focus on the security basics – the simple things like using the latest and greatest endpoint security, staying on top of patching and using strong passwords.
Those are items he said many companies continue to struggle with. He hopes attendees are discussing better ways to work together to strengthen those areas. As he said during the keynote:
When we look at some of these cyber-attacks, we’re talking about failures verging on negligence. We can’t rely on continued tools to help us decrypt ransomware — WannaCry is a wake-up, but it could be worse.