This year’s Infosecurity Europe again made me realise that I am privileged to work in such an exciting industry. As always, there was a lot of hype to cut through, but once you did, there were great insights to be found. Here are my top three takeaways from walking the floor.
1. Too few vendors were talking about email security
The 2019 Verizon Data Beach Investigations Report recognises phishing as number one in a list of “Top threat action varieties in breaches” and email as the most common point of entry for malware. Why then, were so few companies talking about email security? Even those with market leading products and services seemed to be avoiding the subject. The migration to cloud email platforms is changing email security and I expect it will have a far higher profile next year. Watch out for an emerging category of service, Inbox Detection and Response (IDR), that is going to change the way we protect users from phishing attacks. Only a few of the start-up vendors in this space were exhibiting this year, but expect to see more next year.
2. It’s all about the user
This segues nicely to my next takeaway – are we giving up on technology and placing too much emphasis on the user? Every information security professional understands the concept of technology, people and process controls, and a people-centric security strategy, but are we relying too heavily on users? One thing is for sure, there was no shortage of choice for those looking for companies to help train users in cyber security awareness and more specifically, phishing awareness. The problem is that while continuous training does help, there are numerous studies that suggest training does not move the needle sufficiently. A recent Osterman Research survey demonstrated this: 93% of respondents provide users with phishing awareness training, yet 44% suffered a successful phishing attack. Clearly, we need a better mechanism to engage users at the point of risk, when they open an email. Again, there are emerging technologies that do this, providing users with the help they need and reinforcing the training they are given. Expect to see more vendors offering these services at next year’s event.
3. Vendors should be clearer about how they are solving a problem
Walking the floor, far too often, I found myself standing and staring at a booth to try and understand what the exhibiting vendor was selling. Too many vendors were vague about the problem they are solving and even more so about how they do solve it. As an industry, we need to get better at articulating how we help and how we differentiate ourselves from others. As a marketer, I fully understand that I need to demonstrate the value my products and services bring, but I also need to explain in very clear terms how the technology actually does this.
My number one action from Infosec is to review how we at Cyren tell our story. We like to educate and ran a number of presentations on our booth. If you missed them, I have condensed them to 5 minutes each and recorded them. You can access them by clicking the links below.
Evasive malware: insight into tactics & defences
Evasive phishing: insight into tactics
Phishing kits: democratizing evasive phishing