The world of information security moves very quickly. No sooner has the latest breach or leak been reported than infosec professionals are scrambling to the next incident. This year’s Anticipate 2016 Event, hosted by F5, brought together vendors, analysts and experts from across the world to take a step back and look at how to be ready for the threats of tomorrow.
The conference opened with an address by Rob Malkin, the Regional Vice President and Managing Director of F5 A/NZ, where he laid out the challenges being faced by security professionals. Perhaps the most important elements of his message were the need for organisations to evaluate where they spend their security budgets and how that investment protects them as users and apps move outside the ‘castle’ of their traditional perimeter, and also the importance of industry cooperation and the recognition that no single company could offer a silver bullet solution. He highlighted this when mentioning the importance of event partners, Gemalto, FireEye and CSO Australia in not only providing products and services to the industry but also in educating businesses in the challenges of today and tomorrow and helping them with solutions.
F5’s Worldwide Security Evangelist David Holmes then discussed the future of cybersecurity and proposed to the audience that they could be protecting the wrong things within their organisations as it has become clear recently that today’s threat landscape has shifted to target user identities and applications, and that the growing incidence of data breaches is proof that a new approach to security is needed.
David then passed the baton to PwC’s cybersecurity lead Steve Ingram who discussed PwC’s recently released report looking at the past, present and future of IT security. This was followed by a brief look at infosec trends by event MC Anthony Caruana, the audience had an opportunity to ask questions in an open Q&A session.
With recent data pointing to over a million of Australia’s 2.3 million businesses being the victims of some sort of cyber attack during 2016, FireEye’s senior solutions engineer Dung Hua took the stage, discussing the journey from being a cybersecurity victim to becoming a hero. Starting from the assumption of being breached Hua not only guided the audience but took questions from the floor through that journey.
Perhaps the biggest question many companies ask is what makes them a target. Gemalto’s regional director for the ANZ region, Graeme Pyper, delved into the mind of threat actors, answering the question of what data are they targeting.
Following the lunch break, Dr Sally Ernst from Australian Cyber Security Networks, Ty Miller from Threat Intelligence, Professor Vijay Varadharajan from Macquarie University and the Director of Advanced Cyber Security Research Centre, and David Holmes from F5 joined moderator Anthony Caruana for a panel discussion on protecting your business from future cyberthreats. Looking at issues such as espionage, what countermeasures we can take and what the attacks of tomorrow will look like, the expert panel discussed these issues and took questions from the packed audience.
Cybersecurity often focusses on the impact on data and infrastructure. Jonathan George, from F5, changed tack looking at the importance of protecting your company’s brand. There is a clear link between market trust and security – a connection George made crystal clear.
With more and more companies embracing hybrid cloud infrastructure, there’s a need to get smarter when it comes to securing information assets. Jay Kelley from F5 discussed the importance of applying consistent policies right across both on-prem and cloud systems. His solution is to use application intelligence to monitor systems and ensure consistent policies are applied.
Moving away from the technical, Dr Sally Ernst, Ty Miller and Anthony Caruana were joined by Data 61’s Daniella Traino for a look at the human side of infosec. They pondered the question – can we patch humans? The discussion looked at the importance of user education, specifically focussing on the need to move away from a compliance-focussed model to one with more practical and ongoing benefit.
The final session of Anticipate 2016 was delivered by Kei Nozaki from F5. He discussed the cat and mouse game that many infosec professionals play and, importantly, he discussed how to get out of that game by getting a better understanding of the infrastructure, systems and data you are trying to protect. As he said “You can’t protect what you can’t see”.