WannaCry? Not really. A report from the 11th Eskenzi PR IT Analyst and CISO Forum

May 16th and 17th 2017 saw Eskenzi PR stage its 11th 2-day IT Security Analyst Forum, as usual, in London. The morning of the second day (which was a Wednesday) was the customary CISO (chief information security officer) roundtable. A coming together of 20 or so IT security leaders from blue chip UK enterprises and public sector organisations to share their views with the analysts and IT security vendors that sponsor the event.

The timing was interesting, as although no one knew it in the run-up, the event took place just after the WannaCry weekend (the global release of a worm carrying ransomware that infected certain unpatched and unprotected devices running Microsoft Windows). Speculation was rife on the Tuesday night that there would be gaps in the CISO line-up as some absented themselves to deal with the aftermath. Not so, they all turned up.

It was already becoming apparent that the WannaCry attack was not as bad as many had speculated. True, many of the CISOs’ weekends had been interrupted to assess any impact, but by Monday most felt their update and protection regimes has done the job. There was little sympathy for the more lackadaisical organisations that had been hit. It may be true that some organisations still have to run now unsupported Windows XP devices, but this does not mean they should be unprotected from intrusions.

The CISOs had plenty of other things to talk about. The impending GDPR (the EU General Data Protection Regulation) inevitably came up a few times. However, as Quocirca speculated in its recent Computer Weekly GDPR buyer’s guide, most CISOs felt their organisations were well on their way with their GDPR compliance plans. Generally it was considered that personal data has already been secured to deal with existing requirements, so the main new challenges were around data processing rules. There was a generally positive view of the regulation’s enhanced privacy aims and, for the record, the CISOs did not think Brexit would make much difference to UK data privacy laws.

Other issues arising included the need for CISOs to engage with their boards, to demonstrate the value of investing IT security and especially measured against the value of data. To this end, some saw WannaCry as a wakeup call, others as a distraction (this is an attack from yesteryear, which should have been repelled unnoticed). There was strong message to the vendors to focus more on integration within and between their products. DDoS (distributed-denial-of-service) attacks are still a problem but one that can be overcome.

A gripe that more could be done to keep crime at bay on the internet (if criminals were running down the high street on a smash and grab raid, law enforcers would not standby). That said, there was generally acceptance that public cloud providers were building platforms that could meet enterprise security needs and that most issues arose from the users of such platforms poorly managing access rights.

The event would not happen without the security vendors who sponsor it. The first day is a kind of speed-dating where the analysts get to meet each vendor and hear its latest news and value proposition.

Corero’s SmartWall, blocks DDoS attacks at scale, especially for service providers, cleaning up internet traffic for us all. Barracuda firewalls could have protected networks from WannaCry, if well managed. To that end, FireMon, has broadened its multi-vendor firewall management capability to other network devices and cloud-based deployments. If you are going to store sensitive data in the cloud, then perhaps you should consider bringing your own encryption keys, perhaps as enabled by Eperi.

Even if WannaCry had managed to get past network defences, then Darktrace’s threat detection with its machine learning should recognise the abnormal behaviour on your network and block it; Cylance would do the same on individual end-points. One of your security products may have safely tested WannaCry in a Lastline sandbox (although the WannaCry kill switch aimed to prevent this).

When it comes to controlling access, a new offering from MIRACL’s Trust ZFA uses software tokens on devices to authenticate users and devices, including Internet of Things (IoT) devices with direct end users. Although when it comes to the heavy weight stuff, it could be worth turning to Belden-owned specialist Tripwire which has a number of existing and new offerings for securing the industrial Internet of Things (IIoT).

And if your organisation does not want to do any of this itself, then NTT Security  has pulled together the resources of its sister companies Dimension, NTT Comms and NTT Data to provide robust security across its portfolio and on to its customers.

Thanks to Eskenzi PR for another great event, the CISOs for their time and the vendors for their sponsorship. The WannaCry criminals should also be acknowledged for providing a talking point, which despite the ill-intent, did not have the impact that at first seemed possible; perhaps in-part due to some of the innovation on show last week.