Infosecurity Europe is Europe's number one information security event, and ITProPortal is heading down to London's Earls Court exhibition centre to bring you all the action as it unfolds.
Featuring over 325 exhibitors, the most diverse range of new products and services in the market, an unrivalled education programme, and over 13,000 unique visitors from every segment of the industry, Infosecurity has fast become one of the most important dates in the calendar for IT security professionals, decision-makers and evanglists across Europe.
Infosecurity Europe 2014 is set to be a big one, so stay up to date with all the action right here, with ITProPortal.
This event is now over. For a round-up of Infosecurity 2014, listen to our highlights on our Tech Weekly News Podcast here.
- 30 April
That's it from us for day two here at Infosecurity Europe 2014 in Earl's Court London! Check back later for the full story from today and all our video interviews.
In the meantime, tune in to our latest episode where we discussed the dangers of a new Google "superstate" and, topically, a CCTV network run by AI.
Mobility, security in the cloud, educating the next generation of IT professionals and the changing landscape of the industry have been key themes today. Tune in to the podcast when it goes live later this week to get the full story straight from the journalists' mouths.
As the conference winds down on day two, we're heading over to the press room to record our podcast.
The guys over at the malware kitchen are cooking up some digital trouble with a live hacking demo!
So to wrap up, to appeal to Generation Y keep it brief, keep it personal, and try to understand their motives. Thus the panel ends!
Andrew: "We've not talked about gamification, With gamification you can give positive consequences for behaviour. Divide the company into teams, and they can earn points for good behaviour. It will change the whole culture of the business and drive productivity."
ITProPortal spoke to Barmak Meftah, CEO of security startup AlienVault about what winds him up about the security industry, and why security companies making money off victims' data makes him mad as hell.
Bruce: "Who's talking to Generation Y about security? Is it people from Generation Y to each other? We need to consider as an industry the security brand - how it's perceived and how this generation are engaging with it."
Andrew: "Motivation, mobility and a trigger are what influences behaviour - for instance when you answer a phone. 'Do I want to speak to this person, am I available to speak to them (ie. not driving) and has the phone rang in the first place to alert me to the call?'"
Rowenna: "There's an Aerosmith lyric 'If you do what you've always done, then you'll always get what you've always got' - and that's very applicable to our attitudes to security education." She argues for the need for experimentation.
John: "I grew up in a post-war society, whereas Generation Y grew up in a fairly affluent society. Their behaviour will be coloured by this, just as mine was."
Bruce: "It's been proven by a study at Warwick University that Generation Y respond better to small chunks of information spread out over the year - they're not programmed to receive vast amounts of data at one time."
Rowenna attributes this lack of understanding, however, to the failures of computer education within schools.
Rowena: "So there's a danger of attributing to Generation Y a better understanding of technology than they have. This problem of using things you don't understand peppers human history - we were using electric chairs before hairdryers."
Rowenna: "Generation Y are comfortable using technology, but in my experience they don't understand it any better than Generation X."
Bruce: "All of us in this room will respond to certain stimuli and situations in exactly the same way regardless of age or culture. The decisions of what you make to buy is all marketing, and there's a whole industry out there that's tapping into what we face in security: tapping into human behaviour and managing it."
Bruce: "The reason why we need to think about generation Y is not because they're a threat, but because their behaviour has been influenced in a far different way to generation X, the baby boomers and so on."
Bruce: "I want to take you back to the issue of behaviour - behaviours are formed through life experiences, and the development of technology is bound to influence behaviour."
Rowena argues that we have to manage the expectations of Generation Y as a result.
Rowena: "I agree. Generation Y has grown up using technology in their personal lives - now they expect technology to have that slick consumer interface in the corporate IT environment, and perhaps don't appreciate the complexity of that enterprise environment and the risks at stake,"
Bruce: "16 per cent of people have installed unsupported software to help them to their job. 42 per cent use a personal computer or smartphone to do their job. Generation Y wants to be productive, and is willing to invest its own money to do so."
So why do we have to treat generation Y differently?
Bruce: "I'd call this unconcerned generation generation Z - I'd say THIS generation is the problem."
Bruce "According to our research at Forrester, those aged 25 to 34 are the age group most concerned about security. It tends to trail off as you get older, perhaps because they don't understand. Meanwhile the Younger people are also not as engaged in security, perhaps because they take this technology foregranted."
Julia: "I'd like to think of myself as a generation Y-er... but I think I'm somewhere nearer to the beginning of the alphabet. The bottom line though is if an organisation doesn't embrace generation Y, they are dead in the water."
To clarify, generation Y is anyone born before 1994 or after 1979.
On today's panel are Rowenna Fielding of the Alzheimer's Society, Bruce Hallas of the Analogies Project, Julia Harris of Rank Group and Andre Rose of Forrester Research. Moderating is John Colley, Managing Dirctor EMEA of (ISC)2.
After all, if we don't invest in educating Generation Y now about security, our employees of the future will not be able to protect themselves, nor the business world they will soon enter.
This is a hot topic of late - ITProPortal has covered the Digital Skills Gap extensively, looking at the idea of how we can best grow the next generation of IT professionals.
It's now time for the penultimate keynote of the day: "Why can't we do that, why can't we have that....? Rethinking information security education strategies to engage generation Y"
In a way, you could apply the age old cliché that "the hunter becomes the hunted."
This "hunting process" identifies attacker methodology and flags suspicious activity to the relevant authorities.
Attackers use windows services to create attacks, and Mandiant can track these activities to look for suspicious job entries - essentially "we can figure out which job is the attacker by filtering out legitimate users from the data we collect"
"The task schedule operational log" is an attack not a lot of people are aware of, and is something that Mandiant have been taking advantage of to track attackers.
Meanwhile though, we're on the Mandiant stand listening to Paul C Dyer as he walks us through some of the efforts companies are taking to find and stop advanced attackers on company networks.
We're running around Earl's Court doing back to back interviews with some of the world's brightest security experts. Stay tuned to ITProPortal for our full interview with FireEye on the industry's exponential growth in 2013.
"Access controls are definitely getting more mainstream now."
"The challenge is, most people see encryption as something very daunting."
Great keynote on how businesses are responding to the threat of government snooping and organised cybercrime.
They even have this special little booklet littered across their stand. How kind.
So how do you manage Zero-Day risk and endpoint protection? Trusteer Apex is a solution that claims to include centralised management for all protected endpoints, including unmanaged ones. According to Trusteer, this allows an organisation to view all employee statuses from a centralised console, analyse security events and manage security policies.
For those who are unsure, such security breaches are known as "Zero Day" exploits because researchers have "zero days" to prepare fixes before the attack begins.
We just had a chat over with the folks at Trusteer on their stand about dreaded Zero-Day exploits - a term that's been dominating recent headlines with the high profile news that Internet Explorer has fallen prey to a Zero-Day attack.
Yesterday saw thousands of visitors battle through the turbulent transport system using elbows and Boris Bikes. When they finally arrived, they were rewarded with hearing global leaders in security talk through exactly how the world reacted to the Edward Snowden leaks - revelations that are still being felt across the political and business landscapes.
Welcome back to Infosecurity 2014! It's day two here, and cup of coffee now safely in hand we're setting up for another action-packed session bringing you the very latest in one of the hottest topics in the digital sphere.
- 29 April
He reckons that, in general, employees have access to too much data, and this makes it easy for hackers to infiltrates business systems. David thinks that companies should identify data holders, who can control which workers have access to certain documents.
David thinks it is essential to monitor all access to files within a business, to minimise risk.
We also met David Gibson of Varonis, who believes that one of the biggest security threats actually lies within businesses.
Cybercriminals are not necessarily bad people. In a financial sense, they're simply using their knowledge as effectively as possible. In fact, plenty of former hackers, such as Kevin Mitnick, come across to the good side every day.
They also said that cybercrime has become a huge industry on its own, and to many people involved, hacking other businesses is simply a job - a way of making a living.
According to Troy and Tom, the biggest issue SMBs have with security is budget. They simply don't have the resources required for tackling threats effectively.
Two of those people were Troy Gill and Tom Buoniello of AppRiver, who told me about - believe it or not - the security landscape.
We've just been chatting with a few very interesting individuals...
Word on the ground is that with the tube strikes crippling transport in the capital, Thursday (the last day of Infosec) could be the best day for vendors and customers on the show floor.
We've got a great crop of interviews coming your way, including Alien Vault, Imperva, Splunk and Malwarebytes!
Well done to everyone who braved the tube strike to make it here today!
- 28 April
Join us tomorrow for interviews, photos and updates from Earls Court!