Infosecurity Europe 2024 – Key takeaways from Tresorit’s Group Information Security and Data Protection Officer
Earlier this month, our team attended Europe's largest infosecurity event in London, which brought together the entire infosecurity profession, generating significant buzz with thousands of attendees. Discussions centered around AI’s threats and benefits, the sophistications of phishing attacks and their consequences, the evolving need for cyberinsurance, preparation for NIS2 and many more. In this blogpost, our Group Information Security Officer, Balogh Turul, gives a comprehensive overview of the most interesting aspects of the discussions, complemented with his own insights and recommendations.
The realities of AI adoption: are we truly ready?
AI was a hot topic at the conference, but a recurring theme was that while AI holds immense potential, many companies are not yet prepared for automated, smart processes. Before harnessing AI, organizations must take several key aspects into consideration.
Assessment of data inventory & legal aspects
Before diving into AI, organizations must evaluate their data sets and the legal basis for processing this data using third party ”AI black-box”. A thorough review of their entire data architecture is essential. Traditional on-premises infrastructure is becoming obsolete in this regard, making way for more agile Software as a Service (SaaS) solutions.
Harmonizing and systematizing the systems that AI will depend on could take years. Drawing parallels to the late 90s and early 2000s , when process management, optimization, and data asset value assessment became critical, AI will similarly require a substantial volume of data and robust management practices. Proper preparation is key to leveraging AI effectively.
Energy consumption and sustainability considerations
A crucial but often overlooked aspect of AI is its energy consumption. Generating a response with popular large language model can use e.g. ten times more energy than a standard search in a search engine, meaning that the widespread use of AI will result in enormous energy use. This could pose significant challenges for the energy supply chain including incident response, and business continuity. Imagine scenarios when companies need to decide on which IT infrastructure part to spend money on at all? What processes to pay more attention to? What is “critical” at all? High energy demands can lead to IT system shutdowns, manufacturing halts, resulting in unhappy customers, which in turn affects business performance.
This comes together with the need for lawmakers to address the energy implications of widespread AI use. While the impact on the climate is currently small, scaling AI could reveal that the costs outweigh the benefits. Conducting a thorough cost assessment is crucial to determine when and how AI can actually be beneficial.
The threats of AI and preparedness
The potential threats posed by AI, such as more sophisticated ransomware and phishing attacks, are expected to multiply, necessitating comprehensive preparedness strategies. As AI technologies evolve, so do the tactics and the toolsets of cybercriminals, making it crucial for organizations to stay ahead of the curve. For organizations aiming to tackle AI threats, the MITRE Atlas framework is indispensable. This framework provides more than 50 scenarios in 14 phases of a cyber-attack, necessitating thorough team discussions to identify and develop detailed threat scenarios, and enhance team readiness.
Humans vs. robots and the zero trust model
While AI reduces routine burdens from humans in many aspects, it also enhances the value of human qualities such as emotional intelligence or lexical knowledge especially in verifying the authenticity of information amid rising phishing attacks and digital misinformation. We could end up at a point where everything has to be questioned – from the authenticity of an email, to a website, to news about a company, and so on. To counter these threats, organizations should implement a Zero Trust model, ensuring that every individual and device within the network is authenticated continuously, to prevent unauthorized access, thereby fortifying the overall security architecture. Businesses will also have to enhance organizational agility by fostering a culture of preparedness to respond effectively to cyber threats.
Addressing the Workforce Shortage in IT Security
Moving away from AI, the conference also touched upon the significant workforce shortage in IT security. With 90% of tasks being operational, such as software updates, configurations and patch management, there’s limited resources left for working on making the systems better and more secure. To address this, organizations should consider outsourcing operational tasks to SaaS providers. This would free up resources, allowing the internal team to focus on enhancing security and system improvements.
Conclusion
Infosecurity Europe 2024 underscored the importance of strategic planning, modern infrastructure, and robust security frameworks in the face of evolving cyber threats. By addressing AI readiness, energy consumption, and workforce challenges, organizations can not only protect themselves but also leverage these opportunities for growth and innovation. Important element of the discussion to highlight is the advantages a software as a service could offer over on-premises solutions. Outsourcing activities to SaaS providers frees internal capacities to focus on system improvements and also facilitates the assessment of data architectures.
Where to meet us next?
It was great to attend Infosecurity Europe 2024 and engage with industry experts and peers on the latest trends and challenges in cybersecurity. Next up on our agenda is the highly anticipated it-sa Expo & Congress in October. We look forward to continuing these important conversations and sharing insights on emerging threats and innovative solutions.
Don't miss the opportunity to meet our team and discover how Tresorit is leading the way in secure, collaborative technology. See you in October!
