What we’ve learned at WIRED Security

RESEARCH

By
Sebastian

October 24, 2017


1.9B personal data records have been leaked this year; with just 10 months in the books, this number is already much higher than for the entire year of 2016. It is now more evident than ever that information technologies are in need of better and more reliable security measures.

WIRED Security Conference at Kings Place in London

Threats are present on state-levels with for instance large scale cyber-security attacks impacting governmental elections. They are also present in our everyday interaction with strangers on the internet or in our real lives. Since information technology is an essential part of our lives in so many aspects we need to adapt in order to not become the next victim of more vicious cyber-security attacks.

In order to learn more about the rapidly changing field of security, we visited the WIRED Security conference in London, that took place September 27th. The one-day event offered a great variety of high-quality and inspiring speakers with topics ranging from cyber security to the role of AI in date privatisation.

Here are some of our main takeaways from the conference:

Modeling security for the human factor

It does not matter how many different security mechanisms are being developed, or to what extent security is part of product design processes from the start. In the end, the biggest security vulnerability is still the user, as human behavior remains the largest entry point of potential security threats.

In the early days of cyber security, engineers and developers used to isolate systems in order to keep them more secure. Nowadays, the increasing interconnectivity of digital products and systems makes this approach increasingly more difficult.

Allison Miller, who is responsible for making security part of the design for Google’s products, told us during her presentation that we as humans are generally really good at managing risks but are doing a poor job in quantifying these. Thus, taking human behavior into account when designing security solutions is a major possibility to create more secure digital solutions. When looking at digital consumer platforms, most platforms that require protection interact with thousands of customers constantly. Therefore, the inclusion of various different forms of interaction in the security design process is highly relevant to keep services up and running in a secure and stable manner.

As a solution, Allison Miller advocated to map out a customer journey and include security in each individual step of this journey in order to counteract the biggest threat: customer behavior. A clear example she provided here was the usage of opinionated security recommendations, nudging users to a desired action. Just think of your red screen when visiting an insecure website through Chrome!

Warning screen in the Google Chrome browser

Leadership in crisis

“The GDPR is upon us!” This was the clear message from Caleb Barlow, who is working for IBM’s security division. The GDPR, or General Data Protection Regulation, will likely cause a lot of chaos in board rooms, as it, among other things, requires companies to publicly report and act on internal data breaches within 48 hours after a breach was detected. Thus, it is so important for companies to already have internal processes in place, ready to act upon those in case a breach happens.

Caleb presented a playbook with several methodologies that companies can use when drafting a breach response process, ranging from an Agile SOC framework to employing a user behavior analytics workflow.

In the end, what counts is to not be caught off-guard but be prepared and ready in case a security breach is detected. A professional and planned response alone can save a company’s reputation, their customers’ trust and in the end money a lot more than an uncoordinated reaction.

AI’s role in healthcare

Andrew Eland from DeepMind took the stage to present the impact machine learning can have on the healthcare sector. According to him, the healthcare sector is in its early stages of leveraging digital patient data in order to provide better patient care. While Machine Learning (ML) and Artificial Intelligence (AI) are widespread in any other industry (just think of autonomous driving in the mobility sector), the healthcare sector is not quite there yet.

To change this trust needs to be established among consumers that data-driven tools can indeed help patients and improve medical care. Patients and healthcare institutions will be then more willing to share data that can be used to design automated and intelligent products.

Or how Andrew would put it: “Use of data requires society’s trust. Establishing and maintaining that trust will require fundamentally new tools and infrastructure.”


Overall, it was a highly informative event, giving us hope that there are solutions for every threat - we just need to act proactively and timely in order to be safe!

In case you want to have a more visual impression of the whole conference, check out this video posted by WIRED.