Infosecurity is very much like...
New cliches for old
Infosec After three days, 320 exhibitors, dozens of presentations, and even more extensive marketing guff the Infosecurity exhibition in London is over for another year. Thankfully, next year's trade show will be held in Earls Court, not in the wastes of Olympia, and so much easier to get to.
The biennial Information Security Breaches survey set one tone for the show - firms are getting better at securing wireless networks and handling malware attacks, but lost laptops and customer data breaches remain a problem. File encryption is one solution, but this creates key management problems. Hard disk encryption is a better tactic - but it is only a well-thought out alternative in cases where firms have a backup strategy in place.
Historically, firms have been worried that hard disk or software problems would leave encrypted data unavailable, an even more likely scenario than losing the damn thing.
Chris Potter, the partner at PricewaterhouseCoopers who led the survey, told us that this factor, alongside the cost issue, have kept uptake of laptop encryption low, at about eight per cent. Concerns that encryption software would slow down the operation of modern PCs were not much of a factor.
Performance issues of another kind were well in evidence during the show. Few exhibitors were running Vista on their stands, preferring XP instead - an observation first mentioned to us by Robert Schifreen, the Prestel hacker turned respected security consultant.
Microsoft, of course,extolled the virtues of Vista as superior to XP in resisting malware infestation. Separately, its report on the latest trends in use of its malicious software removal tool revealed that many surfers were content to leave adware programs on their PCs.
In the second half of 2007, 129.5 million pieces of potentially unwanted software were found on PCs, but only 71.7 million of these were removed. Microsoft, like specialist security firms, reports a big increase in the number of Trojan downloaders and droppers it detects, up 300 per cent from 2H 2006.
Dolly birds were much less in evidence at this year's Infosec than at previous shows. Perhaps the IT security industry is bracing itself for a possible downturn in the economy? If so, it's nothing anyone at the show much wanted to discuss.
Revenge of the Autons?
One of the few firms making the effort to hire artists to appear at the show was Eset, which hired a mime artist to model a robotic humanoid costume, modelled on something from a Kraftwork video, perhaps. We think it was making a reference to botnets rather than the German electro music pioneers, but since the mime artist was too professional to speak we can't be sure.
Away from the fluff, Infosec continues to attract a high calibre of luminaries from the security community. Bruce Schneier, the closest the security industry has to a rock star, made an appearance at the show, along with Howard Schmidt, former White House security advisor whose extensive career spans spells at eBay and Microsoft.
Schmidt: one of the net luminaries at Infosec
Schmidt told us how the US was far ahead of the UK in collating incidents of cybercrime. And he said the amalgamation of the UK's National Hi-Tech Crime Unit two years ago into the larger, less specialist the Serious and Organised Crime Agency was a step backward.
The Metropolitan Police's head of e-crime, Detective Supt Charlie McMurdie, is still waiting for the Home Office to approve plans to create a central e-crime unit in the UK.
Cybercrime has never been high up the agenda at the Home Office, except when it talks about the need for ID cards as a supposed counter-measure against ID fraud. So it's unsurprising that approval for this modest, well-thought out proposal has been a long time coming. Some delegates at Infosec suspect that ministers perceive a central e-crime unit as a u-turn, and may be blocking its formation.
Talk about information security has always been laden with cliches. The favourite of yesteryear -security as a journey not a destination - has fallen out of fashion. These days you're more likely to hear people compare information security with brakes on cars, a feature that allows autos to be driven fast, we heard that at least three times in various presentations. Thankfully, our conversations down the pub were spared of such remarks.
Now if you'll excuse me I have to motor off. ®
"The banks won't put up with users losing their details so easily for all that much longer. At some point they're going to start telling users that it's THEIR fault that they allowed their account details to be stolen and so hard luck sunshine - by the way here's a fat charge for going overdrawn."
Unfortunately for the banks, it is difficult to prove that it is the users fault. If the bank uses systems that enable a customers details to be stolen, then it is their fault. Unless they are willing to have their systems openly analysed in court, they would almost certainly be forced to pay up. I doubt any bank would want their security arrangements to be out in the open likle that.
@ AC - Bank Accounts
The banks won't put up with users losing their details so easily for all that much longer. At some point they're going to start telling users that it's THEIR fault that they allowed their account details to be stolen and so hard luck sunshine - by the way here's a fat charge for going overdrawn.
Re:Key and Pin
Of course, as a bank user (it's hard not to be these days), I don't give a shit about fraud.
If my account gets compromised, I'll have to put up with a period of inconvenience with minimal financial loss (if they want to keep my mortgage).
As soon as my bank makes it harder for me to buy things, I'll go to another bank.