I have worked in tech journalism for a few years now. The difference between product showcases (old wine, new bottle) and product launches (new product that cost a bomb to market and create) is obvious to me. I have clocked tens of thousands of steps at events like Mobile World Congress in Barcelona and Internationale Funkausstellung Berlin, one of the oldest industrial exhibitions in the world, these days used to showcase refrigerators and washing machines. So I was quite excited about attending InfoSec, everyone at work raved about it.
Incredibly, the buzz around InfoSec was almost as big those around MWC and IFA. Replying to phone calls, Twitter direct messages, texts and WhatsApp pings requesting to schedule interviews took up majority of my time, for weeks prior to the event. 'Wear comfy shoes' was an oft heard piece of throwaway advice. So, I was ready on the day of reckoning.
I battled through some of the worst weather London has had in recent times to get to Kensington Olympia to come face to face with hundreds waiting outside in the rain... just to get in. It reminded me of the snaking queues outside Samsung and Huawei product launches when the manufacturers would bus people over from the Far-East and mainland Europe for the events. The ones queueing outside InfoSec17, however, were here of their own volition.
As it turned out, InfoSec17 was quite revealing about the cybersecurity industry as a whole in many ways.
WannaCry makes the security world go round
If you are a cybersecurity journalist, you would have had surveys and soundbytes from everyone in the industry on how the WannaCry situation coulda/shoulda/woulda been avoided. But it obviously wasn't. At InfoSec17, almost every booth on the show floor promised to help you tackle a version of WannaCry in future and shut it down in its tracks. This, despite the fact that it had happened for the simple reason that the correct patches hadn't been applied at the right time. All vendors knew that and yet promised to flog you a silver bullet to shut the ransomware attack before it gained force.
'Do you have a solution to absolutely guarantee it doesn't happen on your client's system?', I asked. Turns out they couldn't. As long as humans are involved, WannaCry and its ilk will thrive. And security solutions will continue to be flogged for faceless terrors.
A free t-shirt for a 3 minute sales pitch? I'll take that!
Pens, bluetooth speakers, t-shirts, yo-yos and PlayStations. You couldn't move for the number of freebies being thrown towards you... My pleas of 'But I am a journalist and have already spoken to your CXO fell on deaf ears'. How about a simulation then? In the end I gave up and sat through a LOT of demos. I have the light sabres, t-shirts and boxes of mint to prove I was there. No guarantees on whether I was listening, though!
GDPR stands for 'give me your money right now'
From GDPR surgeries to DDoS protecting software that can apparently make you GDPR compliant, there was all the advice you would ever want and more! However, Richard Walters, Chief Security Strategist at CensorNet summed it up perfectly: "Until the GDPR legislation is clearer and case laws are in place, we shouldn't be giving out advice on getting GDPR compliant. And it should not be coming from the marketing departments of vendors here whose links to GDPR are pretty thin, to put it politely!"
I couldn't agree more.
Ultimately, we are all fucked!
I spoke to dozens of exhibitors and cyber security vendors and none of them had a clue about what the next big threat would be. There are reports, surveys and research material available by the hundreds and there is a product on show for every named and unnamed threat possible. And yet, apart from the has-beens, nobody knew what consumers and enterprises should be arming themselves for next. Murmurs of WannaCry types, nation states hell-bent on wrecking havoc and regulated sectors being most at risk were abound. But there was nothing concrete.
Buzzwords were name of the game and there were more simulations than free t-shirts and plenty of beer to help the conversation along but a major reticence on the part of the industry when it came to putting their money on the next big threat.