The future is in AI, DevSecOps and zero trust, say Cybersecurity Festival speakers

"We all have to live and breathe the same language", says panel

The final day of the Cybersecurity Festival covered a wealth of subjects, with the main takeaway - seemingly shared by every speaker and delegate - being that we must all work together to combat the rise of increasingly professional cyber attacks. The onus isn't purely on the business side to come to IT, either: cyber professionals must make an effort to work with employees, and look past their traditional recruiting grounds to ensure they have a diversity of thought.

Former hacktivist Jake Davis, previously of Anonymous and Lulzsec, began the day by speaking about his criminal past and hacking with a purpose, which segued into the inability of laws to keep up with the changing pace of technology.

"In 2011 prosecuting this type of attack was so novel, the legal teams and judges didn't know how to get to grips with it.

"I spent five years, until 2018, banned from encryption. Which makes no sense, the law made no sense. I spoke to someone from the serious crime prevention squad to explain I needed to draw some money from the bank. Technically I'm using encryption when I put the card in, because you enter your PIN, that goes to the bank and it's encrypted. If I turn on my computer, that's encryption."

In a Q&A session with hosts Tom Allen and Zoe Kleinman, Davis touched on topics including cyberinsurance, bug bounties and the endless attempts to outlaw or bypass end-to-end encryption. His entire talk is available on-demand now.

Computing's John Leonard and Darktrace's Max Heinemeyer both spoke about the dangers of AI in security, particularly trust. Heineymeyer showed a very convincing spearphishing email written with no human involvement at all, and warned that attacks like this - nearly undetectable by most security products - are on the rise. More than nine in 10 executives Darktrace has talked to are preparing for this type of attack, so make sure your business is counted among that number.

Two mid-morning sessions covered digital skills and culture. In the first, John Higgins of BCS highlighted the importance of looking beyond qualifications when trying to fill IT roles, especially in security. Following this, panellists Diane Gan (University of Greenwich), Goher Mohammad (L&Q Group), Shelton Newsham (NBS) and Stephen Owen (esure) discussed the effect of Brexit on the UK's skills gap, and talked about how to ensure security is involved in business decisions from the start of a project. This is especially important in an all-remote environment, where silos can creep up on teams and days of video meetings kill productivity.

Okta's Kevin Butler and Synopsys' Boris Cipot also touched on the pandemic and its effect on security, stressing that now may be the perfect time to rethink your security posture. Cipot especially highlighted open source technology, which nearly every businesses uses in some capacity - but without visibility into the software stack, it can introduce vulnerabilities.

The final sessions of the day were two case studies: the first from the Bank of Ireland's Francis Gorman on security versus agility. He emphasised the need to challenge the status quo and working with industry peers (even at competitors) to counter security threats. Finally, Westminster City Council's Zakki Ghauri covered ways to reduce people-based risk, especially as we return to the office: two key points brought up again and again throughout the day.

We loved running this inaugural Cybersecurity Festival - now fully available on-demand - and look forward to welcoming you back to the next.