Infosecurity Europe 2024

Our key takeaways

With many of us working on security clients, Infosecurity Europe is always a highlight in the Brands2Life calendar. This year’s edition was no different, and the Business & Technology team paid a visit to the sprawling ExCel to meet existing clients, connect with media and find out more about the trends shaping the industry.

Here were our three key takeaways:

Regulatory challenges on the way

From talking to many in attendance, a highly complex new wave of cybersecurity regulation is coming our way. Rohan Massey, Partner at Ropes & Gray LLP, gave a very sobering reminder of the NIS2 and DORA legislation arriving this year and next, and the responsibility and accountability that comes with it for CISOs. Several companies in attendance like Lacework (client) have been leading the way in educating customers about what’s to come, and the proactive steps they can take to prepare.

Companies face huge fines for non-compliance and C-Level execs could be banned from future roles, so the stakes for good cybersecurity practices have never been higher. We’re going to see a lot more conversation in the media about these incoming changes, as we did with GDPR several years ago. There’s a clear opportunity for security experts to make sense of the legislation and educate businesses who might feel overwhelmed.

AI as a security asset…

Ganesh Chellappa, Head of Support Services at ManageEngine, shared some fascinating insights on the potential of both Predictive and Generative AI technologies for enterprise security teams. Following a rapid evolution in cyberthreats thanks to the rise of LLMs, Chellappa explained how Predictive AI essentially acts as a ‘guardian of the past’ for companies today, drawing attention to its proficiency for identifying patterns and predicting future events.

Turning to Generative AI, he explored its use for the creation of realistic simulations to help security teams understand attack tactics, and test the effectiveness of existing defences. Last year we commented on a general scepticism about generative AI, but it seems the security community is now beginning to embrace its potential.

From a security perspective, much of the generative AI conversation has focused on the negative implications – more convincing phishing emails, more advanced social engineering techniques – and these are all very valid. However, it’s a valuable tool in organisations’ defensive armoury too and we’re seeing more and more vendors following in the wake of pioneers like Darktrace to use AI in protection and defence.

…and as a security threat

Sarah Lawson, CISO and Deputy CIO at UCL, noted the diverse ways businesses are engaging with AI. Some are using it intelligently while others are attracted by the novelty without understanding its implications. More concerningly, many are using AI unknowingly through vendors, lacking awareness of the associated risks. Lawson emphasised the need for compliance measures to evaluate and understand these risks as AI adoption increases.

Ian Hill, Director of Information and Cyber Security at Blockmoor, had a more critical perspective. He described AI as the latest shiny object captivating financial institutions, which are often ‘blinded by the bling’ of new technology and investing to avoid ‘FOMO, rather than implementing new tech to drive innovation. He highlighted the widespread, unregulated use of AI tools like ChatGPT for tasks such as writing sales presentations and financial reports, that doesn’t take into account risks like data leakage or misinformation. Hill warned that businesses are adopting these tools without adequate oversight, driven by a desire for profit rather than a comprehensive risk management approach.

With a changing regulatory climate and AI assisting both threat actors and security teams, cybersecurity comms professionals face new challenges as well as new opportunities for compelling storytelling. With a new hack or data breach seemingly every day, the potential of coverage remains. But brands need to work harder than ever to ensure their commentary is rapid, intelligent and informative. As you evolve your comms strategies in 2024, consider:

  • Do you have a strong view on how AI is changing the game? What can you say differently about how it’s being deployed or how new AI threats are emerging? And can you back it up with innovation in your or your customers’ businesses?
  • Bland commentary will get you nowhere, so are you adding something to the debate that’s different to everyone else? Clearly you’re not going to have the inside track on every new vulnerability so how can you make your stance stand out?
  • How can you lead the conversation rather than follow? How can you use data to add credibility what you’re saying?

If you’re a security company wanting to learn more about how these trends are going to affect your marketing and communications strategies, we’d love to chat. Get in touch to talk about how we can put our BETTER STORIES BIGGER IMPACT approach to work for you!