Having attended InfoSecurity 19, I must admit I was a tad disappointed with what was on offer – throw backs of the long, over deliberated ‘Insider Threat’, the usual focus on PCI, and of course the new the commercial money-spin kid on the block in the guise of GDPR. Add to this the rebranding of Anti-Virus/Malware Bronze Bullet solutions all wrapped up in a brand-new regurgitation of what was, into something that looks brand new, and that just about summed my day up – there were of course a few chinks in the cloud where innovation was shining through, but all in all, notwithstanding this show has moved into the sunshine of June, it is starting to show indications of an event with falling leaves which has lost its way, with over-focus on the same old rear view mirror.
Looking at the wider landscape from the world of well-trodden insecurity, and the related security exposures associated with Microsoft Office 365 Accounts which have been under sustained and successful attack, it does tend to focus the mind as to just how wide the surface of exposure really is – no matter personal or business use, the exposure is extant, and does not seem to discriminate the profile of the quarry. Then consider the article out of Barracuda Networks who went on to corroborate that hackers were (and still are) targeting Microsoft Office 365 accounts with a high degree of success, resulting in hackers leveraging comprised systems to send in excess of 1.5 million malicious and spam emails for various purposes, including, but not limited to social engineering, brand impersonation and phishing campaigns.
Thus, looking at the now known-known security exposures, it was also interesting when looking back at the Egress White Paper published in January 2019 discussing the limitations, and potential areas of weaknesses associated with 365 – in particular which commented that as a result of their research:
‘Third-Party solutions should be seriously considered for deployment, either as replacements for the native capabilities available from Microsoft, or as supplements that will provide enhanced functionality to meet specific organizational requirements’
In other words, to enhance the level of security to an acceptable and robust level you need bolt on solutions.
I guess my frustration with the show was, the lack of attendance by those smaller companies who have something new to offer – one example of which is the Galaxkey secure email platform. Having met up with their CEO, CTO, and members of the operational team I was impressed with their enthusiasm aimed at developing an application to plug a very well-known and exposure (now exploited) gap with an new security solution. OK, so there are other applications such as this on the market, many of which I have tried – but here I was very impressed with their top-down imaginative approach, and the objective to produce something that may be leveraged with ease to secure email communications in an age of mistrust, insecurity, and on mass cyber compromises.
Having now used the Galaxkey solution in anger on both my iPhone, and as a plug in to Outlook, one of the first problems I had was understanding it – the reason being it was so very easy to use, and devoid of some of the complexities I have grown close to with other such applications I have used in the past. The other nice feature of the service is, it is aimed at everyuser profile, from personal use, SME, right up to Corporations – which I understand a number of large scale deployments are already in the UAE today. And I believe the storey does not stop here – in the longer term, Galaxkey are aiming their developments toward obtaining product recognised Certification, thus expanding their market to even more opportunities to engage with the Public Sector who of course are seeking higher levels of assurance from the product they employ.
The absolute bottom line is – no matter Personal use, SME or those big named organisation, we all have to embrace the fact that the world of technology is flawed, and has a very high probability of adverse exploitation. Granted the professional organisations are already aware of this, but what makes the Galaxkey so very special in my opinion is, it is aimed at everyonefrom free to as a paid service – allowing anyone to now leverage professional security solutions, which also allows Tom, Jack, Granny or Grandad to enjoy secure communications. So, watch the Galaxkey space for more updates (https://www.galaxkey.com/) – this I believe is a company who are going places.
Going back to InfoSecurity nothing would give me more pleasure to see their long standing successes from past years continue, thus I am hopeful that in 2020 they up their game, and look to get some of those niche green shoot companies such as Galaxkey engaged – even if their accounts team do have to discount the entrance fee to attract those smaller contenders who do have something new to offer.
Visiting Professor at the School of Science and Technology at Nottingham Trent University (NTU), Visiting Professor/Lecturer at the University of Slavonia [to 2015], Independent Consultant, Practicing Expert Witness, ENISA CEI Listed Expert, Editorial Member of the Cyber Security Research Institute (CRSI), Fellow of the British Computer Society (BCS), Fellow of the Royal Society of the Arts (RSA), Board Advisor to the Digital Trust, Writer for SC Magazine UK, Originator of DarkWeb Threat Intelligence, CSIRT, Attack Remediation and Cyber Training Service/Platform, Accreditation Assessor and Academic Practitioner and Accredited Advisor to the Chartered Society of Forensic Sciences in the area of Digital/Cyber Forensics.
John Walker is also our Expert Panel member. To find out more about our panel members visit the biographies page.