Having attended InfoSecurity 19, I must admit I was a tad disappointed with what was on offer – throw backs of the long, over deliberated ‘Insider Threat’, the usual focus on PCI, and of course the new the commercial money-spin kid on the block in the guise of GDPR. Add to this the rebranding of Anti-Virus/Malware Bronze Bullet solutions all wrapped up in a brand-new regurgitation of what was, into something that looks brand new, and that just about summed my day up – there were of course a few chinks in the cloud where innovation was shining through, but all in all, notwithstanding this show has moved into the sunshine of June, it is starting to show indications of an event with falling leaves which has lost its way, with over-focus on the same old rear view mirror.
Looking at the wider landscape from the world of well-trodden insecurity, and the related security exposures associated with Microsoft Office 365 Accounts which have been under sustained and successful attack, it does tend to focus the mind as to just how wide the surface of exposure really is – no matter personal or business use, the exposure is extant, and does not seem to discriminate the profile of the quarry. Then consider the article out of Barracuda Networks who went on to corroborate that hackers were (and still are) targeting Microsoft Office 365 accounts with a high degree of success, resulting in hackers leveraging comprised systems to send in excess of 1.5 million malicious and spam emails for various purposes, including, but not limited to social engineering, brand impersonation and phishing campaigns.
Thus, looking at the now known-known security exposures, it was also interesting when looking back at the Egress White Paper published in January 2019 discussing the limitations, and potential areas of weaknesses associated with 365 – in particular which commented that as a result of their research:
‘Third-Party solutions should be seriously considered for deployment, either as replacements for the native capabilities available from Microsoft, or as supplements that will provide enhanced functionality to meet specific organizational requirements’
In other words, to enhance the level of security to an acceptable and robust level you need bolt on solutions.
I guess my frustration with the show was, the lack of attendance by those smaller companies who have something new to offer – one example of which is the Galaxkey secure email platform. Having met up with their CEO, CTO, and members of the operational team I was impressed with their enthusiasm aimed at developing an application to plug a very well-known and exposure (now exploited) gap with an new security solution. OK, so there are other applications such as this on the market, many of which I have tried – but here I was very impressed with their top-down imaginative approach, and the objective to produce something that may be leveraged with ease to secure email communications in an age of mistrust, insecurity, and on mass cyber compromises.
Having now used the Galaxkey solution in anger on both my iPhone, and as a plug in to Outlook, one of the first problems I had was understanding it – the reason being it was so very easy to use, and devoid of some of the complexities I have grown close to with other such applications I have used in the past. The other nice feature of the service is, it is aimed at everyuser profile, from personal use, SME, right up to Corporations – which I understand a number of large scale deployments are already in the UAE today. And I believe the storey does not stop here – in the longer term, Galaxkey are aiming their developments toward obtaining product recognised Certification, thus expanding their market to even more opportunities to engage with the Public Sector who of course are seeking higher levels of assurance from the product they employ.
The absolute bottom line is – no matter Personal use, SME or those big named organisation, we all have to embrace the fact that the world of technology is flawed, and has a very high probability of adverse exploitation. Granted the professional organisations are already aware of this, but what makes the Galaxkey so very special in my opinion is, it is aimed at everyonefrom free to as a paid service – allowing anyone to now leverage professional security solutions, which also allows Tom, Jack, Granny or Grandad to enjoy secure communications. So, watch the Galaxkey space for more updates (https://www.galaxkey.com/) – this I believe is a company who are going places.
Going back to InfoSecurity nothing would give me more pleasure to see their long standing successes from past years continue, thus I am hopeful that in 2020 they up their game, and look to get some of those niche green shoot companies such as Galaxkey engaged – even if their accounts team do have to discount the entrance fee to attract those smaller contenders who do have something new to offer.
John is the Principle at Shadow-Intelligence (Si), partnering with PALISCOPE, BreachAware and iStorage. He is a Visiting Professor at the School of Science and Technology, Nottingham, Trent University (NTU) and holds the appointment of Editor in Chief for the International Journal of Cyber Forensics and Advanced Threat Investigations (CFATI). For the last decade he has delivered training courses in the Middle, and Far East to Commercial, Industrial, the Financial Services Sector, and Military Agencies, including the UAE, US, Pakistan, Saudi Arabia, Malaysia (KL), Singapore, Argentina, and Sao Paulo
He served in the Royal Air Force 22 years’, specialising in Counterintelligence, working with UK Agencies such as GCHQ/CESG, and others in the fields of SIGINT, COMINT and Satellite Communications, holding appointments such as System ITSO for a CIA SCIF.
In the commercials sectors of IT/Cyber he has worked for/with Logica, Bae, T5, GM, Experian, Betfair, Palace of Westminster, House of Lords/Commons, TSol (Treasury Solicitors) and provided Consultancy to the Saudi Arabian MOD, TRA (Telecommunications Authority (Dubai) and the Military Academy of Malaysia (KL) on SOC, CSIRT, Digital Forensics and OSINT. Within the last 5 years he has focused on Geopolitics, with global expertise around the UAE and Russia, Anti-Terrorist Operations (ATO), Cyber-Warfare, Dezinformatsiya (Disinformation) and Maskirovka (Military Deception).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.