Q&A with Dan Raywood, deputy editor, InfoSecurity Magazine
TPG: What do you think will be the most discussed industry trends of 2020?
DR: I can see AI being discussed more and more as we move into the next decade. Our research suggests that this is the biggest driver for cybersecurity practitioners going forward. I also think there is a focus on security hygiene and “the basics” as people seek to focus on the common problems that aid breaches and attacks.
TPG: What are your cybersecurity predictions for 2020?
DR: Sadly, I do think things are going to get worse in terms of breaches, the amount of data lost and costs to companies. However, I feel that we have the attention of government, lawmakers and regulators now, so security is being taken more seriously.
TPG: How did you get into IT security journalism?
DR: Actually by accident! I started my first job in 2001 and in the summer of 2008 I was out of work, a recruitment agent got me some temp work for SC Magazine. That turned into a full-time job, and I was there for five years. Now 11 years later, I’m still really passionate for this industry’s teachings.
TPG: What was your first “geek” moment?
DR: My dad worked as an engineer for a major British telco company, and we were able to use computers from an early age. However, I’d probably point to the films of my childhood in the 1980s where scientists were no longer the geeks and were the heroes – Doc Brown, the Ghostbusters and Data in the Goonies.
TPG: How has cybersecurity changed in the past 5-10 years?
DR: I think things have gotten worse overall. Back in 2010-2015 we didn’t such massive breaches and security was not on the front pages of the mainstream media as much, while now we live in a time of Cambridge Analytica’s whistleblower, daily breach alerts and headlines on how things are getting worse. Also, we wrote about RSA Security’s breach in the first part of the decade, now vendor problems are part and parcel of the daily news cycle.
TPG: What are the scariest cyber threats out there right now?
DR: It’s less about zero-days, and more about ransomware for me – it’s hard to spot and block, a pain to deal with and guidance on how to get out of it and whether or not to pay the ransom is mixed.
TPG: In your opinion, what should enterprises be most concerned about?
DR: The main things should be vulnerability management, as that has not gone away and more patches are being issued, but there is still a problem with immediately applying them. Also, password management and re-use, as this aids too many attacks.
TPG: What were Infosecurity Magazine’s most popular articles of 2019?
DR: At the time of writing, it’s been interesting to see a WhatsApp story (about not downloading a scam version) from January come back into our most read. Other than that, it’s been the stories around state-sponsored attacks that have proved to be most popular.
TPG: What are your thoughts on quantum computing?
DR: Speaking personally, I’ve come across this over the years, but I don’t think it is something businesses will take seriously unless there is a business benefit – to retrofit to a new concept takes a lot of work, and I think security leaders will need to see the need to invest in that (over say log management, vulnerability management and network defense) before it gets maximum take up.