Refresh
Having a quick look around this morning before the first keynote. The Cyber Strategies stage is setting up, blasting Lana Del Rey’s ‘Say Yes to Heaven’ (which, to be fair, is her best song). Everyone is clearly gearing up for another packed day!
Good morning and welcome to day 2 of our Infosec 2025 coverage!
We’re back at the Excel and ready for another packed day, so stay tuned for all the latest updates throughout the day…
Finally for today, we’ve taken a quick stop at DarkTrace, where they’re giving a mini-talk and overview about the difference between reactive and proactive network security. Staying ahead of attacks and understanding your cloud security posture is crucial, DarkTrace argues – and the right role permissions and access controls are key to protecting from insider threats.
Next up, we’re visiting Cloudflare, which claims to bring “everywhere security” to its customers. Specifically, this refers to the company’s unified cybersecurity platform that protects users from “Network to Cloud, Apps to AI”. Cloudlflare recently introduced a set of E2E PQC protections which helps organisations with safeguarding network traffic – PQC continues to be at the forefront of conversations so far at Infosec 2025!
The main question is how fast this will change. Generative AI is in its infancy, and the trend of more sophisticated deepfakes, like the impersonation attack we saw on Susie Wiles, are only likely to get more potent in future. Organisational processes and training will be a huge factor for CISOs going forward.
One of the biggest factors for AI is the damage in trust. Deepfakes, for example, are eroding trust all round and are a disruptive force – but generative AI’s.
Dr Andrea Isoni introduces a pretty shocking statistic – 30-40% of web traffic is malicious bot traffic, meaning the treat of data theft is ever present for organisations with these trawlers looking to exfiltrate as much as possible.
Here we’re listening to ‘calling BS on AI’, a panel about how agentic and generative AI are affecting the threat landscape.
Most people think that AI is powering organisations in a novel way, but that’s not quite true – says Zeki Turedi, CrowdStrike’s Europe Field CTO. AI is just facilitating threat actors in their attacks, but it’s not revolutionising the way attacks are leveraged. Attackers are more efficient and quick thanks to AI – but it uses existing capabilities.
Rubrik is next up, showcasing its data resilience and data security solutions for cyber recovery. Rubrik talks me through the devastating effects of ransomware on companies, particularly recently for retail organisations, and the importance of cyber recovery. A robust cyber recovery plan can mean a firm goes from a thirty day recovery, to just a 48 hour bounce back, Rubrik explains.
First, we’re headed to Okta, who are talking us through their AI-driven identity threat protection. Okta are keen to tell us about the shared risk signals, which allow a security event provider to transmit risk signals to Okta, enabling customers to use these to uncover potential identity threats in their ecosystem. “Years ago, attackers used to hack systems, now they log in”, Okta warns.
Now, a little break from the keynote stage and on to exhibition floor for some showcases and introductions!
So what’s the takeaway? Well, it’s that geopolitics should inform your cyber strategies as security team – so make sure to integrate this conversation into your risk management and global footprint landscapes.
Beyond state sponsored attacks and espionage, states are using cyber capabilities for sabotage and coercion. Real world sabotage used cyber as a tool to inform operations. Volt Typhoon, Chichester points out, is a perfect example of how geopolitics threatens critical infrastructure. States are understanding that penetrating critical infrastructure will likely form the basis of conflict in the future.
Good cybersecurity has helped Ukraine, namely in the recent drone attack, which seemingly took Russia entirely by surprise. This shows the importance of great cybersecurity, Chichester argues. Defence, when done right, can be a vital weapon.
As everyone knows, geopolitics is key to the cyber landscape. Cyber operations are now one of the go-to tools for covert state campaigns. Conflicts today are powered by cyber capabilities. Chichester points to the Viasat offensive in the Russian war in Ukraine as a prime example, and he explains that targeted attacks are increasingly disruptive, especially in the case of Russia, which are focusing on the logistical supply chain of materials into Ukraine.
Next up – we’re listening to Paul Chichester and his take on the ‘Cyber Cold War’ and the geopolitics of cyber threats. Paul is the Director of Operations at the NCSC – so investigating cyber threats is his bread and butter.
“Harvest now, decrypt later” is a huge talking point. The industries most at risk (unsurprisingly) are the ‘critical national’ warns Daniel Cuthbert – panel participant and cybersecurity expert. That means healthcare, finance, and telecoms could face serious difficulties in a PQC (post-quantum cryptography) world.
There’s a myth, panel expert and Lastwall CEO Karl Holmqvist explains, that quantum computers can break any encryption. But really, at the moment, quantum computers can decrypt several commonly used encryptions – encryption will look different in the age of quantum, but it could still be effective. Cryptography will remain an important facet of cybersecurity for a long, long time – he argues.
Next, it’s ‘Quantum computing v Cybersecurity’ – chaired by BBC News’ Joe Tidy. Here, cybersecurity is described as an ‘Arms Race’ – although not everyone think that terminology is helpful!
Now, we’re listening to Professor Brian Cox who’s talking us through the link between cosmology and cybersecurity and computing. General relativity, the theory of space and time, and cosmology all link closely to quantum computing – with complex mathematics, data sets, and quantum mechanics.
There’s a quick look back to how far cybersecurity has come in the last 30 years before Cluley explains that hackers aren’t girlfriend-less men in garages anymore (his words!), but are serious, state sponsored actors – outlining an almost unrecognisable evolution in that InfoSec has helped to guide security experts through.
We’re now seated for a super packed keynote, plenty of people are standing – so this is clearly a popular one! We’re about to hear from Graham Cluley, host of the Smashing Security Podcast who’ll introduce us all to Infosec’s 30th year!
We’re heading in to the show now!
As you can see from our pictures, the theme of Infosec 2025 is “Building a Safer Cyber World” – something you can bet we’ll hear more about over the next few days.
Despite it being June, it’s a cloudy and blustery day here – let’s hope things are warmer inside…
Good morning from InfoSecurity Europe 2025! We’re here at the Excel, and off to collect our badge before heading in.
Services Marketplace – Listings, Bookings & Reviews