Five Continents, Five Voices: James Lyne, Europe

Written by

The past year marked the end of the 2010’s and a dynamic period in cybersecurity’s growth from espionage tools, massive data breaches, and ransomware impacts, to government, law enforcement and regulators taking notice of the development in the sector. 

To mark the end of this year and decade, Infosecurity talked to a series of people from around the globe, each from a different continent, to gauge their perspective on which trends affected their region, and how cybersecurity impacted local businesses and culture in their view.

Representing Europe is James Lyne, CTO and certified instructor at SANS Institute. A well-known figure on the European speaker circuit and Infosecurity Europe Hall of Fame member, Lyne was moderating the SANS Institute Cyber Threat conference when we met. We began by talking about the state of current cybersecurity in 2019, where he said there are reasons to be negative as there is a lot of hyperbole on how things are going to get worse.

“For me there is some semblance of increasing sleepless nights over the fact that we are constantly buying more technology and thus, are more vulnerable,” he said. “We all know that whenever technology is released there are problems, and with all of the best will in the world, with every device we plug in at home, at work and with every new database sharing makes us more vulnerable.”

Despite this, he said there are “impressive shifts” in our community, and the introduction of offensive measures, the inclusion of cloud security, threat hunting, threat intelligence and OSINT was deeply encouraging. “So I’ve never been more worried about what attackers do, and never been more encouraged about having people work together to try and do something about that.”

Looking forward, Lyne said there are still a lot of “silly attacks occurring” and he looked forward to when the likes of DDoS attacks do not need to be discussed, but security research is proving to be positive.

One trend from 2019 that has persisted has been the vulnerability known as “Bluekeep.” Is this the start of things to come, where a threat hangs around for months but ultimately doesn’t deliver? Lyne said we know it is an issue, “but there is an incredibly long tail as we know there is a continuing threat.”

He made the point that the WannaCry outbreak of 2017 created the need for concerted effort to take action, and ultimately this will lead to fewer exposed vulnerabilities over time.

“We have had a theme over the years of lots of bugs and flaws that have been sitting in the background for a really long time,” he said. “When they are announced, they don’t land with that compelling feeling of ‘we must do something now’.”

Lyne said it is hard to know what the level of exposure really is, and that is a great complexity as in the past, malware was about files and now it is about obscure bugs shipping on a number of devices we cannot measure. “The surface of attack is way harder than it ever was before.”

We moved on to a conversation about the state of security research, with Lyne previously holding a position at Sophos and now overseeing the SANS conference programs. He said we are maturing on one side of the industry where there is the world of “hi-tech hackers,” and on the other side there is “patching stuff and passwords and they are not incongruous.” However, on the second side, we tend to confuse the easy to describe with easy to do, “as some of the most simple practices in description terms are a real effort to deploy.”

For the European perspective, I asked Lyne if he felt the standard of security was improving, especially considering the number of endpoint companies that have emerged? He said having talked to researchers and instructors, some of the most influential tools and some of the most amazing research he would go to day-to-day for education are written by researchers in Europe who he called “incredibly talented people.”

“We have a strong reputation for research here and I know it will sound corny, but that is why this really matters,” he said.

From a general perspective, he said there is a whole set of initiatives over the past few years, which the likes of the NCSC have helped to drive, which have been about being able to do the basics really effectively. “If you ask me to rank, it is really hard for me to tell you where Europe is, but it is a contender in caring about hygiene, but we are such a target and there is so much more work to do.”

What’s hot on Infosecurity Magazine?