Last week, the RSA Conference 2018 drew 45,000 attendees to San Francisco’s Moscone Center for a week of education on the latest security trends, threats and solutions. Over its 27-year history as one of the world’s largest security conferences, RSAC has grown to a near-dizzying size. In 2018 the event included speeches from dozens of tech luminaries, 550 sessions and 650 exhibitors spread across a four-building campus. Keynote speakers this year included IBM Security General Manager Marc van Zadelhoff, Girls Who Code founder Reshma Saujani, game designer Jane McGonigal, activist Monica Lewinsky and RSA President Rohit Ghai.
With so much incredible content offered on a single conference agenda, it’s impossible to recap every highlight. However, the keynotes and sessions that stood out last week aren’t just valuable on their own — they tell a story when viewed in conjunction and reveal valuable insights into emerging themes and trends in the cybersecurity industry.
Emerging Threats in the Age of Digital Blur
Like it or not, “the lines between technology and humanity are being erased,” Samir Kapuria, senior vice president and general manager of cybersecurity services at Symantec, asserted during Wednesday’s keynote, “The Five Most Dangerous New Attack Techniques, and What’s Coming Next.” Due to these increasingly blurred lines, we’re facing both increased and new threats against our “digital personas” in an age when “cyber integrates with humans on every level.”
Together with SANS researchers, Kapuria identified several emerging threats that could define 2018, which are described in more detail below.
Data Repository Leaks
Increasingly, cybercriminals are taking advantage of cloud-based repositories for data and code. In many cases, poor governance makes it easier for threat actors to breach networks. Leaked credentials and sensitive data that lacks safeguards makes it “even juicier for the bad guys,” according to SANS instructor Ed Skoudis.
While ransomware-as-a-service (RaaS) was predicted to be among the key security trends for 2018, cybercriminals have largely turned to installing cryptocurrency miners instead, which is more profitable and easier to execute undetected. Johannes Ullrich, dean of research at SANS Technology Institute, reminded the audience that network monitoring solutions are the smartest preventative measure against crypto-mining attacks.
Vulnerable Industrial Code
Soon, we may face “threats that transcend interests of money and fraud,” according to James Lyne, research and development at SANS. Lyne believes near-term cyberthreats could focus on power grids and other industrial controls, potentially causing universal disruption due to the significant role technology plays in society. He offered particular warnings about attacks designed to corrupt data streams from IoT sensors, which could prevent affected agencies from issuing effective alerts and performing crucial maintenance during industrial or state-level attacks.
In another fascinating session about the threat vector, Jason Riviera of Deloitte presented “The Dark Web and How it Affects Your Industry” in an online-only format. The session, which is available for replay, delved into the actualities of Dark Web activity and how it impacts the enterprise today and in the future.
The Future of Security Is Collaborative and Cognitive
“To be good at cybersecurity, you need to think about it as an immune system of capabilities,” van Zadelhoff stated during Thursday’s keynote, “Our Biggest Bet Yet.” Sharing lessons learned from the IBM Cyber Range, he illustrated a new era of security in which smart action is defined by “the right person, the right data, and the right tim[ing].”
Van Zadelhoff’s vision for the future of security is ultimately collaborative. This includes collaboration between humans and AI in the cognitive security operations center (SOC) and open information sharing between organizations. He spoke about a smarter future in which “man and machine come together to augment the intelligence and do something together, fast.”
If you missed the keynote, you can stream it online.
STIX Signals the Open Collaboration Revolution
Collaborative security and open threat intelligence were significant threads throughout RSAC 2018. Based on data from the dark side, working together may be crucial to weathering another challenging year. A 2018 survey by HackerOne revealed that just 30.6 percent of threat actors work alone, meaning that nearly 7 in 10 collaborate, learn from others or have a mentor.
“STIX Patterning: Viva la Revolución!” was among the more technical sessions presented at RSAC, but it was an incredibly high-value offering. Discussing the use of STIX for open threat sharing, speakers Jason Keirstead of IBM Security and Trey Darley of New Context Services shared how the language is evolving for the greater good. STIX is paving the way for the ultimate vision: an open threat exchange between organizations and platforms. For this reason, the speakers urged attendees to ask their security information and event monitoring (SIEM) software provider to adopt STIX.
A Solution to the Pipeline Problem
“If you talk to any business executive, you’ll tell me that your No. 1 problem is you can’t find enough engineers,” Reshma Saujani, founder and CEO of Girls Who Code, said in Wednesday’s keynote, “How to Fail First, Fail Hard and Fail Fast.” “I believe the solution to this tech talent deficit is women.”
Saujani may have started her organization in a borrowed conference room, but it has grown to teach 90,000 girls in all 50 U.S. states. She wrapped up her keynote by stating that “this is a problem we can solve” and calling for a commitment from private organizations to close the gender parity gap and improve participation among women in cybersecurity.
Identity Requires a Revolution
By many accounts, the industry is at the cusp of a seismic shift in data protection and identity with implications beyond the enterprise. “The identity industry is moving away from identity,” said Steve Wilson of Constellation Research in an interview leading up to RSA 2018. “What matters in authentication? Not who someone is, but what they are … or some mix of these things. You don’t really need to know their identity. This is a very fundamental shift in thinking, and it’s just the beginning of a major regulatory push around data provenance.”
On Wednesday, Bruce Schneier of IBM Resilient participated in a panel discussion with Terrell McSweeney of the Federal Trade Commission, titled “Identity Insecurity—Another Data Hurricane Without ‘Building Codes’.” The two experts tackled complex issues related to consumer rights, enterprise controls and the federal government’s responsibilities.
A panel of design experts addressed ways the enterprise can balance security, standards, and workable identity and access management (IAM) in a session titled “‘No You May Not Have a Pony’—The Art of the Possible in Secure IAM Design” on Thursday. Other notable programs around the topic of identity focused on unified identity, fraud and digital transformation.
While it remains to be seen exactly what’s next for the identity movement, RSAC 2018 revealed that chief information security officers (CISOs) are thinking carefully about how to address users, data, trust and authentication.
Information Security Is a Mainstream Conversation
Perhaps more than ever in the 27-year history of RSAC, information security is squarely in the public eye. Headlines announcing data breaches have become so incredibly common that, according to a team of researchers led by Iowa State University Associate Professor of Informations Systems Rui Chen, the public is now suffering from “breach fatigue.”
In the “The Cryptographers’ Panel,” which opened RSAC 2018, Moxie Marlinspike of Signal explained how attitudes toward social media have shifted in recent months. “The utopian narratives of [social media] connecting the world and organizing information is coming to an end,” he said.
According to Marlinspike, “People are seeing social technology less as a hopeful tool for a brighter, better tomorrow and more like weapons everyone simultaneously thinks are in the wrong hands.” Marlinspike believes the loss of trust in social media has a direct impact on society, as well as the domains of privacy and cryptography.
Wrapping Up RSAC 2018
RSAC brought together 45,000 security professionals and hundreds of exhibitors at a pivotal moment for the security industry. Last year, cybercrime was a $6 trillion industry. The clock is ticking on General Data Protection Regulation (GDPR) compliance and CISOs are facing ever-increasing pressure to innovate securely. Simultaneously, public attitudes toward social media as a “utopian” tool for connection have seemingly slammed to a halt. It’s never clear what’s next in terms of threats, but some of the brightest minds in the industry dedicated the past week to discussing how to best move forward.
While organizations face undeniable challenges related to talent and diversity, a universal commitment to promoting the inclusion of women in cybersecurity can, per Saujani, solve the problem. Similarly, van Zadelhoff asserted that cultural commitments to open collaboration and cognitive capabilities can enable organizations to act with the right intelligence at the right time.
The common takeaway from all the riveting sessions, panels and events at RSAC 2018 is that to prepare for the uncertain future of cybersecurity, organizations must strengthen their talent pools, adopt cognitive systems and double-down on open collaborative efforts.