The RSA Conference (RSAC), a gathering of cybersecurity experts held several times a year, just finished off its first 2020 iteration.
This event was held in San Francisco in late February. Around 36,000 attended, along with 704 speakers and 660 vendors. The theme of this gathering was “the human element.”
We’ll get into more depth about that in a moment, but first, let’s just touch on the idea that the RSAC is a big deal in the cybersecurity and IT industries. Topics and trends typically emerge that people pay attention to going forward.
Let’s take a quick look at what the discussions were like.
AI Still Needs Humans…For Now
With all the hullabaloo surrounding the growth and market penetration of AI-based products and services, it wasn’t a complete surprise than conference organizers chose to focus on the idea that humans still matter.
Maybe that won’t be the case. Maybe, like the theme surmises, the battle that rages between hackers and security experts – using AI tools – will keep humans foremost in the equation, even as the capabilities of machine learning reach astounding new levels. =
As a result of these new capabilities in machine learning, we can expect AI tools to play a much greater role in daily business operations and marketing as well. Examples include customer service solutions, as retailers are already investing close to $6 billion in AI-based customer service solutions, and in identifying key performance indicators, which will be necessary as currently only half of small-to-medium sized businesses are actually measuring KPIs on their own.
Of course, there was no concrete takeaway on this topic from RSAC and likely never will be. It’s just designed to make you think about an important idea.
A New Kind of Virus
The big talk of the conference didn’t revolve around the latest malware making the global rounds but rather a real life little bug known as coronavirus or Covid-19. No matter the potential fallout from the digital variety, nothing can hold a candle to an actual illness that has made a name for itself very quickly.
Already, major concerts and entire sports seasons have been canceled. Many companies are facing a financial bloodbath, decimated by the growing number of people who curtail their usual shopping habits thanks to the sudden popularity of self-quarantine. The societal effect has been unprecedented for our generations.
By the time you read this, even larger swaths of the globe might have fallen prey to the disease or we might be on the road to recovery. Regardless, the coronavirus has everyone’s attention.
Old Business – New and Emerging Threats
The idea that everything old is new again applies perfectly to the world of security threats. The previous year saw the continuation of a handful of popular hacker strategies continue in full force because they are still effective. This includes ransomware, cryptojacking, phishing, botnets, and RAM scraping.
The latter, which might not be part of the broader public lexicon, is familiar to business retailers who operate POS systems. These days, only 36% of customers carry cash, a reality that hackers are well aware of as they target credit card information at the point in the process before it is encrypted.
But there are some new destructive kids on the block as well. For example, have you heard of USB cables being used to transmit malware? It’s happening. And new ways to hack mobile devices are always worth paying attention to. With the general public leaving behind desktops, and even laptops to some extent, the bad guys are busy dialing up new ways to compromise our phones and tablets.
For an interesting discussion on the topic from the conference, check out this panel.
Governments Get Involved
We have to look no further than the 2016 US presidential election to find allegations of foreign interference that threaten(ed) our national security. The same goes for every sizable country around the world. Cyberattacks are a quick way for the small shrimp to try and even up things with the whales. Lately, governments have decided to take note of that reality.
The bottom line is that cybersecurity is no longer only a worry for the private sector. National, state, and local governments are being forced to join the fray to prevent a descent into pure chaos and to preserve the systems that define a country. We’re talking about developing short and long term policies and legislation to deal with cyber threats.
In fact, an entire new agency has been created – the Cybersecurity and Infrastructure Security Agency (CISA). Charged with protecting critical government networks, expect to hear more from these guys and gals in the near future. One thing is certain. Cybersecurity and politics are being forced to become bedfellows.
Data Privacy or Lack Thereof
Big data will do nothing but continue to get bigger and this growing pile of digital treasure has snagged hacker attention like nothing else. There continues to be a thriving market on the Dark Web for buying and selling personal information, usually taken from ostensibly free VPN services.
This promise of easy money is probably the driving force behind the 33% increase in breaches we saw in 2019 compared to the previous year. That makes it the worst year for unintentional loss on record. Whether or not cybersecurity tactics can start to seize the upper hand in the battle remains to be seen.
A complicating factor is the struggle between data privacy and security and the continued effort to make sure that data is always handled ethically. With the rise of consumer-empowering legislation like GDPR and CCPA, those charged with storing and protecting others’ personal data have to also be mindful that a slip up could yield a hefty fine for the company involved.
Data privacy and related developments will continue to be at or near the top of hot button issues for the foreseeable future. As the use of technology like facial recognition continues to increase, expect these discussions to grow even more heated.
Among other topics of note, we also paid particular attention to discussions on cutting edge cybersecurity tools and techniques, how to make GDPR work in the real world (within getting your company fined out of existence), and the rise of malicious documents in Gmail.
As always, if cybersecurity is your thing, this RSAC has something for everyone. Stay tuned for the next conference in this series, which happens in July in Singapore. The human element theme continues. Hopefully, coronavirus will be fading in the rearview mirror by then and we can get down to focusing solely on the digital bugs again.