Over five days, 45,000 consumers and thought leaders convened at the 2017 RSA Conference, sharing insights on how to stay ahead of today’s – and tomorrow’s – cyber threats. Coalfire was in the thick of it, and here we’ve compiled some of the most important takeaways.
Cyber insurance and the difficulty of addressing risk
In a provocative talk, John Loveland, global head of cyber security strategy and marketing at Verizon Enterprise Solutions, addressed the need for cybersecurity professionals and insurance companies to communicate the full nature of cyber risks – and why this communication often goes wrong.
“The market size for cyber insurance by 2020 is estimated to be at $5-10 billion. This makes the importance of understanding where risk transference fits into an overall risk management profile more relevant than ever.”
Cat fishing – and what young people really do online
RSA's youngest speakers, Ayla and Jace Herzog of ISECOM/hacker high school, talked about what many kids really do online – and it’s not what you might think.
As expected, younger users rely on mobile and smartphones for surfing the web, but their motivations may be a surprise. In addition to keeping up with friends, playing games, and basically filling time, nearly all of them have anonymous accounts. They often use these for "Cat fishing" – tricking people into believing they are someone else to get them to reveal information.
This can be extremely dangerous from a security standpoint and can effect more than just the youth involved. Top 5 apps: Facebook, Instagram, WhatsApp YouTube, Snapchat.
Electoral dysfunction – lessons and warnings
Mike Weber, vice president, Labs for Coalfire, gave his thoughts on the hot topic of cyber attacks on the US electoral system and what could happen in the future. Mike was referenced earlier in the DarkReading.com article ‘After Election Interference, RSA Conference Speakers Ask What Comes Next’, saying:
“There are other, practical reasons attackers wouldn't go after voting machines. Although vulnerabilities have been found in machines before, many of them require physical access, or near access to the hardware. Therefore, it's simpler ‘not to attack the infrastructure, but the things that access the infrastructure’ – like voter databases, for example.”
Other members of this discussion panel affirmed that the U.S. electoral system brings complexities that will require proactive interventions to ensure that votes are tallied with integrity.
The future – revealed?
The conference’s keynote took a wide view of cyber security and where we might be headed. The speakers discussed how security analytics can get us to a better future, for example, and how collaboration and incident response will anchor future security approaches.
On incident response: “What if it didn't look back, but instead forward? For example, a vulnerability like a shared username or password that could be exploited.”
On collaboration: “Could security be like a neighborhood watch program, where we got more secure when additional people moved in?”
A week of inspiration
Now that the dust has settled, we look forward to reconnecting with those we met at the show this year and sharing learnings with those of you that might not have been in attendance. We are ready to start planning for the 2018 RSA Conference, and the many security challenges that lie ahead.