Journalists often write preview stories for RSA, and we’re no exception.
My preview appeared on Naked Security last week, and now it’s time to see how accurate my predictions were. I wrote that some of the big topics would be attacks against Internet of Things (IoT) devices and the continuing scourge of ransomware.
What I predicted:
Ransomware is an old topic in information security circles. Attackers have been hijacking computers and holding files hostage for years now, typically demanding that ransom be paid in bitcoins. Some might expect that a majority of people are well aware of the threat by now and that they’re taking the appropriate precautions. It’s therefore reasonable to assume that online thieves have moved on to new tactics. Unfortunately, that’s hardly the case, said Andrew Hay, CISO of DataGravity and one of the seminar organizers. “Ransomware is one of the most prominent threats facing organizations and their end-users, partners, and customers,” he explained.
Indeed, ransomware was a big discussion point, best illustrated by an all-day seminar on the subject on Monday. I was there and it was well attended. From 9am – 5pm, a variety of experts offered up case studies, reviews of the best technology to fight ransomware, and tips to help companies avoid falling victim in the first place.
Internet of Things
What I predicted:
IoT threats have been discussed at RSA conference for years now, but in largely theoretical terms. This past year, the theoretical turned into reality when Mirai malware was used to hijack internet-facing webcams and other devices into massive botnets that were then used to launch a coordinated assault against Dyn, one of several companies hosting the the Domain Name System (DNS). That attack crippled such major sites as Twitter, Paypal, Netflix and Reddit. For 2017, Sophos predicts a rise in threats against devices that are part of the IoT.
My prediction that IoT attacks would be a big focus also turned out to be true. Multiple vendors played up the threat – and how they could help defend against it – on the show floor. And, Chester Wisniewski and I discussed the topic at the Sophos booth as well.
Security luminary Bruce Schneier gave two presentations about regulating IoT devices. “Licenses, certifications, approvals and liabilities are all coming,” he said in one of his talk descriptions. “We need to think about smart regulations now, before a disaster, or stupid regulations will be foisted on us.”
It was difficult to pinpoint an overriding theme this year. Whereas past RSA conferences were dominated by one or two issues (spyware in 2005 comes to mind), this year was more of a topic du jour. Ransomware and IoT were just two of many issues.
But I was fine with that. I’ve found over the years that people don’t necessarily come to RSA in search of a big news event or theme. They attend because they are constantly striving to find more effective ways to better manage old problems. Whether RSA filled those needs is in the eye of the individual. For me, it was a great week full of networking and valuable conversation.