I love this time of year, reviewing the New Year’s predictions for cyber security trends, reflecting on how they align with our company’s initiatives and getting ready for RSA, the annual Super Bowl of the security world. I find it highly appropriate that it will be going on over Valentine’s day. For those of us who love security, RSA is like one week-long date with our favorite things all packaged into one event. So if I can’t be with my husband, at least I will be with my other love, security, and over 20,000 like-minded friends.
"For those of us, who love security, RSA is like one week-long date with our favorite things all packaged into one event"
RSA is the one week a year, we can network, stroll through the expo investigating new solutions, take in sessions on emerging threat vectors and pause to think about that state of our own security practices. We can push the boundaries of our own understanding, learning from our peers, partners and, sometimes, idols. (We are technology nerds at the core.) Personally, I am so excited that Dame Stella Rimington is one of the keynotes. For James Bond fans, you know that she is the woman that inspired “M.” Need I say more?
There are a many areas of the conference I am looking forward to focusing on this year. RSA’s themes of social responsibility: parent cyber education, gender diversity, scholar/graduate programs, and innovation. The depth and variety of speakers and topics—from Seth Myers to the panel on The Seven Most Dangerous New Attack Techniques—are vast. Lastly, I plan on spending time around Innovation Sandbox to see developing technologies and what solution may be the next concept to market, we should be paying attention to as an industry.
Beyond these areas, as I prepare for RSA, I keep coming back to how my organization can better align to the predicted trends. 2017 marks a few key shifts in the security world, which will become the critical areas of focus for my organization in the coming years.
IoT, Beyond the Botnet
No one will argue that IoT will be the buzzword for security for the foreseeable future. We should all get shirts in our swag bag that declare “I survived the IoT invasion!” The trends point to growing concerns about the weaponization of IoT beyond obvious applications. In 2016 we saw resurgence of old attack types being reused in new innovative ways to cause disruption and impact critical business functions. In 2017 the ideas of bio hacking, focused or malicious supply chain disruption, and how IoT could lead to global agriculture as a terrorism target, are no longer hypothetical, but very real threat concerns.
Cyber/Physical Security Convergence
We are seeing IoT start to drive the merger of cyber and physical security. Traditionally these are very separate parts of a company, as a threat vector and as a source to assist in achieving an enhanced proactive security posture. Now companies are starting to pursue how to jointly address these very different yet similar worlds.
Strategic Information Operations
The US elections brought cyber espionage, cyber propaganda and fee for leaks to the forefront of the media. Key information is now worth millions to the right buyer, which is increasing pressures in both the public and private sectors for enhanced security frameworks and policies. The real danger though is utilizing this type of information with propagandistic malicious intent. As we saw with the elections, the social engineering ramifications and use cases are infinite. We are just seeing the tip of this iceberg on this topic. My thoughts are that we will see a shift of this threat vector turning to the private sector quickly, which may result in a few titanic size breeches/data exploits in 2017. Proactive protection and proper data handling, coupled with advance threat intelligence is going to be critical in trying to qualify this emerging threat landscape.
The Price for Excellence
There is a recognized shortage of security professionals. With six jobs for every qualified professional by 2020, we need to work smarter and faster together to address the gap. How can we better matrix manage across organizations to off load basic hygiene functions to traditional network groups? How can we develop talent quickly to fill emerging gaps, and how do we attract more people into the security industry from other areas of businesses? How we address skyrocketing costs, coupled with the need for quick growth, balanced by fostering collaboration and development is on the mind of every organization, and something I am keen to discuss at RSA.
Lastly, one of my favorite topics, “Is privacy a social anomaly, and is the concept now antiquated?” I will save my commentary for another day, but needless to say, privacy may be facing extinction. The next logical question is then “how do we protect what we have left?” Keeping these questions in mind you will look at the solutions showcased in the Expo halls in a very different light. Trust me, it will make your walk around the halls a much more entertaining, and possibly enlightening experience as this is a very real dilemma.