Greg Day Talks Trends from the Hackers & Threats Track for RSAC 2022

Posted on by Greg Day

For many years, I have been extremely fortunate to be involved in RSA Conference, historically in Europe and the Middle East and more recently in the United States. It’s such a privilege to be able to see all the ideas, so many smart cybersecurity experts submit into the hackers and threats stream. It’s a sense check of what everyone in the cybersecurity industry is seeing and expecting more of in the coming year. 

Whilst obviously I cannot share the details of any submission, I can share the themes as I am sure it will help all of us plan and prepare better for the future. Like everything in life, the quality of submissions varied greatly, mainly based on experience and background. Some are clearly written by marketing teams, others by the subject matter experts themselves. Don’t get me wrong, my writing skills are not the best, so I lean on others who can help me, but the point is some are sales pitches full of cyber bingo words, and others are far more skillfully crafted. I mention this only as I thought I would take a leaf out of the more marketing-oriented sessions and share my own abstract. I paraphrase, connecting all the key themes in one for a bit of fun and a quick way for you to get a sense of the submissions!

So here goes … the ultimate Hackers & Threats submission abstract:

Concerns of threats hackers have phished the cloud supply chain for ransomware targeting IoT medical vulnerabilities in cloud authentication APIs that haven’t been discovered by bug bounties and have inappropriate CVE scores that AI detection in collaboration with lessons learned in IR would have seen if the stalkerware hunting had been in the cloud marketplace. If only we had listened to the conversation via the LEDs in the room, using compromised green energy systems.

Fun aside, what can we take away from this year’s submissions? Well, the most common topics were ransomware and supply chain attacks, little surprise, this is a top of the most impactful incidents in the past 12 months, and we can and should expect more. Likewise, we had no shortage of cloud-based submissions, some looking at DevOps, others looking at APIs. Probably the most common were those looking at authentication mechanisms and how they could be compromised. Interestingly, there were also submissions looking at hybrid cloud providers and some specific cloud capabilities, which seems like the next natural double-click down, i.e., what are the slightly less common targets that proven methods in the major cloud provider space can replicate?

On the flip side, this track received fewer submissions than in previous years, but we still had many solid abstracts that will indeed pique interest. My only speculation for this is that COVID impacted submissions. Everyone has been working so hard on ensuring their businesses are secure in very changing working environments. Taking the time to stop, think about, and do research has been a luxury not many have had over the past 12–18 months.

It was great to see one of our youngest speakers, who spoke for the first time last year, submit again with a great topic. As a parent, I’m so proud to see young talent challenge the industry. As always, there were a few very imaginative sessions, such as compromising green energy systems and using LEDs to listen in. IoT feels like it’s had more attention. I can only speculate it aligns back to the attacks we have seen in the medical world over the past year and the blurring between home and work, the former being typically much higher in IoT things connected. There were a number of papers sharing dissatisfaction, for example, in how bug bounty processes have actually functioned and vulnerability scoring systems and their portability to different environments such as the cloud.

COVID has changed so many things, and its impact on cybersecurity will continue for many years. We had submissions suggesting the volume of stalkerware had significantly grown in the lockdown periods around the world. Some could argue whether this is a business problem, yet the boundaries between work and personal life are likely to continue to blur in the growing work-from-anywhere world.

RSA Conference is many months away, but I look forward to seeing you there in some way or another. The adversaries definitely haven’t slowed down, so it’s great we have such opportunities to share and learn from each other. My ask of all of you: Take the time to share your knowledge with others. Assuming I get the opportunity to support again next year, I would welcome reading submissions from every one of you. After all, we learn through collaboration!

Greg Day

VP & Global Field CISO, Cybereason

Hackers & Threats

ransomware supply chain Internet of Things cloud security DevSecOps

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs