RSAC 2017: Securing An Increasingly Insecure World

Posted on by Tony Kontzer

Ah, another year, another endless series of security incidents and growing threats to keep the IT security world on edge. (And gainfully employed—let's not forget that part.)

As the InfoSec world converges on San Francisco for next week's RSA Conference, there are plenty of topical themes attendees can expect will be filtered through the gauntlet of keynotes, sessions and workshops. And as in past years, those themes run the gamut, from large-scale data breaches and fast-growing threat categories to political hacking and the risks posed by new technologies.

Of the major security stories from the past year, the one that generated the most headlines and rankled the most powerful people was undoubtedly Russia's alleged hacking into the Democratic National Committee's computer system and then leaking emails on Wikileaks, purportedly to sway the U.S. Presidential Election in favor of Donald Trump.

What we know about the incident remains a bit fuzzy, what with the partisan back and forth over accusations of fake news and election rigging, but given that U.S. intelligence officials have concluded that the hack was perpetrated by representatives of the Russian government, the takeaway is clear: When a country as high-profile as Russia is willing to hack into a critical U.S. political organization and interfere with our election process, it's time to take the threat of nation-state actors very seriously.

Meanwhile, when it comes to private sector breaches, everything that happened in 2016 took a back seat to Yahoo and its disclosures in September and December that 1.5 billion user accounts were hacked in incidents in 2013 and 2014, the largest such hacks on record.

We hear about these kinds of hacks every year, although never with these kinds of numbers. But as big as the numbers were, they were far less important than the fact that Yahoo let this happen not twice, which would be bad enough, but three times. (The company had previously acknowledged a 2012 hack of 450,000 accounts.)

My guess is that there's not a lot to learn there for a population of RSAC attendees whose organizations surely would have had things locked down after the first incident, or at worst the second. Yahoo's security has long been a mess, and the company has faced public criticism for falling so far behind the threat landscape. Its experience serves as a little more than a powerful cautionary tale.

That leaves us with the theme that really occupies today's IT security world, one that introduces billions of access points into the security landscape, that adds layers upon layers of complexity when it comes to monitoring and reporting on incidents, and that has the potential to make the mitigation costs of yesteryear look like chump change. Oh, and by the way, it also is expected to fuel billions upon billions in economic growth.

I speak, of course, of the Internet of Things. Already, the abundance of doors the IoT opens up have been on full display for the world to see. The most dramatic and alarming example came last fall when a massive denial-of-service attack took out a large chunk of the Internet for the bulk of Oct. 21, crashing a host of prominent web sites and throwing Internet traffic into disarray. What made the attack more concerning than any before was the nature of the Mirai botnet that caused it.

Whereas botnets normally hijack computers to do their work, this one used random devices connected to the IoT, things like video surveillance cameras and DVRs. In other words, IT security folks, who've spent their careers securing computers and mobile computing devices, now have to worry about whether the next threat could be coming from an HVAC monitor, an elevator, or even a toothbrush someone brought to work with them.

In that context, you can expect that a lot of RSAC attendees this year will be looking for guidance on how to contend with the coming onslaught as their respective organizations embrace the IoT. (Which, by the way, they will inevitably do whether or not they have yet.)

They will also be looking for help contending with ransomware, an increasingly favored tool of cyber-extortionists that is being fueled by the IoT. Quite simply, RSAC attendees do not want to find themselves in the kind of predicament that recently ensnared a hotel in Austria.

It seems that clerks at the Romtik Seehotel Jaegerwirt, an alpine hotel in the village of Turracherhöhe, found themselves locked out of the hotel's keylock system and thus unable to check in guests, who walked around aimlessly as the clerks tried futilely to figure out how to get them into their rooms. Facing a demand for $1,800 in Bitcoin currency for the return of control of the hotel's keylock system, the hotel's management had no choice but to cave in to the demands and pay the ransom.

Again, this happened at a small Austrian hotel over $1,800. Just imagine what the future holds now that cyber extortionists know they can get away with this. And if the hotel locks down its keylock system, who's to say the heating system won't be next?

So there you have it—a smorgasbord of emerging IT threats and tools that are arriving just to make all of your jobs more complicated, more stressful, and, given the value that's at stake, more lucrative.

Let's see if a few days absorbing the latest from the security front at RSAC can't help with that last part.

Tony Kontzer

, RSA Conference

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community