This year has been the year of extortions and, more than ever before, conversations around cybersecurity are more mainstream with increased media coverage of everything from major enterprise hacks to dinner table discussions around the upcoming election and privacy. And with cyber-criminals collecting $209 million in just the first three months of 2016, we have seen an increase in overall consumer – and enterprise level – concern over the security of our data.
As active participants in the security community, the RSA Conference Program Committee aims to provide content that is not only relevant to the industry, but also is what our peers are most interested in. In fact, the RSA Conference session tracks are not “selected,” but rather discovered during review of each year’s speaker submissions.
Interestingly, this year the Program Committee not only saw a direct connection between security events of 2016 and the more than 2,200 speaker submissions for RSAC 2017, but also noted our RSAC Advisory Board’s 2016 industry predictions were aligned with the submission themes. Here are a few overarching themes from the 2017 submissions that reflect what we’ve seen in 2016 to date, affirming what we as an industry views as important and timely:
Extortion, Healthcare and the Industrialization of Ransomware
As this year’s events have already highlighted, ransomware has been a big topic in 2016. Our RSAC submissions echo that trend. Sensitive data, such as healthcare records, continues to be a target for attackers. Earlier this year, we saw the effects of a major ransomware attack on Hollywood Presbyterian Medical Center in Los Angeles, whose computers were offline for more than a week and ended up handing the cybercriminals a sum of $17,000 in Bitcoins in the end. And, speaking of Bitcoin, we have seen an uptick in submissions around this popular crypto-currency, as well.
Health institutions are increasingly opting to pay the ransom for risk of data loss and extended downtime, illustrating RSAC Advisory Board Member and Program Committee Member Hugh Thompson’s prediction from last December:
“Stealing this type of data, like someone’s medical history that does not expire and cannot be reset, unfortunately gives attackers the luxury of time to build an infrastructure to monetize that data. Stolen healthcare data doesn't have an expiration date, and we are only just starting to realize the implications of this type of data being in the hands of attackers."
Hugh Thompson, Advisory Board Member and Program Committee Member, RSA Conference
RSAC Advisory Board Member Wendy Nather’s predictions for 2016 also focused on this popular topic:
“According to Reuters, medical information can be 10 times more valuable than a credit card number. Schemes will expand to medical devices such as diagnostic equipment, therapeutic equipment, and life support equipment, wherein attackers will lock it so it becomes inactive until a ransom is paid. That’s scary to think about when some of these devices are essential to keeping someone alive."
Wendy Nather, Research Director, Retail Cyber Intelligence Sharing Center (R-CISC)
DevOps and Automation
As we noted in our review of the RSAC 2015 submissions, the security industry definitely has an appetite for DevOps. We continue to see submissions focused on the adoption of the cloud (and cloud security in general), but the interest in automation, machine learning and applications came up in our submission review quite a bit this year. We also noted a number of automation topics were IoT-focused (as well as the increase in connectivity in general), which was also a popular area of The Sandbox last year.
RSAC Advisory Board Member Benjamin Jun coined 2016 the year for DevOps and even predicted a new set of solutions to be on the rise from specific vendors – one of which, has been on an M&A spree recently:
“Identity management and customer data—the crown jewels of any organization—will be increasingly migrated to specialized cloud services. Solutions will come from a diverse and new set of vendors, from Parse (acquired by Facebook) to Salesforce.com. Developers will insert vetted services and code into their own software, avoid building from scratch, and obtain a security level better than most homegrown offerings."
Benjamin Jun , CEO of HVF Labs
Data as a Weapon
Since the infamous founding of WikiLeaks, we have witnessed a shift in the practice of infowar. Now, state-sponsored actors are more patient and use time as an ally, which requires more evasive techniques to go unnoticed. Data continues to be a top submission keyword for RSAC, but this year more discussions were proposed around this particular use of data – and the risk and need for increased intelligence sharing to prepare both the enterprise and government for these attacks.
Todd Inskeep, RSAC Advisory Board Member, predicted attackers would be much quieter in 2016 versus the “showy” attacks of past:
“Instead of the big showy attacks that post the data and embarrass companies, the use of more quiet attacks means the public will hear less, while boards and executives will hear more—not about the attacks themselves but about the effects of the hack. It'll be more 'Houston, we have a problem,' with less insight into how the attack was accomplished and how the hacker obtained any value from what was done.”
Todd Inskeep, Principal, Commercial Consulting, Booz Allen Hamilton
RSAC Advisory Board Member Dmitri Alperovitch, however, had a more personal prediction for use of data as a weapon:
"Criminals and hacktivists are now stealing data and threatening to place it on public websites for others to see. In conjunction with this, hackers are building massive databases that include multiple types of data (insurance, health, credit card) to present a “full picture” of an individual. It’s one thing to have your data stolen and another to have it used against you. We’ll continue to see individuals’, corporations’ and public entities’ info used against them as a weapon in 2016.”
Dmitri Alperovitch, Co-Founder and CTO of CrowdStrike Inc.