RSA Conference 2023 Promises New Concepts, Diversity of Ideas


Posted on by Greg Day

The new year is always a time to reflect on what’s coming next. As part of the RSA Conference program committee (having worked on the Hackers & Threats track for a number of years), I’m privileged to get to see everyone’s perspectives. This year, I’m happy to report a significant growth in the number of submissions, suggesting that the collective is starting to look beyond COVID-19, which definitely hampered the volume and creativity of solutions in recent years.

Starting with the obvious, ransomware remains a key theme. But the number of submissions around the topic has dropped as we have become desensitized to it, even though both innovation and the volume of organizations being attacked continue to grow. There were still some interesting submissions around shifts to PaaS, the growth in credential theft techniques, and ransomware being used as a smokescreen for other nefarious goals. 

Two other expected topics include supply chain attacks and the ongoing impact the Russia-Ukraine war has had on cyber. The massive and still growing scope of supply chain attacks is very much being explored, as we saw submissions examining security issues from the hardware level, source code repository sources, API weakness, collaboration tools, marketplaces, and the cloud space.

This year, there was definitely a mix of the old and the new. The old in terms of old vulnerabilities and threat techniques being used in new environments. Though the concept isn’t new by any means, the outcomes can be. The new being some of the evolving technology spaces that will likely become the next threat space, such as the metaverse. It feels like we are a long way from the maturity of cloud attacks, with still many submissions on every aspect of it, and yet the digital world and threats are already moving forward again. However, my favorite was an old concept with a different spin: buying cheap, decommissioned hardware and using new techniques to recover the data.

It was interesting to see a growth in focus around psychology, be that how we as humans generate passwords, how our personal data can be used to gain access to the business world, using social media to track troop movements, or, on the flip side, trying to reverse the model and better understand the adversary to preempt their actions. Additionally, there was talk of how the adversaries are using psychology against defenders and how we reverse the model.

I always get asked what my favorite submission was, and I must be honest, there were a few this year. The submissions’ diversity had grown geographically, as well as from industry background and role perspectives. At the same time, the diversity of ideas and new concepts submitted has definitely broadened. I really hope this is a sign that as the world tries to move forward, we are taking the time to think, be creative, and challenge ourselves and our ideas in cyberspace. If nothing else, I can tell you there will be some great sessions at RSA Conference 2023.


Contributors
Greg Day

VP & Global Field CISO, Cybereason

Hackers & Threats

hackers & threats malware anti malware platform integrity

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs