The new year is always a time to reflect on what’s coming next. As part of the RSA Conference program committee (having worked on the Hackers & Threats track for a number of years), I’m privileged to get to see everyone’s perspectives. This year, I’m happy to report a significant growth in the number of submissions, suggesting that the collective is starting to look beyond COVID-19, which definitely hampered the volume and creativity of solutions in recent years.
Starting with the obvious, ransomware remains a key theme. But the number of submissions around the topic has dropped as we have become desensitized to it, even though both innovation and the volume of organizations being attacked continue to grow. There were still some interesting submissions around shifts to PaaS, the growth in credential theft techniques, and ransomware being used as a smokescreen for other nefarious goals.
Two other expected topics include supply chain attacks and the ongoing impact the Russia-Ukraine war has had on cyber. The massive and still growing scope of supply chain attacks is very much being explored, as we saw submissions examining security issues from the hardware level, source code repository sources, API weakness, collaboration tools, marketplaces, and the cloud space.
This year, there was definitely a mix of the old and the new. The old in terms of old vulnerabilities and threat techniques being used in new environments. Though the concept isn’t new by any means, the outcomes can be. The new being some of the evolving technology spaces that will likely become the next threat space, such as the metaverse. It feels like we are a long way from the maturity of cloud attacks, with still many submissions on every aspect of it, and yet the digital world and threats are already moving forward again. However, my favorite was an old concept with a different spin: buying cheap, decommissioned hardware and using new techniques to recover the data.
It was interesting to see a growth in focus around psychology, be that how we as humans generate passwords, how our personal data can be used to gain access to the business world, using social media to track troop movements, or, on the flip side, trying to reverse the model and better understand the adversary to preempt their actions. Additionally, there was talk of how the adversaries are using psychology against defenders and how we reverse the model.
I always get asked what my favorite submission was, and I must be honest, there were a few this year. The submissions’ diversity had grown geographically, as well as from industry background and role perspectives. At the same time, the diversity of ideas and new concepts submitted has definitely broadened. I really hope this is a sign that as the world tries to move forward, we are taking the time to think, be creative, and challenge ourselves and our ideas in cyberspace. If nothing else, I can tell you there will be some great sessions at RSA Conference 2023.