So it’s that exciting time of year again – no, not Christmas! It’s when we get the submissions for RSA Conference 2021, specifically, the Hackers and Threats track, which it has once again been my privilege to be supporting as a Program Committee member.
Whilst this year has been tough for so many people in so many ways, it definitely didn’t dampen the spirit of those who entered over 260 submissions that we had to whittle down to only 18 actual speaking slots. I always consider this process as a great lens into what cybersecurity experts see as front and center of their focus for the next 12 months, so I’m delighted to share the key trends that came from this year’s selections (in no specific order).
- Ransomware attacks – Little surprise that there continues to be lots of focus on this space. We have seen the attacks becoming more sophisticated and targeted. Often they are now carrying multiple payloads such as ransoming data access but also either reselling the data on or extorting further funds under threat of posting non-public data in the public domain. And while some ransomware is still focused on random victims, others have become far more targeted. The healthcare industry has certainly seen the pain from this. Given all the other challenges they face, it was great to see a submission around how cybersecurity experts have been giving up their time to volunteer to help compromised medical organizations. Let’s hope that’s a trend that catches on globally.
- Vulnerability management – There were a number of submissions this year focusing on the vulnerability scoring methodologies, most claiming to provide a more real-world insight into the actual utilizations and risks from new vulnerabilities than the traditional Common Vulnerability Scoring System (CVSS) methodology. At least they all had their own new four-letter acronym. In this category, there was also the flip side of the lens: how to fix the source—sessions pushing on how we build better coding best practices.
- Let’s cross them off the list now—there were a lot of sessions on how threat actors leverage current events. Social engineering will only ever-evolve from the cybercriminal’s perspective. There were submissions tied to how cyberattackers leveraged COVID, and, of course, there were sessions about how cyberattacks look to impact US elections and compromise people, based on the topic.
- For the greater good – I’m always very proud of those people that are offering free tools and resources. For example, how to analyze logs using open source tools, or tools that allow you to unpack files or memory. These empower many to do new creative things and provide resources to those that maybe don’t have access to commercial tools. My only reservation is that too many of such tools can end up being a very human-labor-intensive process for a security team to leverage.
- Evolutions – I’m always amazed at some of the innovation that technology empowers. We had submissions around bio-hacking, for example. This involves embedding technology into your body and then using it to gain access to other systems. We also had submissions around how you can pick up soundwaves from a lightbulb, how Bluetooth Low Energy (BLE) beacons, or bluetooth beaconing devices, can be misused, and more IoT and smart energy grid submissions. All of these highlight to me that we are connecting more things, and adversaries are looking at how to subvert these things.
- SOC fatigue – Every year, we have sessions on how to use new tools and processes, or simply how to become a Security Operation Center (SOC) analyst, but this year we saw sessions on how to manage the issues of information overload and operational efficiencies in a SOC, as fatigue has become an all-too-common issue.
- AI/ML, data science tools – Last year, Artificial Intelligence/Machine Learning seemed to be the buzzword in submissions, with lots of focus on the value it could offer as well as how threat actors were looking to misuse it. The volume of submissions on the topic has significantly dropped this year, I suspect as the AI hype clears and we get used to the growing utilization in reality in cybersecurity. However, the interesting addition for me this year was around the misuse of broader data science tools by adversaries. As we have seen all too often, adversaries look to take their knowledge and skills, and leverage them in adjacent technology spaces.