The slogan for this year’s RSA Conference, one of the largest cybersecurity trade events in the U.S., was “Failure is Not an Option.” But the general mood of those who work in cybersecurity could be best summed up as, “We’ve been failing – now what?”
The turnout alone for RSA 2016 is evidence that those who work in IT security are struggling to keep up with all the changes in their industry. Add in the never-ending barrage of cyberattacks splashed across the headlines daily, and you’ve got a group of people who are clamoring for answers. An estimated 40,000 people attended this year’s event. And judging by the standing-room-only crowds at the educational sessions, industry panels and keynotes, they were all in search of advice, tools and shared success stories from their peers to help them avoid the “failure” option.
Although attendees of RSA are there to learn about new technologies that may help solve some of their network security woes, it’s also a chance to share opinions about trends that are shaping the security industry. Here are a few hot topics at this year’s RSA Conference:
- RSA-goers are Team Apple. The sentiment with RSA attendees and speakers clearly skewed in favor of Apple in the ongoing battle between the tech giant and Federal law enforcement over the security mechanism on an iPhone belonging to one of the San Bernardino terrorists. There is a massive trust deficit between those in the security industry and the federal government. US Attorney General Loretta Lynch was at the show to give the federal government’s side of things, while experts like Nuala O’Connor, president of the Center for Democracy and Technology, presented arguments against granting the FBI’s wishes. This court decision has a lot of IT security experts concerned about the future of their industry.
- Security is going through some talent angst. Various panels and sessions addressed the IT security skills shortage, and how this trend must be corrected to reverse the tide of increasingly frequent cyberattacks. It’s a valid concern: no skilled workers means there’s no one with the expertise to protect the network and understand the nature of threats. The advice from the experts was two-fold: companies need to recruit and retain the top talent, and we should all cast an eye to the next generation of IT workers by investing in solid STEM education for young people.
- The Snowden encryption debate lives. Back at RSA in 2013, the name on everyone’s lips was, of course, Edward Snowden. Here we are, three years later, and the “Snowden Effect” is still being felt in the security community. This year, there was lots of lively back-and-forth on the role of data encryption. Many businesses, especially banking, financial and healthcare, rely on encryption to keep personal data of customers and patients safe. But law enforcement officials claim that encryption is aiding and abetting terrorists, child predators and nation-state hackers. As you might suspect, cryptographers whose entire job description is to ensure data safety (a significant audience at RSA) support the use of encryption, and believe that law enforcement is fully capable of doing their job without sacrificing data safety. They say the potential for spying on law-abiding citizens is too great to do away with encryption, and cite Snowden’s revelations as evidence.
- Social engineering is the new black. Social engineering is now the preferred attack vector used by cybercriminals, and security pros are eager to learn everything they can about how to stop it. Social engineering is far more sophisticated than those old “Nigerian Prince” chain e-mail schemes. Social engineering hackers go to great lengths to fashion believable phishing scams that include multiple levels. These include a phone call from someone claiming to be with the fraud department at your bank, followed up by an email or even a text message or instant message (known as “smishing”) – all orchestrated to steal your personal data. There were lots of sessions on how to spot a social engineering hack, and I expect there will be even more next year.
It certainly will be interesting to see how all of these topics and trends develop over the course of 2016. One thing’s for certain: there is never a dull moment in cybersecurity!