​RSA Conference 2016 – The Top Five Issues

This year marked my fourth RSA Conference – I’ve attended three in San Francisco and one in Singapore – and each year there are some stand-out issues and themes that dominate discussion.

In my view, there were five clear themes that stood out this year. They were a shift in focus from detection to prevention, the balance between the right to privacy and the need for security agencies to access encrypted data, the importance of a risk-based approach, the ongoing skills shortage, and that no one really knows how to secure the Internet of Things.

1 - The detection/prevention pendulum

Over the last couple of years, the biggest buzzword in enterprise security has been “security analytics”. There was a belief, or perhaps resignation, that system breaches were inevitable so security professionals needed to get a better understanding of what was happening inside the enterprise by using SIEM tools, machine learning, artificial intelligence and other tools to detect anomalous behaviour.

This year the inevitability of being breached was challenged. With so many major breaches reported last year – the US Office of Personnel Management, Anthem and Ashley Madison were common examples used by many presenters – organisations realised these incidents may have been preventable, or the impacts significantly reduced, had better defensive measures been in place.

This year, many speakers spoke about the importance of the end point, both as a line of protection but also as an intelligence tool to detect what adversaries were targeting in order to better align defenses.

2 - The balancing act between security and privacy

Read more: Apple yanks malware from AppStore that targets non-jailbroken iPhones

The timing of the FBI and Apple battle over access to the encrypted data of the iPhone 5c used by the San Bernardino terrorists ensured this was the most spoken about topic for the conference. In hallways, conference rooms, bars and restaurants across San Francisco, it was almost impossible to have a conversation where this didn’t come up.

There was no middle ground in the discussions I was privy to. People very firmly aligned themselves on either side of the debate with little chance of reconciliation or compromise.

The only consensus I heard was that this fight was critical and that it would not be resolved until the matter was played out in the Supreme Court.

3 - Risk-based information security

This wasn’t a particularly new theme this year but was has changed is an understanding that no one really understands how to accurately quantify information security risks.

Insurance companies are coming to understand that while the cloud delivers many business benefits, a breach at a major service provider such as Microsoft or Amazon, however unlikely, is not impossible and that such an incident could result in insurers paying out to thousands of clients for one incident.

CISOs and CSOs are starting to look for staff that can see a technical risk but translate that into a business risk that can be better quantified and described to the c-suite and board so they can make decisions.

The days of CISOs and CSOs saying “there’s a major threat out there” and getting more money to combat it are soon coming to an end unless those threats can be shown to affect the business.

4 - The skills gap

During the opening keynote, RSA executive director Amit Yoran told people to “stop whining” when it comes to the skills shortage in information security. His advice was to address the issue head on and start identifying and training your own talent.

5 - The Internet of Things

Almost every single person who spoke about IoT mentioned the same Gartner study that predicts there will be in excess of 20 billion IoT devices connected to the Internet by 2020. Interestingly, that definition covers everything from cars to household appliances to remote sensors. And the way different device classes can be secured varies greatly with different experts and vendors touting everything from working with device makers to embed security on to every one of those endpoints through to securing data aggregation devices through to relying on constantly scanning network traffic and using AI to look for anomalies.

The other issues I’ve mentioned are all more immediate but the IoT looks to be the biggest sleeper issue in information security today. No one I spoke with had any way to quantify, with any degree of confidence, the actual numbers of devices, volumes of data or even what sorts of devices might require some level of hardening and monitoring.

My gut feeling is it will take a serious, in the wild, breach for IoT to get some serious attention.

Join the CSO newsletter!

Error: Please check your email address.

Tags buzzwordpendulum#RSACsecurity analyticsRSA Conference 2016CSO AustraliaAshley MadisonSIEMSan Franciscoinformation securityInternet of Things (IoT)RSACInternet of Things​RSA Conference 2016

More about AppleFBIGartnerMicrosoftRSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts