Attracting the best and brightest in the field, the annual RSA Conference plays an important role in keeping security professionals across the globe connected and educated. Last week, we witnessed several cybersecurity trends and developments including the federal government’s involvement with security, the ease of automotive hacking in modern vehicles, potential threats targeting connected medical devices, and the lack of cyber education among IT professionals. A brief recap of these four takeaways and their implications:
- Apple vs. the Federal Government
One of the hottest topics was the federal government’s ongoing case with Apple. Last week, a U.S. magistrate judge in New York ruled Apple did not have to comply with the FBI’s request to crack an iPhone central to a drug investigation. During RSA, U.S. Attorney General Loretta Lynch took to the stage, and stressed how national security depends on the technology industry’s cooperation and emphasized the two find a middle ground to best protect America from potential threats – cyber and physical.
- Connected Cars and Automotive Hacking
Researchers from Uber’s Advanced Technology Center took the spotlight highlighting just how simple it can be for sophisticated hackers to breach software systems in vehicles. They cited Jeep, Tesla, Ford and other exploits as completely lacking detection of these kinds of attacks. Examples included hijacking a car’s radio or even disabling the brakes by interfering with the vehicle’s controlled area network (CAN) messages. While this news is nothing new, with the proliferation of smart devices across the globe, it is vital these types of intrusions stay top-of-mind for security professionals and individuals alike.
- Medical Device Security
IoT security is a new frontier for most industries, including healthcare, giving hackers a head start to exploit connected technology. White-hat hacker and Ph.D. research scientist Marie Moe presented her findings on IoT medical devices and their lack of security. After discovering her lifesaving pacemaker was exposing her to a different kind of threat via wireless connectivity capabilities, Moe dedicated her life’s work to find out more on behalf of all patients and force transparency into the healthcare sector where often doctors are uniformed, code is proprietary and third-party access is limited.
It’s quite interesting to hear Moe’s experience but not at all surprising considering Forrester’s prediction that 2016 will be the year we see ransomware for a medical device or wearable. Fortunately, her and others’ work seems to have gained some traction as, just this year, the U.S. Food and Drug Administration issued draft guidelines to address medical device cybersecurity.
- Lack of Cybersecurity Education
Last, but definitely not least, an overarching theme of RSA is actually one that doesn’t deal with threats specifically, but rather the lack of cybersecurity education and training in the workforce and among applicants. This significant shortage is continuing to impend the ability to hire qualified leaderships such as CISOs and CIOs, as well as information technology professionals.
The cyber-crime landscape is constantly changing, making the learning curve difficult to overcome. Phishing, spear phishing and malware will continue to plague enterprises in 2016. IT leaders need to address these issues, as well as understand and meet new threats tied to IoT, mobile devices, apps, the cloud and other rapidly evolving technologies.
While RSA 2016 might have come to a close, we will definitely hear more about the topics discussed. As per our 2016 predictions, we expect medical and other IoT devices to be at the center of interest. I am personally very interested in seeing progresses on the education front. From taking steps in secondary education to higher learning institutions and trade schools, opportunities to educate and train young minds is essential for the continued success of cybersecurity and the protection against malicious threats.
Looking forward to RSA 2017!