A few weeks ago, a couple of colleagues and I attended the annual RSA Conference in San Francisco. My colleagues have already offered their detailed descriptions of the event; instead I’ll discuss the broader themes I saw at the event.
The exhibit floors were cheery – almost festive, in fact – with loud chatter, freebies, and buffets. Vendor booths offered an attraction that ranged from contests, to illusions, to arcade games. Even the keynotes on the first day started with a band singing We are the Champions and We Will Rock You.The mood in the track sessions and keynote lectures was completely different. Discussions there focused on offensive security touched on various aspects including legal concerns, requirements in skill sets, possible moral/ethical issues, and challenges in determining attribution. Sessions on cloud computing mentioned concerns on compliance and data protection, determining standards for cloud service provider partnerships, and managing risks, behavior, and organizational culture.
Some keynote sessions took a more contemplative note. Wikipedia’s Jimmy Wales shared the role of the Internet in democracy; former Secretary of State Condoleeza Rice noted that traditional ways of defending one’s self from an attack does not work especially with the current cybercrime landscape, the developments of the Internet and cloud computing.
Breaking down (big data) and building (one’s intelligence)
Among the themes highlighted during Arthur Coviello’s Big Data Redefines Security discourse was that big data is here and a big contributor is the increasing number of devices connecting to the Internet. However, information from big data can also be used by adversaries against individuals, organizations, or even nation-states. Organizations need to understand ow to act and not react to skewed information or FUD. This brought to mind the slew of APT campaigns discovered last year and how our researchers have called for organizations to begin focusing on threat intelligence and building a custom-defense strategy to deal with these threats.