RSA Lessons learned

I’m compiling my summary of lessons from RSA 2016 and every year it seems the fear mongering gets stronger. It’s hard to say if the fear is in fact correlated with real data but one thing is for sure: Every time a company gets hacked and makes the headlines, every CISO’s heart skips a few beats.

So here’s my RSA list of notable events:

• Internet of Things – Engineers building products without putting forethought into security. Will likely create huge problem.
• Paradigm shift from Prevention to Response – Breaches will happen and it is a matter of when. Defenses should now focus on:

a) making it difficult to access the data so when a breach occurs the attackers can access nothing.

b) when a breach occurs your responders are containing the incident quickly and effectively so the risk of data loss is low.

• Encryption – Apple vs FBI… Consensus from industry is that encryption is a tool,  like a screwdriver, it can be used for good but can also be used in a malicious way. Encryption must continue to develop without government intervention (Rivest)
• Cyber-Hunters – Let your security teams hunt. Too long have security teams been held back from searching out and finding the threats or even going on the offensive to nullify those threats before an imminent attack. Going on the offensive is still a grey area, it is being heavily discussed.
• Better Threat Intelligence and sharing – Threat Intelligence is a big data problem and will continue to be a big data problem if it cannot be sanitized for easy consumption. There isn’t a holygrail solution yet but the industry is aware of the complicated nature of good Threat Intelligence. Threat sharing needs to also get better. Companies are defending in silos and that needs to stop.
• AI or machine-learned response platforms – There is a push to get AI involved in the detection and response of attacks. A number of promising early technologies have emerged but it is still very much in its infancy.
• Engaging youth to fill cybersecurity skills gap – There is going to be a huge skills gap with over a 1M unfilled cybersecurity jobs by 2020. We need more ways to engage today’s youth to get them interested in cybersecurity.