View from the Airport: RSA Conference 2017

Brace yourselves for the cyberpocalypse... or not

Hackers are real and they're going to kill you - apparently.

How are they going to kill you? Well, the possibilities are endless they could take down your entire country's critical infrastructure with malware. They could take control of connected cars and turn them into missiles. If you're in hospital, they could maybe turn of your dialysis machine or life support. Maybe they could explode entire city blocks (in some ill-defined way).

That we should all be very afraid was very much the message delivered in the first 20 minutes of the opening session of RSA Conference 2017. If you weren't familiar with the sales tactics of the information security industry, you may well have fled the auditorium to dig a bunker.

Underneath the hyperbole, though, there were some solid themes and grounded, realistic arguments.

Advertisement
Advertisement - Article continues below

As expected, IoT security and ransomware were flagship topics of conversation. Unsecured IoT devices were recruited into a massive botnet last year Mirai and it would have been remiss not to talk about that.

Similarly, ransomware is on the rise, thanks to its low-risk, high-reward nature and it was refreshing to hear people openly discussing the fact that, actually, sometimes it's easier and even cheaper for businesses to pay the ransom than not, even if they have other options. Negotiation is as valid an option (for businesses at least) as any other.

I was also pleasantly surprised to see the issue of nation state hacking tackled head-on. While this has been discussed before in more nebulous terms, normally in relation to alleged IP theft by China or ad-hoc attacks by North Korea, to hear Russia repeatedly called out for undermining the US democratic process was new.

Of course, the scenario is new in the US at least but with domestic political tensions as heightened as they are I suspected that speakers would be more circumspect in their allegations. Not so even chairman of the House Homeland Security Committee in the US spoke openly about it.

Aside from the keynotes and big ideas, I also managed to catch a bit of time on the show floor and fringes chatting to vendors and others in the community about the lay of the land within the industry right now.

What I heard, as I heard last year, was a lot of disgruntlement. In 2016 I was told of a coming "shakedown" to counter companies effectively just taking the Virus Total database and selling it on to customers. Apparently this has happened, but a number of vendors are still not happy.

The object of their ire now is something that was bubbling under last year too: decades-old tech being positioned as cutting edge. A true problem or jealousy amid vendors? Maybe a bit of both, but the impartial observers I spoke to seemed to lean towards this indeed being a problem of some significance.

So what can IT professionals and businesses take away from all of this? Well, despite the cataclysmic tone the security industry adopts for every new hack, there's actually a lot of hope.

Organisations mustn't be defeatist about their security operations preparing for the eventuality of a breach doesn't mean accepting it's inevitable - and businesses must still erect strong cyber security defences. But they must also be realistic: any cyber incident plan must incorporate both line of business and IT departments (or, at least, managers), with buy-in among all. And if there's a ransomware incident, make sure you know who will make the decision to pay or not. Trying to work that out on the day is not a good plan.

Finally, quantum computing and (more immediately) blockchain look like they will be able to offer new and more rigorous forms of secure data transfer and storage than the binary-based cryptographic systems we use now.

Advertisement
Advertisement - Article continues below

Security is a fast-moving sector and there's a lot to be excited about. But let's all calm down about the cyberpocalypse, for now at least.

Image credit: IT Pro/Jane McCallion

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/cloud/amazon-web-services-aws/354223/what-to-expect-from-aws-reinvent-2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019
Visit/hardware/354232/raspberry-pi-4-owners-complain-of-broken-wi-fi-when-using-hdmi
Hardware

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019
Visit/mobile/google-android/354189/samsung-galaxy-a90-5g-review-simply-the-best-value-5g-phone
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019