View from the Airport: RSA Conference 2017
Brace yourselves for the cyberpocalypse... or not
Hackers are real and they're going to kill you - apparently.
How are they going to kill you? Well, the possibilities are endless they could take down your entire country's critical infrastructure with malware. They could take control of connected cars and turn them into missiles. If you're in hospital, they could maybe turn of your dialysis machine or life support. Maybe they could explode entire city blocks (in some ill-defined way).
That we should all be very afraid was very much the message delivered in the first 20 minutes of the opening session of RSA Conference 2017. If you weren't familiar with the sales tactics of the information security industry, you may well have fled the auditorium to dig a bunker.
Underneath the hyperbole, though, there were some solid themes and grounded, realistic arguments.
As expected, IoT security and ransomware were flagship topics of conversation. Unsecured IoT devices were recruited into a massive botnet last year Mirai and it would have been remiss not to talk about that.
Similarly, ransomware is on the rise, thanks to its low-risk, high-reward nature and it was refreshing to hear people openly discussing the fact that, actually, sometimes it's easier and even cheaper for businesses to pay the ransom than not, even if they have other options. Negotiation is as valid an option (for businesses at least) as any other.
I was also pleasantly surprised to see the issue of nation state hacking tackled head-on. While this has been discussed before in more nebulous terms, normally in relation to alleged IP theft by China or ad-hoc attacks by North Korea, to hear Russia repeatedly called out for undermining the US democratic process was new.
Of course, the scenario is new in the US at least but with domestic political tensions as heightened as they are I suspected that speakers would be more circumspect in their allegations. Not so even chairman of the House Homeland Security Committee in the US spoke openly about it.
Aside from the keynotes and big ideas, I also managed to catch a bit of time on the show floor and fringes chatting to vendors and others in the community about the lay of the land within the industry right now.
What I heard, as I heard last year, was a lot of disgruntlement. In 2016 I was told of a coming "shakedown" to counter companies effectively just taking the Virus Total database and selling it on to customers. Apparently this has happened, but a number of vendors are still not happy.
The object of their ire now is something that was bubbling under last year too: decades-old tech being positioned as cutting edge. A true problem or jealousy amid vendors? Maybe a bit of both, but the impartial observers I spoke to seemed to lean towards this indeed being a problem of some significance.
So what can IT professionals and businesses take away from all of this? Well, despite the cataclysmic tone the security industry adopts for every new hack, there's actually a lot of hope.
Organisations mustn't be defeatist about their security operations preparing for the eventuality of a breach doesn't mean accepting it's inevitable - and businesses must still erect strong cyber security defences. But they must also be realistic: any cyber incident plan must incorporate both line of business and IT departments (or, at least, managers), with buy-in among all. And if there's a ransomware incident, make sure you know who will make the decision to pay or not. Trying to work that out on the day is not a good plan.
Finally, quantum computing and (more immediately) blockchain look like they will be able to offer new and more rigorous forms of secure data transfer and storage than the binary-based cryptographic systems we use now.
Security is a fast-moving sector and there's a lot to be excited about. But let's all calm down about the cyberpocalypse, for now at least.
Image credit: IT Pro/Jane McCallion
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now