On Feb 13th, 2017, over 40,000 people descended on San Francisco for one of the largest security conferences in the world: RSA Conference 2017. The Linoma Software [now HelpSystems] team was among those attendees, speaking with IT professionals interested in finding a top-rated managed file transfer solution at our expo booth, and sitting in on world-class educational sessions throughout the week. Below you’ll find an overview of some of our favorite sessions, as well as social highlights from the conference.
The Seven Most Dangerous New Attack Techniques,
and What's Coming Next
This was one of the most interesting sessions we attended of the conference. Three security experts (Ed Skoudis, Michael Assante and Dr. Johannes Ullrich) discussed the types of cyber attacks that are increasing in popularity among the cyber “bad guys”. Among their discussions, two important points stood out to us.
1. Attackers are broadening their targets
Attackers are not just looking for PII now. They are interested in other information that could be used for exploitation. Embarrassing information, extortion malware, power grid attacks and background check data are a few examples. “It’s not all about PII. If your organization does not store personally identifiable information, that doesn’t mean you’re not a target. In fact, you’re a target more than ever,” explained panelist Ed Skoudis in the presentation.
2. IOS attacks are projected to increase
Over the past few years, attackers have pivoted their strategy to focus more on mobile devices, specifically Android and IOS. Both Google and Apple are frequently deploying software updates that patch newly discovered vulnerabilities, but sometimes implementation of these patches can take weeks or even months. The best course of action for users is to ensure they’re updating their mobile operating system often, to take advantage of newly released security measures.
I encourage you to watch the full session below.
Planning for Chaos
There are complex cybersecurity challenges on the horizon, and the best step any organization can take is to learn how to plan for that chaos. Dr. Zulfikar Ramzan, Chief Technology Officer at RSA, walked the audience through the required steps for planning for this unknown future, and mitigating risk along the way.
In his session, he discussed the importance of a tangible and realistic incident response plan.
“An incident response plan isn’t a wishlist,” explained Ramzan. “Only leverage available resources.” He stressed the message that for an incident response plan to be successful, it requires the availability of resources, budget and collaboration between IT, finance, sales, marketing and others.
To watch the full session, play the video below:
What’s Next in Cybersecurity
An important aspect of security software development is addressing current and upcoming policies and compliance requirements. In this session, cybersecurity officials discussed the findings of a year-long effort in Washington and Silicon Valley to identify new cybersecurity policies for the administration. Below are just a few of the discussions taking place in the cyber-policy realm:
- Cloud implementation and shared services: Implemented services in the cloud, in a secure way
- More focus on NIST framework: Aimed at helping organizations align security, IT and business needs
- Better reporting of cyber attacks and cyber breaches: Developing a safe way of reporting incidents that protect anonymity while helping us understand the details and learn from the incidents
- Accelerating the security workforce: Discussing both short and long term solutions to build our US workforce of security professionals
You can listen to the full session in the video below.
Top Tweets of the Conference
The hashtag used on Twitter during the 2017 RSA conference was #RSAC2017. This hashtag was used to share motivational speaker quotes, shocking statistics, cybersecurity resources and conference happenings. Of these tweets, several rose above the rest, receiving hundreds of retweets and favorites. Here are a few tweets that your fellow security professionals found to be most intriguing.
Did you miss a session you were hoping to catch?
Have no fear, RSA has collected a wide range of presentations from the 2017 RSA Conference. They can be found here.
We’re curious to hear from you! What was your favorite session or experience at this year’s RSA conference? Comment below.