When’s the Next Apocalypse? RSA 2013 Conference Trends

RSA is like the Hogwarts of Security, the annual reunion for cyber jedi masters or the secret fight club for private security companies, governmental agencies and international organizations. We’ve got

RSA is like the Hogwarts of Security, the annual reunion for cyber jedi masters or the secret fight club for private security companies, governmental agencies and international organizations. We’ve got an exclusive pass to all of the sessions and sideline discussions. Here is what this year’s buzz is all about with everything you need to know about RSA 2013:

rsa2013_sandbox

1) We (as a planet) are in deep s%$t cyber-security wise
The reasons are very simple – the internet was designed and built without any security-concerns in mind. Additionally, the most common trend pointed out by almost all the attendants – attackers are getting organized as if they were banks or special task forces. Seriously, cybercriminals are not crazy cowboys with keyboards fighting for freedom of information anymore. They are businesses based around data and money stealing with structures, business planning, HR’s, CEO’s, CTO’s, Margins, and ROI’s. Cybercrime has become an industry, similar to drug cartels or shadow weapons shipments, and in order to fight it we need to be strong and organized.

2) Most security companies are “too big to be good”
New types of threats are born everyday. When you are a big company with 50k employees, you are bad at pivoting the curves – by the time you start a new business process fighting a new threat – the ecosystem changes and your efforts have become obsolete. This is why security-wise this is the time of Kaspersky-type players – those who are very fit, effective and dynamic with the best research expertise. Not to brag about it, but those are the words of market players, not ours.

3) There is a great need to teach people about the seriousness of threats
It’s not about IP’s, firewalls, ports and protocols anymore. Yes, protections such as building secure perimeters and adding corporate policies and certificates are great, but they are starting to become rather useless. Almost all of us have our own devices – smartphones, tablets and laptops – and WE USE THEM everyday for both private and corporate tasks. Additionally, people use social media accounts and cloud services (like dropbox) that cannot be controlled by any CIO or corporate policy. That’s why today is a true paradise for attackers and concerns have largely increased for security companies. In order to fight the threats efficiently, we have to work with social engineering, device management and virtualization.

4) Personal defence is the key to corporate defense
Funny story, sometimes the private security of a common user which he has been using on his personal devices is better than any corporate solutions.

Today is a true paradise for attackers and concerns have largely increased for security companies. In order to fight the threats efficiently, we have to work with social engineering, device management and virtualization.

5) Petabytes of free data are out there
Social media and open analytics (such as traffic data) are available to attackers.  It is insanely easy to gather information about a person or a business and build effective scam themes to penetrate corporate security perimeters just by using the human factor.

6) Attackers do not need permission
We do. Legislation has to be changed to give private security companies a chance to contribute to law enforcement organizations globally such as Interpol.

7) 30% of all new malware submissions are mobile
How can you fight mobile malware if people and manufacturers of the phones do not let security companies’ installing agents access to the hardware? Another major pain is patch management – Android is the most vulnerable mobile OS because manufacturers of these smartphones are not in charge of creating and delivering new OS updates to users.

8) There is a tremendous lack of security awareness with general audiences and everybody is interested in cutting this lag
So, when we are telling you that we are using this blog to save the world – it’s not a metaphor – it’s kind of true.

9) Microsoft’s keynote speech was very optimistic
It proves how bad the reality is. But to their benefit – it was a really positive speech with good insights. They see the solution in promoting international cooperation in terms of legislation and regulations as well as developing software and hardware solutions.

10) Dark side of the moon – espionage
Yes, security does bother everybody. Bu there are governments, militaries, intelligence services and global law enforcement agencies that need to do their jobs – sometimes (and by that I mean everyday) it involves espionage. This means that the goals of a country sometimes conflict with global goals in fighting cyber-warfare. Governments are spying on each other – they were, they are and would do their best to gather information, steal secrets and get ready to attack/defend against any threat, including cyber-types. It makes all negotiations very complicated.

But here is a good adrenaline shot so you don’t feel that we are doomed forever:

1) There are a lot of good security startups out there (stay tuned for updates – we’ll post detailed info on the best of those soon).
2) The security industry is very aware of what is going on and even the bitter rivals do their best to communicate with each other and make this world a safer place.
3) Governments have started to get a clue about what is happening. Everyone at RSA 2013 is talking a lot about Obama’s executive act – in a good way.
4) Kaspersky Lab’s vision and technologies rock. If you’re using our products – you are in good hands, folks – as we are on the frontline of this war and not a single byte escapes our attention.

Tips