Every year, the RSA Conference provides an opportunity to attend a few keynotes and get together with friends, old and new, to discuss trends we’re seeing in the market. While a big theme on the expo floor this year was Zero Trust, there were three topics that I found unavoidable during the conference and weren’t accompanied by a vendor pitch.
Conversations about the impact of geopolitical threats on cybersecurity are nothing new. On the keynote stage, experts from US federal agencies such as the Department of Homeland Security, the FBI, and the National Security Agency (NSA) were openly concerned with the ability of hackers linked to countries like China, Russia, Iran, and North Korea to steal intellectual property and launch dramatic cyberattacks against public and private enterprises for political, military, and economic gain. The ongoing trade war has seen an increase in hostilities between the US and China, and recently, even as talks were ongoing in Hanoi between the US and North Korea, hacking groups linked to North Korea were suspected of targeting 150 US public sector and private sector businesses. As an analyst, I hear a lot of fear mongering around nation-state attackers, but you need to recognize how they fit into your threat model.
Fortunately, in addition to the threats posed by geopolitical conflicts, the RSA Conference also showed us how cybersecurity solutions can sprout from nation-state actors. During the event, the NSA gave its first public demo of Ghidra and open sourced its purpose-built reverse-engineering software. Historically, access to reverse engineering tools such as IDA Pro would have cost several thousand dollars, increasing the barrier of entry for would-be security professionals. Ghidra, however, is the first professional-grade piece of software of its kind that has been released to the public for free and open source. By lowering the bar of entry, the NSA has made a significant push to address the cybersecurity skills gap, both within its own organization and the tech industry at large.
Another interesting trend that found its way into a lot of conversations I was having revolved around a marked increase in organizations that are opting to pay ransoms, and in some cases, cyberinsurance companies are making the call themselves to limit their own exposure. In situations where an organization doesn’t have the ability to restore from backups, conversations about whether or not you should be negotiating with terrorists takes a back seat to the understanding that you’re beholden to the business and its key stakeholders; but we must recognize that we are creating a market for ransomware and need to build a strategy to address this problem. I will be publishing a guide for how to go about paying a ransom in the coming months, but to understand why ransomware is such a problem, I encourage you to read my recent report, “Ransomware Is A Business Continuity Issue,” for a broader account of why businesses are struggling to recover from this type of attack.
(written with Benjamin Corey, research associate)