This post is also available in: 日本語 (Japanese)
Once again, it has been my privilege to help review submissions for the RSA Conference 2021, specifically for the hackers and threats stream. While this year has been tough for so many people in so many ways, I’m glad many cybersecurity experts still found the time to submit proposals to be speakers. With more than 260 submissions, we had to whittle down to only 18 speaking slots. I always consider this process as a great lens on what cybersecurity experts see as front and centre of their focus for the next 12 months. I’m delighted to share the key trends that came from this year's selections (in no specific order).
- Ransomware Attacks: There’s little surprise that there continues to be lots of focus on ransomware. We have seen the attacks becoming more sophisticated and targeted. Often, these attacks are now carrying multiple payloads, such as ransoming data access, but also either reselling the data or extorting further funds under threat of posting non-public data in the public domain. And, while some ransomware is still focused on random victims, specific industries have become far more targeted. The healthcare industry has certainly seen the pain from this, along with all the other challenges they face. It was great to see a submission about cybersecurity experts volunteering to help compromised medical organisations. Let's hope that's a trend that catches on globally.
- Vulnerability Management: There were a number of submissions this year focusing on the vulnerability scoring methodologies. Most claim to provide a more real world insight on the utilisations and risks from new vulnerabilities than the traditional Common Vulnerability Scoring System (CVSS) methodology. They all had their own new four-letter acronym. In this category there was also the flip side of the lens – how to fix the source: I saw many sessions proposed that would address how we build better coding best practices.
- Threat Actors Leveraging Current Events: Social engineering will only ever evolve from the cybercriminal’s perspective. There were submissions tied to how cyberattackers leveraged COVID, as of course there were sessions about how cyberattacks both look to impact U.S. elections and compromise people based on the topic.
- Free Tools and Resources: I’m always very proud of those people who are offering free tools and resources. For example how to analyse logs using open source tools, or tools that allow you to unpack files or memory. These both empower many to do new creative things as well as those who maybe don’t have access to commercial tools. My only reservation is that too many of these tools can end up being a very labour intensive process for a security team to leverage.
- Evolutions: I’m always amazed at the innovation that technology empowers. We had submissions around biohacking, for example. This involves embedding technology into your body and then using it to gain access to other systems. We also had submissions around how you can pick up soundwaves from a lightbulb, how Bluetooth low energy (BLE) beacons can be misused, and there were also Internet of Things (IoT) and smart energy grid submissions. All of this highlights that we are connecting more “things” of all varieties to networks – and adversaries are looking at how to subvert these things to gain access, conduct cybercrime and succeed at other nefarious purposes.
- Security Operations Center (SOC) Fatigue: Every year we have sessions on how to use new tools and processes, or more simply how to become an SOC analyst. This year we will see sessions on managing the issues of information overload and operational efficiencies as SOC Fatigue has become an all-too-common issue.
- Artificial Intelligence (AI), Machine Learning (ML) and Data Science Tools: AI seemed to be the buzzword in previous years with lots of focus on the value it can offer, but also on how threat actors are looking to misuse it. The volume of submissions on the topic has significantly dropped this year. I suspect as the AI hype clears, we will get used to the growing realities of its utilisation in cybersecurity. However the interesting addition for me this year was papers around the misuse of broader data science tools by adversaries. As we have seen all too often, adversaries look to take their knowledge and skills to leverage them in adjacent technology spaces.
There were obviously many other unique topics and ideas submitted. As we prepare for RSA I hope this gives some food for thought on where the adversaries may look to target; more critically, it gives us some idea of the areas we should all be investigating in terms of our own cybersecurity strategies if we are to ensure resiliency and business continuity in the coming months.
Watch for Palo Alto Networks cybersecurity experts participating in RSA Conference 2021. Among them? Greg Day, vice president and CSO, EMEA, Palo Alto Networks, will live host the Hackers and Threats stream lounge on May 18. On May 19, Tim Junio, senior vice president, Cortex, Palo Alto Networks, will give a keynote called, “The Internet Is Small: Own Your Attack Surface Before Somebody Else.”
This post is an updated version of a blog previously published on the RSA Conference website.