Key takeaways from RSA Conference 2018

Nine takeaways from the RSA Conference 2018 can give business leaders some perspective on how to think about the latest threats and information security trends. I attended the conference in April, along with more than 42,000 corporate security executives and practitioners, tech vendors, consultants, researchers and law enforcement experts.

In my many conversations, over way too much coffee, these nine topics below kept coming up. Consider these as real-world takeaways from the field:

1. Ransomware presents a real threat to operations

The RSA Conference took place shortly after a big ransomware event shut down some of Atlanta’s online services. The general consensus from practitioners at RSA was that such an attack could happen to any municipality, large or small, and the more that government services are interconnected, the greater the likelihood that a breach in one part of an organization could spill over and affect other systems. Thus, IT must be eternally vigilant to ensure that systems are patched and anti-malware measures are up to date to prevent a breach from spreading horizontally through the organization.

2. Spearphishing is getting more sophisticated

One would think that a CFO would know better than to respond to a midnight email from the CEO saying, “Please wire a million dollars to this overseas account immediately.” One would think that employees would know not to respond to requests from their IT department for a “password audit” and apply their login credentials. Yet those types of scenarios are happening with alarming frequencies—enough that when asked what they lose sleep over, many practitioners responded by saying “spearphishing” right after they said “ransomware.”

Spearphishing works because it arrives via carefully written emails. It is sometimes customized to a company or even a person’s role, and capable at times of evading spam filters and other email security software. Spearphishing tricks consumers into logging into fake banking websites, and it tricks employees into giving away money or revealing credentials.

Continuous employee training is the most common solution offered. Another option: strong monitoring that can use machine learning to learn what “normal” is and flag out-of-the-norm behaviors or data access by a person or system.

3. Cryptomining is a growing concern

Cryptomining occurs when hackers manage to install software onto enterprise computers that surreptitiously use processor and memory resources to mine cryptocurrencies. Unlike many other types of malware, cryptomining doesn’t try to disrupt operations or steal data. Instead, the malware wants to stay hidden, invisibly making money (literally) for the hacker for days, weeks, months or years. Again, effective system monitoring could help raise a flag when a company’s computing resources are being abused this way.

Interestingly, while many at RSA were talking about cryptomining, none of the people I talked to had experienced it first-hand. And while everyone agreed that such malware should be blocked, detected and eradicated, some treated cryptomining as a nuisance that is lower in security priority than other threats, like ransomware, spearphishing or other attacks that would steal corporate data.

What about 4-9?

Read the entire list, including thoughts about insider threats and the split between presentation and detection, in my essay for the Wall Street Journal, “9 Practical Takeaways From a Huge Data Security Conference.