In this article we discuss the top 3 must-see sessions from the RSA Global Conference 2020.
The HacWare team attended the 2020 RSA conference in San Francisco in February. This year's theme at RSAC was about the Human Element and understanding the success and challenges of human behavior and how it impacts information security.
As the founder of a tech startup that understands the challenges of human behavior on cybersecurity, I want to share my top 3 sessions from the RSA Global conference. These sessions allowed me to understand the threats to the global economy, see different theories about the human impact, and explore low cost, low technology ways to improve security.
Let's start with number 3!
3. You Can Stop Stupid
The session, "You Can Stop Stupid", led by Dr. Tracy Celaya Brown and Ira Winkler.
This session is ranked 3rd because it challenged me to think about the root cause, company norms, and putting in safeguards to address human behavior. The speakers start out the session stating that the security industry often blames the user for security problems and often refers to users as "Stupid".
Mr. Ira Winker believes that users are not stupid. You have to blame the environment that made the users appear stupid.
The speakers want us to reject the notion that users are "Stupid" and ask yourself the following questions:
- Do we hire people with a lack of common sense?
- If so, why are we putting them in a position of responsibility?
- If there is a lack of common sense then you have created common knowledge?
- Are you giving the training that we need to be successful?
- Or are we assuming that they will fail and what is the security team doing to ensure data loss prevention?
There were certain parts of the session that conflicted with HacWare's mission and values which created an internal debate. This session took me on an educational and emotional rollercoaster that I enjoyed. The speaker's thoughts on the Human Firewall or the last line of defense was interesting. I did not totally agree with their notions around that topic. But, I did agree with their final point that companies need a system in place to address user-inflicted loss.
The speakers Dr. Brown and Ira Winkler believe companies should have the following to protect their company from the human element:
- Anti-phishing/Anti-spam technology to filter out malicious emails and websites.
- Security Awareness tasks or technology to educate and motivate security behavior.
- Data leak prevention technology to prevent data from going out of the company network.
2. Prioritizing Top 20 on a Shoestring
The session "Prioritizing Top 20 on a Shoestring" presented by William Bailey. I ranked this session at 2 because of the practical information for any company to adopt. The session explained How to optimize which controls to implement when you are operating on a shoestring budget. William stated that you need to create a strategy for how you will allocate your limited budget. He believes that if you address the first 5 controls it will address 80% of the breaches that happen in 2017.
William Bailey wants companies to prioritize the following:
- Knowing what you have (devices, technologies, etc).
- Controlling Account management.
- Updating and following security policy.
- In software implementations, create standards and don't use the default.
1. Hacking Exposed: Global Threat Brief
The session "Hacking Exposed: Global Threat Brief" presented by the co-founder of CrowdStrike, Dmitri Alperovitch. This session was my top choice because the speaker did a great job of explaining the global threat landscape and how the geopolitical climate has impacted commercial brands.
Dmitri explained that in 2019 ransomware was at an all-time high due to the anonymity of cryptocurrency. Cryptocurrency based ransomware attacks are hard to identify the threat actor because of how hard it is to trace back to the owner of the account. The speaker went on to explain that the threat actors in the past were from China and Russia but according to this talk in 2019, the most common threat actors were from North Korea, Iran, and Vietnam. These threat actors are also targeting commercial brands to steal intellectual property and the majority of the attacks are spear-phishing attacks.
The most common ransomware from 2019 was called "Ryuk" and it targeted small businesses and school districts. Their research shows that ransomware payments are going up. According to Dmitri, "You don't have to pay the sticker price. You can negotiate a lower price. Your problems are not totally solved when you pay the ransom". He states that the decryption program to get your data back can be buggy or not fully tested and can corrupt the data.
Another moment for the session that I thought was important was on disaster recovery. Often times companies will have backup policies but do not test the recovery to ensure it will work and be timely during a disaster. This is essential to avoid paying a ransom.
Here are some disaster recovery tips for companies:
- Practice your disaster recovery techniques to see how if the restore will work
- Understand the time for a full recovery,
- Understand the business impact by cost to see if it is feasible to restore from a backup when the current system is compromised by a ransomware attack.
According to Dimitri, Here are the top 3 things that will impact cybersecurity in 2020:
- Insider source code manipulations and backdoors.
- More data breach laws and regulations are coming.
- Malware is going to move to the application level instead of the Kernal level. They will live in the memory of the browser, and messaging apps to collect intelligence.
I know RSAC can be overwhelming and can be an information overload. I wanted to share the top 3 sessions that stood out to me. I believe these sessions will allow you to prepare for today's threat actors and as well as tomorrow's. The tips provided are to be practical for any security team to implement. If your team needs to reduce phishing responses and improve security awareness efforts check out the HacWare security awareness technology. It will automate, adapt, and measure your companies security behavior.
Tiffany Ricks, Founder, and CEO at Hacware. HacWare measures risky behaviors and automates security awareness to combat business email compromised attacks. Hacware is backed by TechStars NYC and CyberNYC. Prior to starting HacWare, Tiffany has held a Department of Defense Secret Clearance, Security Plus Certified, and spent over 15 years in the software and cybersecurity industry.
Learn more about HacWare at www.hacware.com.