SAN FRANCISCO — Cyber security professionals had a lot to do last week as more than 26,000 of them gathered at the first RSA Conference since the start of the COVID-19 crisis.
After a 28-month hiatus, the conference once again brought together senior executives to discuss key issues in the cyber field, including the shortcomings of artificial intelligence (AI) in cyber defense and the need to join forces against ransomware cartels. .
Here are five takeaways from what Cybersecurity Dive heard in San Francisco.
1. Cybersecurity requires a collective front
Cybercriminals are often better organized and responsive than the companies they target. This calls for cohesive defensive action to counter the threat.
Every individual, business and government agency should be involved in defending cyberspace, National Cyber Director Chris Inglis said at the event.
Offenders are directing all of their resources and capabilities to launch cyber attacks. There is perhaps no better example of this than ransomware, which is “a syndicate operating against us,” Inglis said. “How can we respond with anything less? It takes a network to beat a network.”
Federal authorities will share very specific and timely information when they can. Often, however, the warnings are very general. The government is not hiding information in these cases, he said, it just has nothing more to say.
“Sometimes we can predict thunderstorms and not lightning,” Inglis said.
2. Attackers target human responses
Bad and probably worse days are ahead for all organizations.
Threat actors have done their homework, moving from poorly organized attacks to targeted campaigns at specific points of influence, Charles Henderson, head of IBM Security’s X-Force unit, said in an interview.
“The attacker has evolved beyond just targeting a system and is now targeting a human response on their victims based on leverage,” he said.
“As attack strategies go beyond digital strategy and into human nature strategy, I think it’s a complexity that I’m not sure the industry is ready to address.”
With those dynamics in play, cybersecurity must go beyond information security strategies and become part of the overall business strategy, Henderson said.
“We’re going to have real-world repercussions,” he said. When gas stations, health providers and the price of basic products are affected by cyber attacks, that is a “kinetic effect of a digital problem”.
3. Organizations have 24 hours, if they are lucky
Organizations are facing a constant exponential increase in the demands of cyberattacks, threats, and ransomware.
“Ransomware attackers continue to get technically better,” Jen Miller-Osborn, deputy director of threat intelligence at Palo Alto Networks Unit 42, said in an interview.
Malware is advancing and some of the most aggressive and savvy ransomware groups are quickly launching zero-day attacks before developers can patch or fix a flaw.
“You’re getting to the point where you’re lucky if you have 24 hours before there’s widespread exploitation,” he said.
A similar race is now underway with respect to some advanced persistent threat campaigns because attackers are exploiting these same vulnerabilities at a similar rate, according to Miller-Osborn.
“From a patching perspective, from a business perspective, that’s practically impossible,” he said. “At that point, you have to look at other defenses in layers.”
4. AI is still largely theoretical
Human expertise will always play an irreplaceable role in cyber defense, but it is not enough to thwart the pace and scale of attacks. “We, as a community of defenders, need to move our industry from human-speed defense to machine-speed defense,” Vasu Jakkal, corporate vice president of Microsoft, said on stage.
This is where AI comes in, the longstanding but seemingly stuck source of hope.
“There has been a lot of hype about AI and it has tired some of us. And it’s true, despite all that hype to date, there are relatively few use cases that are clear, precise, and attributable to AI, Jakkal said.
“But without AI, we just can’t scale our defenses to keep pace with attacks. To fight this asymmetric warfare, and it’s quite asymmetric, we have to use AI,” he said.
AI works well in some security tasks today. It’s particularly good at detection and making split-second decisions, such as determining whether an email or file might be malicious, according to Jakkal.
But to deliver on its promise, AI must operate across domains to predict, detect, block, and respond to attacks in real time. It should also, he said, understand the full scope of an attack while the attack is underway.
Jakkal claims that this leap will be achieved in the next two years. Will it be enough and will it still be relevant by then?
5. Cybercrime is expected to reach $10.5 trillion by 2025
Cybercrime pays. Big moment. It is projected to reach $10.5 trillion by 2025, Forcepoint CEO Manny Rivelo said on stage.
“If you compare this to a gross domestic product, it would be the third largest economy in the world behind the United States and China. So it’s a good business to hack. It’s not going to go away,” he said.
And what has the industry done in response? “We’ve given them a three- or four-letter alphabet soup of acronyms,” Rivelo said.
For starters, EDR, IAM, MDR, MFA, NGFW, SASE, SIEM, SSE, XDR, and ZTNA come to mind. It’s enough to make most people desperate.
“The world has become too, too complex,” Rivelo said. “We need to correct this.”