Ideas fresh off the wire

Post-RSA 2015: The Evolving Security Landscape

“Let’s do things differently; let’s think differently; let’s act differently. Because what the security industry has been doing has not worked.” – RSA President Amit Yoran

The overall consensus and call to action at this year’s conference is the security industry needs to change – as threats become increasingly more sophisticated, we’re racing to evolve faster than the hackers and we are continuing to fall behind in the arms race.

Last year saw a 25 percent increase in high-profile, over-hyped data breaches, but who’s held accountable? Conversations at RSA this year centered around the increased need for board-level discussions and how CISOs can adopt a business mindset; the scary potential of vulnerable connected devices; debates about how threat intelligence should be free; the governments increased involvement and the Department of Homeland Security setting up shop in Silicon Valley, and more.

Highwire’s Security Practice was on site this year taking it all in, supporting clients, attending sessions, networking and throwing a killer happy hour. See the team’s highlights here:

Christine McKeown Elswick, vice president
The overarching message in Amit Yoran’s keynote was a significant moment for the industry. He said,”We are losing this contest. The adversaries are out-maneuvering the industry, out-gunning the industry, and winning by every measure.” This was echoed by the New York Times, Nicole Perlroth in a private panel session on Wednesday who said that we can’t build walls high enough to keep out the hackers, and with traditional AV software not working, something must be done to close the gaps that hackers continue to exploit. It will be fascinating to watch as the arms race continues. Startups like Cylance, a next-generation AV company, are making huge strides in this race against threat actors. They recently blocked 99 percent of all threats in live demonstrations across the United States using real malware to test its new technology against old school AV software.

Bill Bode, account director
RSA is changing. For the first time I can remember, some of the most intriguing security startups in the space- Synack, Tanium, vArmour- opted not to have a booth, instead relying on throwing amazing parties, packing in customer/prospect schedules to the brim and networking events featuring prominent journalists to get the most out of their week in San Francisco. If you look at most of the keynotes from this year, you’ll see a laundry list of outdated legacy players talking about old world problems, but one talk did stand out in particular to me, from RSA President Amit Yoran (referenced above). Above all else, his call for vendor accountability is one that could turn the security world on its head. It’ll be a long road ahead to get to a point of true accountability, but it begs the question- once it’s here, will the constant noise die down? Will we get industry-wide agreement on the “best vendors” when we know which solutions just aren’t making the cut?

Mariah Robertson, account associate
RSA is such a great forum to discuss problems, showcase ideas and share solutions. My favorite part of RSA was seeing how different companies are addressing the biggest pain points in security. For example, at the Trustwave booth, security researcher Garrett Picchioni showed us the most commonly used and easily crackable passwords and demonstrated how quickly criminals could hack into a company’s system and steal passwords: it’s just a matter of seconds. We learned that longer passwords are always tougher to crack, and that “Thisismypasswordnoreallyitis” is a much better password than even a short random string of numbers or words such as “Spring2015” or even “A2qR!” Knowing that weak passwords are the leading cause of data breaches, I recommend everyone change theirs on a regular basis!

Isaac Steinmetz, account associate
This year was my third RSA, but ended up being the first time I was able to see a client present (those pesky “Explorer Expo” passes lock you out of a lot of sessions!). I got to see Veracode’s co-founder Chris Wysopal address a crowded four-sided box in the middle of the expo floor. Before he started speaking I worried that the session wouldn’t attract much attention since it was barely separated from the sea of booths in the hall, but surely enough the box was packed standing room only and Chris’ presentation moved forward with a full audience. It’s always great to see a client’s expertise and respect from his peers so clearly validated at events like this!

Alexi Foster, account associateIMG_2907
The highlight of RSA for me this year was the closing keynote, an interview with Alec Baldwin and Hugh Thompson, RSA’s program chair. They spoke about the cultural implications of a hack, mentioning the Sony hack in particular. It was interesting to hear Baldwin discuss how the Sony hack hurt the entertainment business through more than just preventing box office sales. Now, Hollywood producers might feel afraid to create controversial movies because they fear that those on the opposing side could use “evil forces” on them out of spite. And this idea stretches beyond the entertainment industry- anyone who knows how to hack has the ability to hinder another’s individual expression and creativity through a few lines of malicious code. It’s a scary thought.

Interested in learning more about Highwire PR’s security practice? Email Hi@HighwirePR.com to learn more! See you at RSA 2016.