author photo
By SecureWorld News Team
Tue | Feb 21, 2017 | 2:58 PM PST

Cyber Vegas.

That's what this year's RSA Conference, held annually in San Francisco, felt like—with towering two-story booths, a hardware smashing station, virtual reality simulations, and even a Spandex-clad aerialist twirling around a suspended ring next to a vendor's product demonstration.

A record-breaking 43,000 exhibitors, practitioners, and professionals gathered in the Moscone Center from February 13-17 for the 26th annual RSAC, which included a session from astrophysicist Dr. Neil deGrasse Tyson.

RSAC creates a space for cybersecurity professionals to discuss the current threatscape and developments in combating those threats. Based on our own conversations, here are some of the things we can expect to see at the forefront of 2017.

Security fatigue is upon us

"Any time we ask the users to do more, it's a recipe for failure," said Jeff Kukowski, CEO at SecureAuth. "You can have better security and require less of users."  

He explained that the misuse of stolen credentials is one of the most common attack vectors, and that just adding a second authentication factor isn't enough. 

"Usability and security are absolutely tied together. If it's not usable, your users find a way around it. They get upset, they get angry, they tunnel, they do whatever they can to try and make it better and faster," said Bil Harmer, Strategist, Office of the CISO, at Zscaler

To maintain a healthy identity and access management program that isn't asking too much of users, risk factors need to be identified before you let someone onto your network. 

IoT DDoS attacks reign supreme

Security professionals at RSAC all seemed to agree that we haven't seen the end of IoT DDoS attacks, and that they are going to continue to get worse. We've already seen variations of the Mirai botnet, which took down major sites with record-breaking amounts of traffic. 

"The human factor is still an issue more than anything else," said Marie Hattar, Chief Marketing Officer at Ixia.

On the manufacturing side, security falls short as connectivity pushes its way forward. But on the user side, there's a lack of security awareness and hygiene. 

However, it isn't just the threat itself that's leaving practitioners scrambling to come up with innovative solutions. 

"It's the impact of the malware that you're worried about, not the malware itself," explained Peter Martini, President and Co-Founder of iboss Cybersecurity

Should your IoT device become infected with malware, it's not the code itself that's making it malicious. It's when your device is then used to take down sites like Twitter or CNN that it becomes a problem. 

"Instead of looking at the mouse, we're looking at the cheese," said Martini. 

Privacy feeds into more than you think

Another hot topic at this year's RSAC was the new GDPR regulations coming into effect in May of 2018. These are a set of data protection laws that apply to all companies processing data on any European Union citizen, which include severe penalties of up to 4% of total worldwide revenue. 

These regulations also include a strict data protection compliance regime, mandatory reporting for data breaches, and increased scrutiny into how businesses conduct themselves. And if you're an American company that sells a product globally, this means you too.

"Just because you're compliant, doesn't mean you have good security," said Kevin Flynn, Director of Worldwide Product Marketing for Skybox Security.

He recommended appointing a data protection officer, assessing your current compliance, reviewing and updating current privacy policies, and establishing an ongoing and automated policy compliance check.

Comments