RSA President Rohit Ghai, in the opening address to the RSA Conference, said great strides have been made since last year’s WannaCry destructive malware outbreak began. However, more threats are looming for IT systems. “WannaCry … was our wakeup call,” Ghai said. “We failed to patch a known vulnerability. … Since then, we have picked up our game with vulnerability risk management and patching IT and OT [operational technology] infrastructure.”
The RSA Conference is a series of information technology security conferences, held each year. Approximately 45,000 people attend each event. The most recent conference took place in San Francisco. For those unable to attend, live streaming and on-demand recordings were made available. For 2018, one of the keynote speakers was Zee Abdelnabi, who is a security researcher experienced in connected car security, SIEM, vulnerability management, threat modeling, security testing and mobile security.
Reviewing the output from the conference, Bank Info Security have selected five themes relating to cybersecurity that businesses need to be focusing on.
The first theme is that attempts to protect computer systems manually are not going to work and automation is key. Art Coviello, a partner at Rally Ventures, is quoted saying: “There are too many things happening – too much data, too many attackers, too much of an attack surface to defend – that without those automated capabilities that you get with artificial intelligence and machine learning, you don’t have a prayer of being able to defend yourself.”
Artificial intelligence for anti-malware
The major anti-malware players like Symantec, Trend Micro and McAfee now have so much data they can begin to implement artificial intelligence solutions to help protect businesses and out-smart viral attackers.
Another area where automation is a must is dealing with threat alerts and updates to systems. There are too many for a typical IT department to cope with. This means companies should explore AI-assisted responses.
Many software systems, whether development in-house or purchased externally, will inevitably contain bugs. For example, the Secunia Research team recorded 19,954 flaws in 2,000 products built by 200 vendors, from a 2017 review. These can be very serious, as with the 2017 Equifax breach. This means continually checking and staying on top of systems.
Making code more secure
With code, all too often security is an afterthought. This means that much code remains exploitable. This is a warning to developers to consider all vulnerabilities. There is also a need for improved tools that can prevent the software from having vulnerabilities in it.