Cybercrime , Cyberwarfare / Nation-State Attacks , Endpoint Security
Life After WannaCry's Wake-Up Call: What's Next?
RSA Conference Keynoters Recap Last Year's 'Cyber-Geddon' Before Looking to FutureAt the opening of the 2018 RSA Conference in San Francisco on Tuesday, executives from RSA, Microsoft and McAfee offered an update on the state of cybersecurity, focusing on WannaCry. They called for the industry to work more closely together to protect not just individuals but also society.
See Also: 2024 Threat Hunting Report: Insights to Outsmart Modern Adversaries
RSA President Rohit Ghai said great strides have been made since last May, when the WannaCry destructive malware outbreak began.
"WannaCry ... was our wakeup call," he told conference attendees in an opening keynote presentation. "We failed to patch a known vulnerability. ... Since then, we have picked up our game with vulnerability risk management and patching IT and OT [operational technology] infrastructure."
At the same time, however, the repercussions for information security failure continue to mount. "Cyber incidents now put everyone's career at stake, from the chairperson of the board to the CEO on down," Ghai said.
Breaches of Trust
Furthermore, professionals must be more mindful not just of the need to stop breaches inside their organizations, but understanding collective risk that failures pose to society, Ghai said.
One example: The recent accident involving an Uber autonomous vehicle, which he says has shaken people's faith not just in such vehicles but also artificial intelligence.
Every technology sector faces such risks. "We all have our Cambridge Analyticas. And after watching Mr. Zuckerberg, I don't think any of us is eager to testify before Congress," Ghai said, referring to the Facebook privacy controversy. "There is a very, very fine line between tech love and tech lash, and it takes a lifetime to build tech trust, and only a moment to lose it."
Thankfully, there are some silver linings, Ghai said. Drawing from some of the world's most successful cycling, basketball and rowing teams - including the 1964-65 Boston Celtics basketball team and the U.K.'s Team Sky 2012 Tour de France cycling team - Ghai offered examples of groups that triumphed by making small changes, doubling down on what works, as well as triumphing thanks to teamwork.
In addition, laws in the United States continue to improve and help information security professionals to better defend their firms, Ghai said, pointing in particular to the Clarifying Lawful Overseas Use of Data Act, which has attempted to update the country's data privacy laws and government surveillance protocols for the modern age. "The CLOUD Act, recently passed here in the United States, offers a great framework for protecting data privacy while enabling the public sector to fight cross-border terrorism," he said.
Making Technology Good for Society
Microsoft President Brad Smith, also speaking in an opening RSA keynote speech on Tuesday, likewise dated the industry's wakeup call to May 12 of last year - the day that the WannaCry outbreak began, impacting organizations worldwide, including the U.K.'s National Health Service. "That is not just an attack on machines; that is an attack that is endangering people's lives," Smith said. If criminal groups appeared to be behind most online attacks in previous years, last year, the threat that nation-states pose to society became increasingly clear, he said.
As one BBC report put it, 2017 was the year of "cyber-geddon," Smith noted. He repeated previous calls for the creating "a new Digital Geneva Convention" that would see governments agree to never target civilians with online attacks (see Microsoft Advocates 'Digital Geneva Convention').
Like RSA's Ghai, Smith also called for organizations to work more closely together. "It requires not that we each do more, but that we each do more together," Smith said. "But in a world where everything is connected, anything can be disrupted, and what it means for us is that everything needs to be protected, from the cloud to the edge."
Cybersecurity in the Era of Fake News
The RSA opening keynote speeches also touched on the risk posed to democratic processes by foreign hackers.
"Fake news and botnets posing as people - information is now being used against us," McAfee CEO Chris Young told the audience. "What we used to protect - data - is now being weaponized and used against us, and sometimes we have to protect ourselves against it.
The nation's democratic processes also need protecting, Microsoft's Smith said. To help, he said that on Friday, Microsoft launched its Defending Democracy Program, which aims "to protect candidates, campaigns, voters and voting equipment."
Microsoft Lauds Apple, Linux
But the industry still faces some longstanding challenges, including cybersecurity not yet being part of many organizational cultures, McAfee's Young said. "If you look at the Verizon Data Breach report released recently, you see that nearly 40 percent of breaches are still driven by insiders and issues under organizations' control."
In the keynote speeches, the technology executives also touched on what is working well. Microsoft's Smith, in particular, saluted examples of security that's good for society, including Apple's iPhone for "hardware-based biometrics done right." He also cited "new announcements by Intel to better secure the chip, including against the kinds of side attacks that we've seen in the past months."
And he noted the Monday announcement by Microsoft of Azure Sphere, an improvement in its cloud infrastructure offering designed to not only secure enterprises but also the internet of things; it includes a new chip, operating system and security service.
"Did anyone every think that someone from Microsoft would come here and say that we are shipping a custom, Linux kernel?" Smith said, drawing applause from the audience.