Like many of my peers, at the end of each year, I get asked to give my perspective as to what may happen in the coming year. Ironically, I’ve just completed a far more valuable task: the RSA USA 2019 conference committee speaker selection, for which I’m very honoured to be a part. The process of vetting nearly 400 submissions delivers valuable insight into what industry luminaries believe will impact us in 2019.
Here are the key themes that came out in the “Hackers & Threats” stream for 2019.
Artificial Intelligence and Machine Learning. It is no great surprise that artificial intelligence and machine learning are at the top of the list. Obviously, there were submissions on how they can be used to improve cybersecurity. However, there were also papers on how they can be used to subvert cybersecurity capabilities.
Cryptocurrency. There were many submissions on cryptocurrencies and the underlying digital wallets and ledgers they utilise. In the last 12+ months, there has been an increase in cryptocurrency services as well as very media-visible fluctuations. It’s not surprising to see adversaries probing every aspect, from initial offerings and compromising systems to harvesting coins or stealing from those already harvesting. Cybercriminals are looking at how to intercept payments or compromise wallets, and effectively analysing every aspect for weaknesses and vulnerabilities. There were also papers looking at how criminals are using cryptocurrencies to move around their illicit funds. This is a space many are watching carefully, as the scope of digital ledger use could be so broad in the future that countries are even considering this for identity management.
Internet of Things. We saw high volumes of submissions around IoT. Some papers were very specific, focusing on areas such as healthcare, automation and maritime systems. What I found most interesting is that in IoT, we are seeing a rapid interconnection of devices really start to occur. Just as in years gone by when we looked at the phases of a breach lifecycle on one system, it seems that we will see more breaches having phases of the attack lifecycle that span multiple IoT devices to achieve the adversary’s goal.
Incident Response. With increasing legislation, especially focusing on notification requirements, such as GDPR, it wasn’t surprising to see submissions on IR skills and processes. Probably most evident was the growth of purple teams’ submissions. Is this a short-term fad to validate if red and blue teams are functioning, or will this become the longer term replacement for both?
I had the opportunity to read some amazing, specific and unique papers. Obviously I can’t talk about any of these yet as I don’t want to spoil the surprise. You’ll have to attend RSA to see the whole agenda and hear these speakers for yourself.