Incident & Breach Response , ISMG Security Report , Recruitment & Reskilling Strategy
Highlights of RSA Conference 2022Also: Changing Cyber Paradigm With Automation; CISA's Mission to Grow Cyber Talent
The latest edition of the ISMG Security Report includes highlights and observations from RSA Conference 2022. It also discusses the value of automation and the Cybersecurity and Infrastructure Security Agency's mission to grow cyber talent.
In this report, you'll hear (click on player beneath image to listen):
- ISMG's Mathew Schwartz share observations from this year's RSA Conference, including a key message from RSA CEO Rohit Ghai on "transformation" - the theme of this year's conference;
- Palo Alto Networks CEO Nikesh Arora discuss the value of automation in reducing response times;
- CISA chief of staff Kiersten Todt describe the agency's efforts to attract a more diverse cyber workforce.
The ISMG Security Report appears weekly on this and other ISMG websites. Don't miss the May 27 and June 2 editions, which respectively discuss how money lost in BEC scams hit $4.3 billion in 2021 and the problem of unsecured data bases in the wake of the Elasticsearch attack.
Theme music for the ISMG Security Report is by Ithaca Audio under a Creative Commons license.
Anna Delaney: On this week's ISMG Security Report, we share some highlights captured from interviews recorded for last week's RSA Conference 2022.
First up, we have Executive Editor Mathew Schwartz. He brilliantly conveys the theme of this year's RSA Conference, as well as other observations.
Mathew Schwartz: Last week's RSA Conference 2022 counted more than 26,000 attendees from around the world. It's the first time the RSA Conference has been held in person since February of 2020, on the cusp of the COVID-19 pandemic, essentially shutting down so much of society. The theme for this year's conference was transform, and it's fitting. Who hasn't had to transform over the last two years, given the ongoing challenges posed by the pandemic, the rise of hybrid working and the need to keep everyone and everything secure, no matter where people might be based. So one of the highlights of the conference for me annually is RSA CEO Rohit Ghai's keynote speech in which he takes the theme of the year, runs with it, and so often issues accompanying marching orders to the cybersecurity community at large. I sat down with Rohit and asked him to expand on his message for this year's conference.
Rohit Ghai: Stated simply we humans are not great at hurrying through change unless we get a kick in the pants. And the way disruptions shape transformations is by doing three things: they tell us what does not change, the constants; what's most important, the imperatives; and finally, the things that we've believed wrongly for many years, dogma. So I believe, in cybersecurity, it's important to take a step back, look at the disruptive forces of play, and not wait for a cyber crisis, or a cyber disruption to learn these three lessons that are — what's the constant, what's the imperative, and what's the dogma.
Schwartz: As a reporter, one reason I love to get back to RSA, in person, is to get to see familiar faces. But this year was perhaps a bit more surreal than usual.
Raj Samani: It's nice to be here.
Schwartz: That's cybercrime expert, Raj Samani, who's chief scientist at Rapid7, who unfortunately had to miss the 2020 conference, meaning he's had a three-year RSA gap.
Samani: What I mean by that is, those three years were like Avengers Infinity. The finger was clicked, and I've lost three years. And I've come back to RSA, and I'm seeing people I haven't seen for three years, and they're like, "oh, wow, okay, you look very different now."
Schwartz: Beyond hearing the calls to action, and getting to see old friends for the first time in years, the conference remains a fantastic place for getting up to speed on the latest trends, research and more. On that front, we welcomed Jackie Burns Koven to the ISMG Studios at RSA. Jackie's the cyber threat intelligence lead for blockchain analytics firm Chainalysis. And she was a panelist at RSA on a session devoted to lessons learned from the Netwalker ransomware group disruption.
Jackie Burns Koven: This case is important for a number of reasons. And even though the arrest occurred in January of 2021, it's still bursting back into the headlines because the Canadian national has been extradited to the United States. And this was the first case and a long stream of cases over the last year that demonstrate how cryptocurrency can be used against these threat actors, the types of actions that U.S. agencies can take against individual actors as well as the services that they use to launder their proceeds. And it also shows that this is a global problem. This was a Canadian national. A lot of ransomware is based or affiliated with Russia. We've actually calculated that almost 75% of ransomware transactions had some sort of Russian connection, but this shows that this is a global crime that can exist in our backyard. It also shows that the imposition of cost that we can impose and make a dent in this ransomware ecosystem.
Schwartz: Of course, criminals who use ransomware and cryptocurrency continue to be a massive problem.
Koven: Ransomware is the most profitable crime of the day for the skillset that these threat actors have but they all came from other types of crime. They came from jackpotting and banking Trojans. So what's next? And is it always going to be cryptocurrency based? Is it always going to be Bitcoin, which is what we do see these predominantly paid in. And there's so much innovation happening too. Web 3, DeFi, DAPS, all of these innovations that bad actors will try to exploit too. So, it's never a dull moment, and it's always something we're going to be tracking.
Schwartz: Unfortunately, this is sure to be a challenge that we'll be discussing at next year's RSA Conference as well. For Information Security Media Group, I'm Mathew Schwartz.
(Transition ad: You are listening to the ISMG Security Report on ISMG Radio. ISMG - Your number one source for information security news.
Delaney: Also at this year's conference, our Managing Editor for Business Michael Novinson conducted an excellent interview with Palo Alto Networks' CEO Nikesh Arora. Here's an excerpt from their conversation on the role and value of automation reducing response times.
Nikesh Arora: I think the entire security paradigm needs to evolve. Security was more of a collect and analyze process. If you look at meantime to respond, as an industry we're happy with meantime respond in days. The Maersk hack or the even SolarWinds attempt, we measured them in weeks and days and months, not in minutes or seconds. If you want to do security, you got to be able to do real time production, because every bad actor has figured out that they can get in and out of your system in under an hour. So you've got to be able to stop them in less time than that. And to do that, you need to be able to process huge amounts of data, analyze it, understand good versus bad data, and then be able to stop and attack that process. The way we talk about internally, we get inspired by Elon Musk and a self-driving car. The car's got to process all the data and be able to move at that moment. Security has to be able to do the same thing: analyze that data and move on the moment. Now, the only way you get there is through having a normalized data lake, having good data, running AI on it, running machine learning on it, and making it work real time. So I think that's our vision. That's our aspiration. And if you look at our entire Cortex platform, it's set up in a way where XDR collects data on the endpoint, across correlates that are firewall data, we run automation tools with XSOAR to bring an attack surface management data. I'm trying to build an autonomous SOC as part of our Cortex vision.
Delaney: And finally, a real highlight for me this year was interviewing Kiersten Todt, chief of staff at the U.S. Cybersecurity and Infrastructure Security Agency, otherwise known as CISA, about the critical role of private and public cyber collaboration. We also discussed CISA's efforts to attract a more diverse cyber workforce, and what non-traditional methods they're using to create a richer, more inclusive talent pool. Here's Todt:
Kiersten Todt: Well, it's absolutely a priority for CISA to build a diverse workforce. And not just for CISA as an agency but the vision that I think is important for us to hold on to is be the model. Let CISA be the model not just for industry, but across the board for attracting a diverse workforce. And so part of that comes from the culture or key foundation piece, creating a culture that accepts and embraces and ultimately relies upon diversity. And so when we're looking at this at CISA, it's not just diversity of race or gender. It's looking at socioeconomic backgrounds, cultural backgrounds, neurodiversity, and these are so critical because cybersecurity is an interdisciplinary issue. So for us to address it effectively. We need people who have aptitudes in not just math and science, but sociology, psychology, history — people that look at these issues differently. And as I mentioned, with the neurodiversity piece, I'm particularly proud and excited. We're going to be the second federal agency to engage in a neurodiversity initiative, where we are focused on building a more inclusive workplace so that we can look at solving problems in a more innovative way.
Delaney: That's it from the ISMG Security Report. Theme music is by Ithaca Audio. I'm Anna Delaney. Until next time!