Troublesome Ransomware, Overconfidence in Security: Observations from RSA
Posted: March 10, 2016 / Author: Dror Liwer
It seems like only yesterday I enjoyed the cool San Francisco air while making new acquaintances and renewing old friendships at RSA Conference 2016 USA. The conference was as usual, a whirlwind filled with so many people to meet and companies to explore.Here are my takeaways on the trends and highlights from this year’s conference, and how I believe the cybersecurity landscape will be shaped going forward.Ransomware is on the RiseThe threat of ransomware continues to increase, affecting government agencies, and corporations alike. Targeting individuals and BYOD employees through their laptops and mobile devices has never been easier leading to a rise in commjacking and the use of evil twin as the delivery method.If you’re not familiar with the scam: Commjackers make a tainted hotspot appear to be a legitimate WiFi access point and trick wireless devices (and users) looking for a connection. The devices are then infected with malware that restricts access to the infected operating system until the victim pays ransom, usually in the form of bitcoin, to the commjacker. With ransomware crippling Apple products, Windows PCs, and Android smartphones, no wireless device is safe – even with, users taking extreme caution by using SSL sessions when accessing email and banking information and relying on a VPN or IPSec to safeguard data when public WiFi is the only available network.Passwords are PasséPasswords, the source of frustration to those with short memories, will start to disappear. I offer this prediction not just because of the various alternative authentication mechanisms that are emerging as viable but because there is finally a collective intent to make it happen. For the time being, electronic passwords will continue to be exploited. In the grand scheme of security, they are an unmanageable mess.Initially, a shift away from passwords could have no effect on wireless, as long as conventional credential structures remain embedded in legacy infrastructure despite a shift away from them on a device’s human interface. Time for a Shake-upFinally, someone is talking about the elephant in the room. Amit Yoran, the new CEO of RSA, truly wants to shake up the industry and revitalize his company. He has made bold, long overdue statements – including his keynote address that acknowledge the “broken” state of the security industry. “There are no silver bullets in security,” Yoran said. “We can’t just apply some bling and hope that revolutionary technology will save us.”No More Room at the SIEM TableThe SIEM market is overcrowded. There are dozens of copycat companies. The same can be said for a variety of other spaces in security, whether they are unbundled components of SIEM or in adjacent spaces, including authentication, fraud, and malware.This might seem to contradict Yoran’s call for a new perspective, but I believe a majority of the companies that have been bloated by a flood of venture capital funding will choke and die in the next two years. Only the few viable companies with real use cases, developed products that are successfully deployed to customers, will survive.Wireless OverconfidenceIn light of the spread of ransomware, it’s even more striking that only a few security industry practitioners consistently think about the real vulnerabilities that threaten organizations – including their own – because of the security weaknesses inherent in wireless technology. This doesn’t surprise me. I’ve seen this tunnel vision before with authentication, fraud, and malware. People are focused on the “upper layers,” and there is an irrational desire to believe that one’s own security design is perfect. How Coronet Fits InWe need to spend only a few quality minutes with prospects before their demeanors palpably change and they almost always want a follow-up meeting with an expanded group, usually with the intention of doing a pilot run of our offering. When they realize there is a real problem (that “the industry is broken”) at the “lower layers” and see that we have a reasonable solution that could under-gird the upper layers, they are engaged.In short this is a very good outcome and made RSA all the more meaningful.