With the RSA Conference drawing to a close many in cybersecurity will be wondering what the next step is for the industry.
Over the week vendors flocked to San Francisco to flaunt their wares and offer their advice. But with so much information available what are the key lessons from the conference?
1. Analytics is useless unless you know what questions to ask
Judging by the keynotes this year analytics is a subject that you will be hearing a lot about in cybersecurity over the coming months.
The industry has a habit of overhyping products, mostly as a means of shifting units. Whilst "data science" (read: statistics) is useful, the folks at Verizon warned that it is still incumbent upon you to ask the questions that are relevant to your firm.
"I don’t know what you organisation looks like," said Bob Rudis, security data scientist at Verizon during his talk. "I don’t know what the problems are. You are the only ones that know that and can ask the questions you need to solve."
2. Modern war could be fought by teenagers
Violent video games have long prompted concerns from zealous parents, even if they would not worry about their child learning C++ in their spare time. But the evidence is mounting that coders are more likely soldiers than Call of Duty fans.
Speaking at RSA, the journalist and author Kim Zetter outlined the infamous Stuxnet virus, an early cyber-weapon created by the US military intended to destroy nuclear centrifuges in Iran. As she pointed out, this trend raises several problems.
Though it reduces the need for physical war, fighting online can be done with little fear of attribution, and weapons are cheaper than their physical equivalents. Most worryingly, as Zetter put it: "A teenager can develop a digital weapon like this with the right knowledge."
3. ‘Visual hacking’ is surprisingly effective
While cybersecurity tends to focus on those seeking to break into computer systems through advanced (or not so advanced) hacking campaigns, it is refreshing to be reminded that old techniques still work.
A recent study by research group the Ponemon Institute showed that nine times out of ten sensitive data could be stolen in open plan offices by simply walking around and observing things. Half of the data stolen was even obtained in the first 15 minutes.
"We find for the most part that [open offices] can be very dangerous because you’re potentially sitting next to a stranger," said Larry Ponemon, founder of the group. "The person sitting next to you could [even] vary day by day."
4. Silicon Valley is switching to privacy by design
Part of the reason the online world is so insecure is that its public incarnation evolved from a tool used by academics to share information, with little thought given to the idea that the same infrastructure might be needed for quite different purposes.
This trend is one that Silicon Valley is keen to reverse. At the conference Microsoft, Google and Facebook all committed to overhauling the privacy controls on their systems, gradually moving to a standard of "privacy by design".
"I don’t think we have everything in terms of privacy arranged in the way it’s going to be," said Keith Enright, legal director of privacy at Google. "We’ve a lot to learn."
5. You should not listen to wine-tasting Hippos
It is easy to suffocate under the weight of acronyms and the initialisms in the IT industry. From APTs to Scada to PHP to IBM, technology pundits are far too fond of oblique technical terms.
This complaint should however be set aside for HPPOs, or Hippos. In a presentation on the merits of statistics, Andrew McAfee of the MIT Sloan School of Management compared using data to make decisions to relying on the highest paid person’s opinion, or the Hippo.
As an example he referenced the Princeton professor Orley Aschenfelter, who decided to use the weather to predict which Bordeaux wines were likely to be sound investments when they matured. Though the Hippos complained, they eventually yielded to the figures.
