What will feature at one the world’s key cybersecurity events?
This week the cybersecurity industry will descend on the Moscone Center in San Francisco for the RSA Conference, one of the sector’s most prestigious events.
For five days visitors will be bombarded with information on cloud computing, smartwatches, and everything in between, the last year having seen cybersecurity rise up the board agenda as the likes of Home Depot, Sony and eBay were penetrated by hackers.
Security vendors are naturally hoping to flog their wares and advice to the conference’s numerous attendees. As such many have released security reports discussing the latest trends, which will dominate the event.
Here is what you need to know:
1. Verizon – Hackers are going pro
The "death of the perimeter" was a much discussed trend last year, not least in Verizon’s Data Breach Investigations Report (DBIR), which tracks denial-of-service attacks, insider threats and cyberespionage, among other things.
Speaking to CBR about the 2015 edition, Jay Jacobs, principal of Verizon Risk, said: "The interesting thing is when we look at these nine patterns [of attack] overall they don’t shift this year. There’s some variation here and there but there but there’s no major shift."
What Jacobs puts this down to is a move towards a more professional kind of crook, with gangs of hackers now operating in teams and frequently reusing tactics and infrastructure to maximise efficiency. For some cybercrime is now a career.
2. Symantec – Partners put big firms at risk
Though cybersecurity news tends to focus on attacks that affect large multinationals, smaller businesses can often have a harder time defending against cybercriminals. Even though such firms have less to lose, they also have less money and resources to protect themselves.
Such facts have given rise to hackers targeting small partners and unwary consumers in a bid to gain access to the network of their ultimate target. Kevin Haley, director at Symantec Security Response, said: "Cybercriminals are inherently lazy; they prefer automated tools and the help of unwitting consumers to do their dirty work.
"We’re seeing attackers trick companies into infecting themselves by trojanising software updates to common programs and patiently waiting for their targets to download them – giving attackers unfettered access to the corporate network."
3. Websense – Outsourcing is on the rise
Whilst Verizon pointed out that hacking gangs were becoming more professional in their approach, Websense described the burgeoning culture of hacking-as-a-service in their latest report. Though hackers have long sold credit card details online, offering bespoke malware coding is something of a novelty.
"The average price for exploit kits is usually between $800 to $1,500 (£530 to £1,000) a month, depending on the features and addons," said Carl Leonard, principal security analyst for Websense. His firm now tracks three times the amount of exploit kits as it did in 2013.
Prices for such services are said to be plummeting as more black hat hackers take to the web to ply their wares on underground forums. Some hackers are even offering denial-of-service attacks, which can shutdown company websites, for a matter of pounds per attack.
4. Dell – Industry is under terrorist threat
The rise of the Internet of Things (IoT) has an air of inevitability about it, with many in the technology industry accepting that we will soon connect everything to the internet – from our fridges to our factories. But not everyone is happy.
"We have got all these benefits from the internet, but from a cyber-war point of view what does that really mean?" asked Florian Malecki, product marketing director of network security at Dell. "Rather than attack a nation with bombs or planes all future terrorists could soon hack into the network from where all our cars are being driven."
His comments come after his native France’s broadcaster TV5 Monde suffered an outage caused by sympathisers of Islamic States, a Middle Eastern terrorist group. With rising automation also predicted in many fields, such attacks will become ever more likely.
5. (ISC)2 – Talent shortage is turning critical
Talent shortage is an old problem for IT across all the fields in the sector. For many companies the lack of skilled coders is stifling innovation and throwing up problems in the daily running of the business as people struggle to make the most of the tools.
But for cybersecurity, which is increasingly tasked with defending the firm’s most important assets, such problems are about to become acute. According to analysis from (ISC)2, a nonprofit security body, the industry will have a shortfall of 1.5 million people by 2020.
Such slack will likely have to be picked up by cloud and managed security services, allowing companies to draw on a limited pool of talent. However Frost & Sullivan, the consultancy behind the report, warned that businesses would still need to invest in education and training.