RSA 2017 Predictions Analysis via Sophos
Sophos offered a predictions blog that was published on their Naked Security blog last week, and now it’s time to see how accurate these predictions were. Here, we will break down each prediction and see what really happened. Sophos wrote on some big topics like Internet of Things (IoT) devices and the continuing scourge of ransomware.
Here’s Sophos predictions and review:
What I predicted:
Ransomware is an old topic in information security circles. Attackers have been hijacking computers and holding files hostage for years now, typically demanding that ransom be paid in bitcoins. Some might expect that a majority of people are well aware of the threat by now and that they’re taking the appropriate precautions. It’s therefore, reasonable to assume that online thieves have moved on to new tactics. Unfortunately, that’s hardly the case, said Andrew Hay, CISO of DataGravity and one of the seminar organizers. “Ransomware is one of the most prominent threats facing organizations and their end-users, partners, and customers,” he explained.
Indeed, ransomware was a big discussion point, best illustrated by an all-day seminar on the subject on Monday. I was there and it was well attended. From 9 am – 5 pm, a variety of experts offered up case studies, reviews of the best technology to fight ransomware, and tips to help companies avoid falling victim in the first place.
Internet of Things
What I predicted:
IoT threats have been discussed at RSA conference for years now, but in largely theoretical terms. This past year, the theoretical turned into reality when Mirai malware was used to hijack internet-facing webcams and other devices into massive botnets that were then used to launch a coordinated assault against Dyn, one of several companies hosting the the Domain Name System (DNS). That attack crippled such major sites as Twitter, Paypal, Netflix and Reddit. For 2017, Sophos predicts a rise in threats against devices that are part of the IoT.
My prediction that IoT attacks would be a big focus also turned out to be true. Multiple vendors played up the threat – and how they could help defend against it – on the show floor. And, Chester Wisniewski and I discussed the topic at the Sophos booth as well.
It was difficult to pinpoint an overriding theme this year. Whereas past RSA conferences were dominated by one or two issues (spyware in 2005 comes to mind), this year was more of a topic du jour. Ransomware and IoT were just two of many issues.
But I was fine with that.
I’ve found over the years that people don’t necessarily come to RSA in search of a big news event or theme. They attend because they are constantly striving to find more effective ways to better manage old problems.
Whether RSA filled those needs is in the eye of the individual.