RSAC 2020 Watchlist: Threat Intelligence, Info Sharing And Frameworks
Understanding Automation Challenges And Risk Management Opportunities
In advance of the RSA Conference, we highlight some of the leading trends and provide a glimpse of what will be on the minds of cyber security professionals in 2020.
Threat Intelligence And Information Sharing
Security professionals see the value in building a Collective Cyber Defense and public-private collaboration. This has been an interesting pendulum-swinging exercise to watch, and this year the industry appears to have once again arrived at the value of sharing intelligence, perhaps due to further confidence in technical frameworks and mechanisms to do so.
With the growing focus on fraud and identity, there is great interest related to user behavior analytics, indicating a strong link between behavioral sciences and cyber threats. Playing into the human element, many of this year’s talks point to the power of threat intelligence and sharing while recognizing the continuous need to upskill security teams.
As AI continues to spread its wings, there is also an uptick in automation, for good and bad. Set against the backdrop of the 2020 US presidential elections and rising geopolitical concerns, classic social engineering meets the scale of automation was documented, with attackers leveraging machine learning and submitters exploring viable defenses against this growing challenge.
Threat intelligence relies on trust, and though artificial intelligence (AI) has the potential to inform, there must be a balance between automation and humans. With the maturation of this space and, indeed, the infusion of AI and machine learning into just about every process across organizations, we saw an increase in documented cases where the inherent weaknesses and challenges of machines, with some deeply technical and wonderfully detailed examples digging into the specifics and providing guidance and best practice considerations.
A Framework For Risk Management
In what is likely an indication that there is an ongoing formalization of processes, cross-departmental efforts between divisions within organizations and across organizations, and a drive toward automation, many security leaders want to dig deeper into frameworks.
Frameworks embrace both hard and soft skills. Frameworks are plentiful and serve to address everything from industry requirements to policies and from regulation to compliance. Popular frameworks that will be discussed at RSAC 2020 include the MITRE ATT&CK framework, the NIST Cybersecurity Framework, Competing Security Culture Framework (CSCF) and the Factor Analysis of Information Risk (FAIR) Framework. Privacy frameworks also burst on the scene in the past year.
The continued development and application of these frameworks—and the further mushrooming and morphing of more each year—appears to be driven by a desire for more efficient governance and improved risk management. Risk management is the thread that binds all of these trends in some way, shape or form.
Live From San Francisco
Cyber Security Hub will be in San Francisco and publishing content throughout the week. If you happen to see one of us, please stop and say hello. We would love to meet our readers!
Cyber Security Hub is a marketing partner of RSA Conference 2020
See Related: Utilizing Cyber Security Standards And Frameworks