Day 3 @ RSA
As I kick-off my final-day at RSA Asia, I joined different panel discussions covering a variety of strategic topics in security, privacy, legislature, and even foreign affairs. While these topics are non-technical by nature, they constitute important inspirations to envision our future in security.
When geopolitical perspective intersects security
When I attended BlackHat Las Vegas a few years ago, state-sponsored attack was highlighted in keynote sessions as something us as an emerging topic. Fast forward to 2019, it seemed we had not made much progress and cyber-warfare continued to haunt us. The Asia Pacific region continued to see its share of ICT attacks through the years.
From 2019 until 2021, United Nations has established two processes to ‘discuss the issue of security in the use of ICTs’. These processes aspire to formulate a baseline agreement of acceptable behaviour among states in our cyberspace. Indeed, I think it is a lofty goal to achieve with much diplomatic effort required to substantiate an actionable outcome. Nevertheless, I was glad that RSA included such discussion in an otherwise mostly technical conference.
Operation RSA Asia Pacific & Japan
As a highlight of major security conferences, RSA partnered up with Cisco to setup a Security Operation Center (SOC) on-site to gauge its attendees’ security awareness through the week. The SOC would observe, but not interfere, with the network traffic. The setup looked quite impressive as a temporary setup and sat in the middle of the expo show floor.
What was interesting – however – was what they were able to intercept throughout the week. Now, given this was supposed to be a show/demo, I perceived some of threats might be carried over from their previous road-shows. Throughout the week, SOC detected multiple malware submission, alongside with seeing many – or maybe too many – email messages without encryption revealing confidential information.
The future trends
I believed the best session at this year’s RSA was one of the keynote, where three SANS certified instructor went on stage to provide their perspectives on the most dangerous attacks. Some of these attacks are not new per se, though it is good to refresh our memories:
- Bypassing two-factor authentication – this trend relates to the challenge of attempting to defeat two-factor, or even multi-factor, authentication. While we attempt to balance between security and usability, U2F is suggested as a possible countermeasure to this trend.
- Do not forget to patch – this trend should not be new, but the fact that many of us are behind in applying security patches. Despite our best effort to improve security, adversaries continue to have an abundant time to attack our exposed systems.
- Attack our third-party or supply chain – phishing is now more sophisticated than ever with the use of different AI or deep-learning techniques. For example, watering hole attack is sophisticated enough that is hardly preventable. The use of block-chain could provide some counter measures in this attack area.
- Scaling an attack – is a lot easier, especially in non-state sponsored attacks. Our technology landscape becomes very homogeneous now. One flaw in our infrastructure can easily scale up for an attacker to replicate similar attacks elsewhere.
- Casulty-causing attack – this will apply to many industry-control systems, that there is an observation attacks have an ultimate goal to cause casualty. Such behaviour is beyond unethical and shall be condemned, but also demand us in security to look beyond simple defence.
As I conclude my journey at RSA Asia Pacific & Japan, I want to recognize and thank SAP DevX for their financial support. Their contribution has been valuable for my professional development at SAP. Thank you!