Certain things in life are inevitable. Death and taxes. The sun rising in the East and setting in the West. Donald Trump tweeting extemporaneously. Kids growing up and leaving home (okay, so there’s a little hope in that last one.)
Here’s another item to add to the list: Namely, that IT security and privacy professionals will get the goods when they attend the annual RSA Conference, which will occupy San Francisco’s Moscone Center the week of April 16-20.
And it’s not just the scoops on recent threats, suggested strategies and the latest tools that they’ll go home with. They’ll also hear experts from every corner of the InfoSec world weigh in on current security- and privacy-related issues that may or may not be tactically critical today, but are top of mind regardless.
Take the Facebook-Cambridge Analytica scandal (please). Ever since the news broke that political data firm Cambridge Analytica allegedly had used Facebook data to manipulate voters on behalf of the Trump Campaign, the social media giant has been in damage control mode, while debating whether or not to delete one’s Facebook account has become a national obsession.
But if that wasn’t enough to call Facebook’s security practices into question, then maybe Facebook’s more recent admission that nearly all of its 2.2 billion users have had their data compromised by “malicious actors” will do the trick. CEO Mark Zuckerberg maintained that the perpetrators were only able to scrape “publicly available” data, but with all that data thieves are able to do with artificial intelligence, there’s no telling what eventual value can be extracted, or damage inflicted.
Speaking of AI, that’s another topic that has the attention of security executives, for a couple of reasons. Not only does AI raise all sorts of security flags we aren’t prepared for, but it also is becoming an increasingly important resource in the security professional’s toolbox.
In a piece for CSO Online, Jon Oltsik, a senior principal analyst at Enterprise Strategy Group, suggested that, at the very least, security executives should be considering how AI, and all the related technologies it complements, are going to change how cyber security is handled going forward.
“The intersection between artificial intelligence (AI) and security technology is still in its genesis phase, and we are in a cycle of massive innovation right now, driven by cloud computing, open source, big data technologies, AI, etc.,” wrote Oltsik. “Given this, CISOs should remain open minded about new types of more revolutionary security technologies that aren’t simple adjuncts to what they’ve done in the past.”
Meanwhile, Kris Lahiri, CSO of file-sharing vendor Egnyte, tackled the potential security flags raised by AI in a recent post on Quora, offering that not only do AI applications reach across organizations for data, thereby opening potential holes, but that the bad guys are putting AI to use in their attack vectors, which in turn only ramps up the pressure on security teams to use AI as a defense layer.
In fact, on another topical front, maybe using AI in this way could have helped Equifax stem the breach that won’t go away. Months after the theft of nearly 148 million Americans’ financial data rocked the world of finance and beyond, the aftermath of the breach remains one of the security world’s oft-discussed topics. It’s not just that the scope of the breach keeps growing, but that the episode still doggedly follows Equifax in other ways, too.
As impactful as the Facebook scandal, the rise of AI, and the Equifax breach are, and as likely as they are to come up in more sessions than not at this year’s conference, there’s another current security topic that may affect more attendees at this particular moment than these other threads combined: The pending deadline to comply with Europe’s new General Data Protection Regulation, which takes effect May 25.
Recent research from ExchangeWire paints a grim picture, suggesting that just 3 percent of data professionals in the U.S. grasp the implications of the GDPR, and that American companies are woefully unprepared to fully comply with its requirements.
This is potentially a pretty big problem, given that a major component of the GDPR is to regulate how foreign companies handle the data of European Union consumers. Flagrant non-compliance will be punishable by fines as hefty as 4 percent of a company’s annual revenue. (So, using Apple, which generated $229 billion in revenue for its fiscal year ended Sept. 30, 2017, as an example, a potential fine tops out at more than $9 billion.)
With that much money at stake, and the deadline just a month away, you can bet GDPR compliance will be a constant topic throughout the week, not just during keynotes and session presentations, but also during the Q & A sessions that follow them.
The message to those from the security and privacy worlds who will be in San Francisco this month — either as an attendee or a presenter — is simple: Strap yourself in, ladies and gentlemen. With all that’s going on in the security world, this year’s RSA Conference figures to be a wild ride.
And whether you’re looking to avoid duplicating Facebook’s and Equifax’s privacy and security woes, you’re grappling with how to make AI work for (and hopefully not against) you, or you’re scrambling to meet the conditions of the GDPR, we look forward to joining you on that journey.
*** This is a Security Bloggers Network syndicated blog from RSA Conference Blog authored by Tony Kontzer. Read the original post at: http://www.rsaconference.com/blogs/no-shortage-of-compelling-topics-as-rsa-conference-2018-approaches