RSA Conference 2018: Problems and Awareness
Today cyber safety is the most widely discussed subject. The most authoritative platforms for such discussions, of course, are organized around Silicon Valley. A striking example is the April RSA business conference, the twenty-seventh in a row.
What began as a highly specialized meeting of cryptographers has now turned into crowds of technicians, managers, programmers (providers of security solutions and their potential customers), and technical topics have been replaced by arguments about purely business approaches in the field of information security.
Indeed, the number and complexity of attacks are growing, but talking about this at the conference, without offering at least some product to protect and defend, and preferably from all attacks at once - does not correspond to generally accepted business practices.
Currently there is nothing to solve all the problems at once on a global scale. In any case, today these solutions are being forged in the silence of “garages”. Following the example of Bill Gates, some small companies such as the Russian company “NAO-Pro” have developed a universal platform for cyber protection of digital devices in the M2M category.
While these solutions have not yet made their way to the global market, it remains to repeat the obvious, but non-traditional business words: that there are no silver bullets protecting from cyber crime.
A representative of McAfee compared the current situation with cyber crime with the terrorist attacks of September 11, saying that after them security in the civil aviation industry was enhanced not by magic and not by a new breakthrough technology, but by many small improvements to the already existing process - from the ban on hand-carried liquids to the reinforced doors on pilot cabins. In other words, in the field of digital technologies everything can be resolved by a coherent and legally approved policy of prohibitions.
Just a couple of years ago, everyone was talking about the incredible advantages of IoT, leaving behind all mention of serious gaps in security. Then came the general fascination with blockchain systems that would not only change the entire financial world system, but also reliably protect our digital data. However, the blockchain is not a panacea, and without a sane plan to counteract cyber crime, it will not be much help.
And yet the technical trends at the conference were outlined, albeit modestly. This entails data encryption wherever possible, including such data that is idle and seemingly useless to anyone. This and the further automation of monitoring systems for events in corporate networks - not for the sake of beautiful charts (although for them too), but just to free the time of hard-working professionals and allow them to do something more useful.
For example, a representative of Microsoft presented Azure Sphere - a hardware platform for creating IoT-devices, running on Linux and tied to the Microsoft Azure cloud solution. Promises are traditional: maximum security, software integrity control, regular updates delivery and so on. The hardware part will be open, it is planned to earn on the cloud part of the solution. The concept is already proven: like we give out iPhones for free and earn more by selling content.
However unimportant the results of this conference are, one thing is certain: dialogues of this kind in the extended forums with all participants in the process (businessmen, developers, regulators) are objectively necessary for formulating common approaches to new digital threats.
At the conference, some statistical data was analyzed: the damage from cyber criminals is $ 6 billion a year, which is about 10% of the total world economy (call it a 10% crime tax). It is clear that damage of this scale must be countered. According to the Cisco representative, around 3.5 million cyber security specialists will work in the world by 2020. Undoubtedly, understanding the problem will lead us to its solution. And this is why such forums like RSA are much needed.