The RSA Conference (RSAC) 2024, held at San Francisco’s Moscone Center, drew cyber security professionals from across the globe to explore this year’s theme, "The Art of Possible."
This slogan underscored the industry's determination to transcend conventional security measures through innovation and collaboration. Over four days, attendees delved into myriad topics, from the escalating risks posed by nation-state actors to the transformative potential of AI in cyber security.
As the conference wrapped up, several pivotal discussions emerged as particularly influential. Here are the five key takeaways from the conference, each spotlighting a different facet of the evolving cyber security landscape and why these areas demand our focus and action.
Surging DDoS attacks in the spotlight at the RSA Conference
The proliferation of applications and increasing complexity has opened new avenues for threat actors to launch potent DDoS attacks.
Boaz Gelbord, senior vice president and CSO at Akamai, emphasized this trend, citing Akamai data showing a staggering 107% year-over-year increase in layer seven DDoS attacks targeting web applications.
Gelbord told attendees the firm has recorded a 48% year on year increase in web attacks, with 29% targeting APIs, underlining the relentless threats faced by businesses globally.
"It's hard to inventory APIs," Gelbord told attendees. "You kind of know what your public-facing websites are, and probably have processes internally for setting those up. You know, they're customer-facing or they're user-facing."
AI-Powered next-gen SIEM key to outpacing cyber attackers
In his keynote address at RSAC 2024, CrowdStrike CEO George Kurtz issued a dire warning to security professionals: embrace AI-driven next-generation SIEM solutions or risk being outmaneuvered by cyber criminals who are already leveraging the technology to launch lightning-fast attacks.
Kurtz revealed that CrowdStrike has observed adversaries breaking out of compromised systems and moving laterally in as little as two minutes and seven seconds – the fastest time recorded by the company in the past year.
"It took an adversary just 31 seconds to download their toolkit and start running reconnaissance tools, trying to exploit that system," he told the audience. "We know one of the real challenges in security is time."
To counter these rapidly evolving threats, Kurtz advocated for the adoption of "next-gen SIEM" solutions that integrate with security platforms, fuse data and AI automation, and provide advanced threat detection and automated response capabilities.
"The only SOC analysts that are going to be out of business are the ones that don't actually embrace AI," he cautioned, adding, "If you haven't seen some of this stuff, and you haven't actually played with it, it's incredibly powerful. I've been doing this for a long time. And I really think it has the ability to revolutionize security, but more importantly, the operations of security."
CISA boss sounds klaxon on China cyber-snoops, ransomware rackets
During an RSAC session titled "A World on Fire: Playing Defense in a Digitized World…and Winning", CISA Director Jen Easterly sounded the alarm on escalating cyber threats, stressing that businesses are now "on the frontlines of geopolitical conflicts".
Easterly highlighted the growing risks from financially motivated cyber crime groups like ransomware, which some estimates suggest could cost the global economy a staggering $10 trillion by 2024.
Moreover, Easterly warned of "China-backed threat actors burrowing into our critical infrastructure," weakening US defenses for potential future conflicts.
Easterly and former CISA chief Chris Krebs, now at SentinelOne, advocated for a "secure by design" approach as the common solution to combat both ransomware gangs and nation-state actors constantly probing for vulnerabilities.
However, Krebs noted the current voluntary nature of CISA's secure by design pledge, calling for stronger "levers" like civil litigation, regulation, and legislation to compel businesses to prioritize security.
"Companies need sturdier defenses and more proactive protection," Easterly emphasized, hoping defenders can responsibly wield AI's potential as "one of the most powerful weapons of this century."
Crypto kingpins spill beans on quantum calamities
The heavy hitters of the crypto world gathered for a lively panel discussion at this year's RSAC. Legendary codebreakers like Whitfield Diffie and Adi Shamir held court, dishing up key info on the latest threats and breakthroughs.
The recent claim that a Chinese researcher had cracked lattice cryptography sent shockwaves through the community. Shamir revealed the drama behind the scenes as experts scrambled to verify the potentially devastating findings, before breathing a sigh of relief when fatal flaws were identified just a week later.
A nail-biting "close call" according to the veteran cryptographer.
But the panelists weren't all nodding heads when it came to dealing with the quantum apocalypse. While recognizing the risks, Diffie and Craig Gentry, CTO TripleBlind urged calm, insisting the sky isn't falling just yet on lattice-based crypto schemes.
"We're back to the status quo," Gentry argued, though Tal Rabin, senior principal applied scientist and manager of the Cryptographic Foundation group at AWS and a professor of CS at UPenn, suspects the Chinese paper has lit a fire under researchers looking to poke holes.
The post-quantum migration debate also split opinion. NSA is barreling ahead with new standards, but Diffie questioned if the rigid timelines leave enough breathing room as scientists reshape assumptions.
Shamir had his typical curveball view: "If you need to keep secrets for 10 years, use RSA. If it's 40 years, don't use public key at all!"
Mandiant chief sounds alarm over evolving ransomware rackets
In his conference keynote, Kevin Mandia, CEO of Mandiant, pulled no punches on the escalating ransomware crisis facing enterprises.
"It doesn't feel like there's a lot of risks or repercussions to compromising the enterprises that we see globally," Mandia bluntly stated, pointing to the acceleration of offensive innovation by criminal groups.
While companies are taking steps to prepare for inevitable attacks by backing up critical assets and running breach simulations, Mandia said the number one question executives still wrestle with is "how long before we're up?" after systems are disrupted.
The ransomware gangs, however, show no signs of slowing their relentless evolution.
"It's just amazing to me. Now when you've been ransomed, it's more likely than not you will be extorted and it's more likely than not you will start getting other activities and communications from the ransomware actors," Mandia warned.
From data leaks to harassment campaigns, the crooks are constantly devising new ways "to create more pain" for victim organizations.
While defensive capabilities are progressing, Mandia's message was clear - despite all the preparation, ransomware remains an existential threat that the cyber world is still losing ground against.
