Hackers are real and they're going to kill you - apparently.
How are they going to kill you? Well, the possibilities are endless they could take down your entire country's critical infrastructure with malware. They could take control of connected cars and turn them into missiles. If you're in hospital, they could maybe turn of your dialysis machine or life support. Maybe they could explode entire city blocks (in some ill-defined way).
That we should all be very afraid was very much the message delivered in the first 20 minutes of the opening session of RSA Conference 2017. If you weren't familiar with the sales tactics of the information security industry, you may well have fled the auditorium to dig a bunker.
Underneath the hyperbole, though, there were some solid themes and grounded, realistic arguments.
As expected, IoT security and ransomware were flagship topics of conversation. Unsecured IoT devices were recruited into a massive botnet last year Mirai and it would have been remiss not to talk about that.
Similarly, ransomware is on the rise, thanks to its low-risk, high-reward nature and it was refreshing to hear people openly discussing the fact that, actually, sometimes it's easier and even cheaper for businesses to pay the ransom than not, even if they have other options. Negotiation is as valid an option (for businesses at least) as any other.
I was also pleasantly surprised to see the issue of nation state hacking tackled head-on. While this has been discussed before in more nebulous terms, normally in relation to alleged IP theft by China or ad-hoc attacks by North Korea, to hear Russia repeatedly called out for undermining the US democratic process was new.
Of course, the scenario is new in the US at least but with domestic political tensions as heightened as they are I suspected that speakers would be more circumspect in their allegations. Not so even chairman of the House Homeland Security Committee in the US spoke openly about it.
Aside from the keynotes and big ideas, I also managed to catch a bit of time on the show floor and fringes chatting to vendors and others in the community about the lay of the land within the industry right now.
What I heard, as I heard last year, was a lot of disgruntlement. In 2016 I was told of a coming "shakedown" to counter companies effectively just taking the Virus Total database and selling it on to customers. Apparently this has happened, but a number of vendors are still not happy.
The object of their ire now is something that was bubbling under last year too: decades-old tech being positioned as cutting edge. A true problem or jealousy amid vendors? Maybe a bit of both, but the impartial observers I spoke to seemed to lean towards this indeed being a problem of some significance.
So what can IT professionals and businesses take away from all of this? Well, despite the cataclysmic tone the security industry adopts for every new hack, there's actually a lot of hope.
Organisations mustn't be defeatist about their security operations preparing for the eventuality of a breach doesn't mean accepting it's inevitable - and businesses must still erect strong cyber security defences. But they must also be realistic: any cyber incident plan must incorporate both line of business and IT departments (or, at least, managers), with buy-in among all. And if there's a ransomware incident, make sure you know who will make the decision to pay or not. Trying to work that out on the day is not a good plan.
Finally, quantum computing and (more immediately) blockchain look like they will be able to offer new and more rigorous forms of secure data transfer and storage than the binary-based cryptographic systems we use now.
Security is a fast-moving sector and there's a lot to be excited about. But let's all calm down about the cyberpocalypse, for now at least.
Image credit: IT Pro/Jane McCallion
-
Meta just revived plans to train AI models using European user dataNews Meta has confirmed plans to train AI models using European users’ public content and conversations with its Meta AI chatbot.
-
AI is helping bad bots take over the internetNews Automated bot traffic has surpassed human activity for the first time in a decade, according to Imperva
-
Dell sells RSA security business to private equity firmNews Cash deal worth £1.6bn expected to close within the next 9 months
-
Why complex security plans mar business-IT relationshipNews Michael Dell talks security at first post-acquisition RSA Conference
-
C-suite and IT must collaborate for safer businessesNews "Business-driven security" is the name of the game at RSA Conference 2017
-
What to expect from RSA Conference 2017Opinion This year's security landscape means there's more to discuss than ever
-
RSA 2016: Weakened encryption compromises national securityNews Terrorists will move to other platforms, while criminals will exploit the flaws, claim speakers
-
ChewBacca malware steals data from retailers in 11 countriesNews RSA researchers uncover global malware operation that relies on ChewBacca keystroke logger.
-
EMC World 2013: Enterprise on back foot with cloud and mobile securityNews RSA chairman paints bleak picture of enterprise threat response.
-
RSA Europe: Privacy is stunting security says CovielloNews New cybersecurity methods and models needed to combat threats, says RSA chairman.
