Cybersecurity conferences – Osterman Research https://ostermanresearch.com Insightful research that impacts organizations Mon, 10 Mar 2025 04:10:14 +0000 en-US hourly 1 https://i0.wp.com/ostermanresearch.com/wp-content/uploads/2021/01/cropped-or-site-icon.png?fit=32%2C32&ssl=1 Cybersecurity conferences – Osterman Research https://ostermanresearch.com 32 32 187703764 National Security 2030: Social Media and Emerging Cyberthreats – the RSAC2024 files https://ostermanresearch.com/2024/05/18/rsac2024-national-security/ https://ostermanresearch.com/2024/05/18/rsac2024-national-security/#respond Fri, 17 May 2024 21:22:02 +0000 https://ostermanresearch.com/2024/05/18/rsac2024-national-security/

We attended Jenny Reich’s session early Monday morning at the RSA Conference. She talked about how social media and other emerging cyberthreats challenge the principles and practice of national security.

Key takeaways:

  • The internet and consumer technologies have created non-traditional threat actors that challenge existing national security paradigms. Aligned with this is the outsized role that private sector firms have in redefining national security.
  • There is little regulatory oversight of social media. Given its growing role in national security, this will need to change.
  • There are many current cyberthreats across social media platforms to national security, e.g., spycraft, information chaos, digital authoritarianism, etc.
  • There are new and emerging threats that we don’t fully understand yet, e.g., magnification, subversion, opening the floodgates, etc. See mind map above for further details on this.

Thanks to @Jenny Reich for an informative session that gave much to think about at the start of RSAC 2024.

]]> https://ostermanresearch.com/2024/05/18/rsac2024-national-security/feed/ 0 4599 RSA Conference 2024 – getting there https://ostermanresearch.com/2024/05/06/rsac2024-sunday/ https://ostermanresearch.com/2024/05/06/rsac2024-sunday/#respond Sun, 05 May 2024 22:30:37 +0000 https://ostermanresearch.com/2024/05/06/rsac2024-sunday/ Our visit to the RSA Conference in San Francisco started with a conversation on the plane with the C-level executive of a mid-sized organization about BEC incidents, phishing threats, and cybersecurity awareness training. With respect to BEC incidents, one of their customers suffered an email thread hijacking incident that resulted in $500k due for payment to the executive’s company being redirected to a threat actor’s bank account. When the executive’s company hadn’t been paid after three weeks, questions were raised. The error sat with the customer; after compromising an email account  at the customer’s organization, the threat actor had watched email patterns over several months and observed a regular payment request, and then inserted a new email in an existing thread that asked for a change payment details. 

In terms of phishing, the executive commented that this continues to be a problem, but thanks to new cybersecurity awareness training over the past 6 months, staff have become more adept at spotting threats. He acknowledged that he had failed a recent cybersecurity awareness test, but anyone who complains to the security team about the realism of training is sarcastically told that the team will “ask the hackers to be more obvious in their attempts.” He said state-sponsored attacks scare him the most and that he would prefer to be ignorant of all such threats. 

Such a story (and undoubtedly there were others if we had interviewed everyone on board) sets the importance of cybersecurity for all organizations and hence the importance of the conversations about to happen at RSAC24 this week. 

On a travel related note, the flight across the Pacific was one of the most bumpy flights we’ve ever encountered. Thank you to Air New Zealand for navigating the turbulent weather pattern and its shocks throughout the night. It was like a free visit to the roller coasters at Disneyland.

]]> https://ostermanresearch.com/2024/05/06/rsac2024-sunday/feed/ 0 4596