The first event of RSA week for me is the America's Growth Capital Conference where I’ve been a featured presenter on security topics for the past eight years. A few Mondays ago, which was security day at AGC, I was impressed to see that the number of participating companies had risen to a new high of 114 and would cover the spectrum of topics from advanced persistent threats (APTs) to mobile devices to security in the cloud.
I was asked to participate on a panel discussion around the issue of nation states and state sponsored cyber attacks, which is an area of great interest to me and a topic that Fidelis has been front and center on for the last several years.
While dealing with viruses and other malicious attacks from hackers has been under the purview of the CISO and CSO since the advent of the network, in speaking with my peers at RSA, many of them are now feeling overwhelmed by the increase in attacks emanating from nation states.
In our conversations it was clear to me that mitigating everyday threats in the form of a virus, worm, or botnet was one thing; taking on an adversary with a level of sophistication and unlimited resources made possible through private government funding was another. Simply put, they are being outgunned by the likes of China and Russia and are in desperate need of assistance.
Complicating matters were the other topics driving discussion at this year’s RSA conference that followed AGC: cloud, mobility, and big data. Enterprises are making a big push into these areas for the purpose of increasing productivity and streamlining operations. However, in the process, these are areas that are going to open more opportunities for state sponsored attacks and will certainly be exploited by those looking for financial or political gain.
Our corporate value in this country is largely based on intellectual property (IP) and for that reason, many enterprise level security officers are pacing the floors at night wondering what they can do to combat this level of threat. Unlike physical assets, once IP is stolen, it is gone for good and can severely weaken the value of a company. As an example, pharmaceutical companies spend billions on researching and developing drugs every year (95+ percent which will never make it to market) in the hope of finding a few successes. These successes fund the research and sustain company value. If the formula for one of these drugs was to be stolen and end up in Beijing, years of discovery will be meaningless as the market will be flooded with counterfeit options at a fraction of the price.
People are worried about security in this country and they have a right to be. The development of new business tools is also opening new channels to be exploited. The buzz at RSA was palpable and it was one the most well attended shows in years. Despite the wishes of some in an enterprise, the role of security is not going away. In fact, one could argue that it is really just beginning.