By Dain Oh, The Readable
Apr. 28, 2023 6:35AM GMT-7 Updated Jun. 7, 2023 5:32PM GMT+9
“Weekend Briefing” is a weekly newsletter that is sent to The Readable’s subscribers every Friday. Cybersecurity journalists for The Readable carefully select important news stories from the previous week and deliver them in a compact form. Topics encompass cybercrime, geopolitics, and privacy. There are no costs involved with a subscription, and some content, such as the monthly ransomware index report, is only available to those who subscribe to our newsletters.
RSA Conference 2023 ― San Francisco ― Hello! This is Dain Oh, reporting from San Francisco. Thoma Bravo, a software investment firm which manages more than $120 billion in assets, held a private gathering on Wednesday and assembled cybersecurity experts and investors in the Cyber Consortium that the company announced the launch of a week ago. The consortium consists of around 30 cybersecurity professionals, aiming to provide insights into the increasing number of threats. It is notable that a leading private equity firm has decided to drive such an initiative in cybersecurity.
Furthermore, two national leaders from the United States and South Korea released a joint statement on Thursday, reassuring their alliance in cyberspace and promising to establish a strategic cybersecurity cooperation framework between the two nations. The framework aspires to deter cyber adversaries, increase the cybersecurity of critical infrastructure, combat cybercrime, and secure cryptocurrency and blockchain applications. The leaders’ joint announcement shows how important cybersecurity has become to our society internationally and domestically.
The post-pandemic RSA Conference ended on Thursday, having attracted thousands of participants from all around the globe. I have included five news articles related to the event in this briefing. To read the original reporting, click each image. The Readable will publish more stories from the conference next week, including a recap report with in-depth insights about upcoming trends. Have a great weekend!
1. [RSAC 2023] Security aligns AI with human values
While the evolution of artificial intelligence challenges the self-perception of human beings, society needs to build identity security platforms by leveraging good AI, an identity expert said on Monday.
Rohit Ghai, CEO of RSA, analyzed that security comes first in the age of AI among the three main components of cybersecurity, along with compliance and convenience. Opening up the largest cybersecurity conference in the world with his annual keynote address, the CEO mentioned that compliance came first in the internet age, while convenience sat on top in the mobile and cloud era.
“Identity is the most attacked part of the attack surface,” Ghai repeated twice, emphasizing the exponentially increasing vulnerabilities of identity. “It is quite absurd that while the security operations center (SOC) and extended detection and response (XDR) solutions monitor the network and points of cloud infrastructure, they have no visibility into identity,” asserted Ghai.
2. [RSAC 2023] Human emotion should be at the core of cybersecurity training
Cybersecurity training needs to focus on human emotion as an essential element in making a visible change in people’s behaviors, according to a pioneer in security awareness and education on Tuesday.
Lisa Plaggemier, the executive director of the National Cybersecurity Alliance (NCA), a non-profit organization whose mission is to make cybersecurity more assessable to all parties, asserted that cybersecurity training should leverage human emotion and make connections with the people on the other side of the screen.
In the words of the expert, current cybersecurity training is going through an “epidemic of boringness.” Because the people administering the training are so focused on delivering the content thoroughly, they often miss out on making a human connection and fail to impact the actual security behaviors.
3. [RSAC 2023] Five Eyes calls for international coalitions to defeat ransomware
Cybersecurity heads of four nations that have been sharing threat intelligence under the alliance called the “Five Eyes” participated in the RSA Conference on Tuesday, asking for multinational collaboration to defend citizens from surging ransomware attacks.
The leaders asserted that all nations should participate in the International Counter Ransomware Initiative (CRI), which currently has 37 member states worldwide, and should not provide safe haven for cybercriminals.
“Ransomware is a matter of public safety,” said Felicity Oswald, Chief Operating Officer at the United Kingdom’s National Cyber Security Centre (NCSC), at a panel discussion held at the Moscone Center on April 25. Representatives from Australia and Canada joined the conversation and agreed with Oswald regarding the severity of the ransomware threats.
4. [RSAC 2023] Build government connections before cyberattacks happen, US Secret Service urges
Forming a partnership with law enforcement is essential to proactively respond to financially motivated cybercrimes, the United States Secret Service (USSS) expert asserted on Monday.
Matt O’Neill, Deputy Special Agent at the USSS Criminal Investigation Division and Head of the Global Investigative Operations Center (GIOC), stressed the importance of building a relationship with the government in advance while referring to the staggering speed of attacks.
Cybercrimes, which are currently associated with spear phishing and ransomware, have achieved a higher level of sophistication both in quality and pace and have developed highly coordinated networks worldwide, according to the USSS. To address these challenges, the agency has been leveraging partnerships with private companies.
5. [2023 RSAC] Skeptical mindset is vital for cyber incident response
It is crucial to keep a skeptical mindset in responding to cyberattacks, especially in the first several hours, according to cyber incident response professionals on Wednesday.
“If you are somebody who is thinking about getting into the incident response space, something that you will learn is that you have to be a skeptic,” said Lesley Carhart, the principal industrial incident responder at Dragos, during a panel discussion at the RSA Conference. “What we do a lot of times in the first 24 hours is to think about why it might not be as crazy and severe as it really is.”
According to the expert, who has been in the incident response profession for 15 years, skepticism enables incident responders to be cautious about confirmation bias, a tendency to lean toward the information that supports what one already believes in. “When you’re doing good science, you are always trying to disprove your hypothesis,” said Carhart. “That is what we are doing in incident response, too.”
Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.