Like a persistent piece of malware that your antivirus product can’t wipe out, the annual RSA Cyber ​​Security Conference was back with a vengeance this year. But while the malware example is inherently malicious, the industry event seemed to stir goodwill and a positive message for the cybersecurity industry, starting with its theme for the year: “Stronger Together.”

Similar to many face-to-face industry events, RSA languished during the height of the pandemic, turning to an online-only presence as the Covid outbreak spread. But from April 24 to 27, San Francisco’s Moscone convention complex reignited again as the center of the cyber security universe. The sponsoring organization reported that this year’s conclave — its 32nd annual event — attracted “more than 40,000 attendees, including 650+ speakers, 500+ exhibitors and 500+ members of the media.”

This year’s event featured a host of distinguished speakers, including current and former elected and appointed officials from numerous foreign and domestic government agencies, as well as highly respected academics and researchers, and representatives from dozens of commercial and non-profit security organizations.

There were also some celebrity guests on hand, including comedian and actor Eric Idle, best known as co-creator of the famed comedy troupe Monty Python, and eight-time Grammy Award-winning country western star Chris Stapleton.

Rising Cybercrime Affects Security Industry Outlook

The mood was decidedly more upbeat than last year’s RSA conference, which scaled back to in-person attendance but drew just 26,000 visitors and saw layoffs among tech companies both in and around the cybersecurity field. And was impressed with the cut report.

What a difference a year makes. Describing the 2023 event, RSA Conference Senior Vice President Linda Gray Martin said, “The excitement and enthusiasm was felt in and around the RSA Conference throughout the week.” Given the enthusiasm of the crowded press and exhibitors, the exaggeration seems justified.

Driving the resurgence of attendance and interest in this quintessential security event was increased awareness of increasingly sophisticated threats, including new forms of ransomware and malware, and the nascent challenges and opportunities presented by generative AI and open source.

As always, RSA provided a convenient milestone for the release of new security products and services, as well as reports and insights focusing on the evolving threat landscape. Several reports published during the event highlighted vertical industries that are particularly at risk, including manufacturing, healthcare and finance.

AT&T Business released its 12th annual Cyber ​​Security Insights Report on RSA, filled with findings from its survey of 1,400 security practitioners in North and South America, Europe and Asia. Respondents were limited to organizations that have implemented “edge use cases” that include the integration of new technologies such as 5G, robotics, virtual reality and/or IoT devices. Not surprisingly, they found these respondents to be under constant threat of attack.

However, with the notable exception of the US SLED (state and local government and education) market, most of those surveyed were more concerned about incidents of distributed denial of service (DDoS) attacks and business email compromise (BEC) fraud rather than ransomware. . and other types of malware, or advanced persistent attacks (APTs).

The results may indicate that security professionals in edge-intensive industries, many of which are considered part of the critical infrastructure of their respective nations, are clearly out of touch with the magnitude of the threats they pose, including state-sponsored attacks. they are facing.

As the report’s authors conclude, “The use of cyber as a geopolitical weapon has forced government regulators and security leaders to become increasingly aware of the potentially devastating nation-state cyberattack. Yet the U.S. Construction management in SLED, and fleet tracking in transportation, are just the use cases for which nation-state cyberattacks crack the top three in perceived likelihood.

Another report released at the RSA event by cybersecurity vendor BlackBerry, its second quarter Global Threat Intelligence report, also showcased a number of specific industries that are drawing heavy fire from cybercriminals. These include healthcare, which encounters an average of 59 new malicious samples per day, including a growing number of new Emotet variants, according to the report.

BlackBerry also found that attacks against government entities, manufacturing and critical infrastructure were targeted by “sophisticated and sometimes state-sponsored threat actors, engaging in espionage and intellectual property operations”.

The company’s newly named CylanceIntelligence cyberthreat intelligence (CTI) subscription service, formally announced during RSA, reported that “crimeware and commodity malware are also frequently found in these critical industries.”

For a more in-depth look at BlackBerry’s findings, please watch the video interview with Ismael Valenzuela, the company’s Vice President of Threat Research, that I conducted during RSA. (Note: In addition to reporting for TechNewsWorld and other media outlets, I also serve as editorial director for BlackBerry.)

AI gets VIP treatment

Much of the discussion and subsequent coverage surrounding RSA 2023 involved the use of artificial intelligence (AI) as an increasingly powerful tool in the hands of both attackers and defenders.

While AI has been around in various forms for decades, its most notable success has been at the box office, usually playing Hollywood villains. Ever since the murderous HAL 9000 debuted in Stanley Kubrick’s 1968 screen adaptation of Sir Arthur C. Clarke’s “2001: A Space Odyssey”, AI has been largely typecast as a homicidal bogeyman in popular fiction. Is.

IBM’s Watson has worked hard to demonstrate more benign uses and behaviors of the technology, even to the extent of appearing as a contestant on “Jeopardy” in 2011. But the most recent and rewarding commercial acceptance of AI has come at the hands of leading cyber security vendors. CrowdStrike and Silence (acquired by BlackBerry in 2018).

Today, AI is practically a checklist item for endpoint security solutions, rapidly displacing older signature-based malware detection. However, the commercialization of generative AI tools using large language models (LLMs) such as ChatGPT in the past year has brought AI into the mainstream in ways Watson only dreamed of, impacting the technology’s usefulness across many fields of endeavor. Precisely exposed and fast tracked.

As predicted by many, one of the first malicious uses of these widely available AI tools has been to improvise phishing lures. Another report released in RSA, Zscaler’s 2023 ThreatLabz Phishing Report, confirms that AI tools like ChatGPT can improve phishing hit rates, ultimately making it easier to steal credentials. But those use cases may represent only the low-hanging fruit of AI for threat actors.

The report states, “New AI techniques and the emergence of large language models such as ChatGPT have made it easier for cybercriminals to generate malicious code, conduct Business Email Compromise (BEC) attacks, and develop polymorphic malware, making it easier for victims to Identify phishing.

As Forbes contributor Will Townsend pointed out in his RSA roundup article, discussions in and around tradeshows highlighted that AI has quickly become “a double-edged sword that will need constant sharpening” because it Rapidly deployed by both attackers and defenders.

Calyx is a leading provider of broadband communications access systems and software that helps broadband service providers (BSPs) provide Internet-related services to homeowners, renters and businesses.

The company, founded in 1999 and based in San Jose, California, provides cloud, software platforms, systems and services to BSP and has adopted an innovative strategy around industry standards that help BSP stay ahead of the competition while providing an advantage. helps and their clients.

The primary advantage of following industry standards is that it ensures interoperability. Calix leverages several independent guidelines to ensure that its equipment works seamlessly with other manufacturers’ products and hardware used by other BSPs.

Interoperability is essential in the broadband industry because it helps foster competition, innovation, and ultimately provide higher quality services to end users.

By complying with industry standards such as DOCSIS, ITU-T G.hn, and independent protocols such as the Wi-Fi Alliance certification program, Calix also warrants that its products and services meet the highest levels of quality, security, and reliability.

This approach is fundamental because the broadband industry is constantly evolving, and adherence to standards confirms that BSPs can keep up with these changes.

Furthermore, Calyx’s adherence to industry standards ensures that its products and services are future-ready. In the broadband industry, new protocols are constantly emerging, and following them ensures that BSPs can adopt new technologies when they become available.

By staying ahead of the curve in this regard, Calyx’s product and service offerings maintain relevance and competence to meet the evolving needs of BSPs and their customers.

Standard turbocharged services and stability

One of the most important benefits of Calyx’s strategy around industry standards is allowing service providers to offer a wider range of services to their customers.

For example, by supporting the Wi-Fi Alliance certification programs, Calyx allows BSPs to offer advanced Wi-Fi services such as Wi-Fi 6 and Wi-Fi 6e – and Wi-Fi 7, which is expected to debut in early 2024. Must be certified. These advanced Wi-Fi services offer faster speeds, better coverage and increased capacity, while providing a better overall experience to end users.

Calyx’s commitment to industry standards allows service providers to deploy new technologies more quickly and efficiently. The company’s support for DOCSIS 4.0 allows BSP to deliver gigabit speeds over existing cable networks without the need for costly infrastructure upgrades.

This approach helps BSP remain competitive by providing faster speeds and better services to its customers without significant costs.

Another benefit of Calyx’s strategy around industry standards is its ability to provide its customers with enhanced security and privacy features. By adhering to ITU-T G.hn standards, Calix ensures that its equipment uses advanced encryption technologies to secure communications over power lines, providing end users with a more secure and private broadband experience.

It should also be noted that Calyx’s approach to industry standards is in line with the company’s commitment to sustainability.

Calyx adheres to these independent protocols to ensure that its products and services are designed for energy efficiency and environmental friendliness. The company’s support for DOCSIS 3.1 allows BSPs to offer higher speeds while consuming less power, reducing their carbon footprint and contributing to a more sustainable future.

Another great example is Calyx’s commitment to industry standards for the TR-369 technical standard, also known as the User Services Platform, or USP.

TR-369 is described as an application layer protocol for remote management of connected consumer and enterprise devices by BSPs and end users. This standard is a follow-up to the TR-069 protocol, which was released in 2004 to help with remote management of modems, routers, and gateways at a time when households had no more than one or two PCs.

With today’s homes often containing 25 or more connected devices, the TR-369 provides greater scale in the ability to control lifecycle management of smart and IoT devices while also facilitating interoperability between providers.

closing thoughts

Ultimately, Calyx’s industry standard strategy is a significant advantage for BSP. By following these independent protocols, Calyx ensures that its products and services are interoperable, secure, reliable, future-proof and aligned with its sustainability commitment.

The ability to offer a wider range of services to its end users, as well as deploy new technologies more quickly, efficiently, securely and privacy-consciously, are key advantages for BSPs. Ultimately, a better overall broadband experience for end users results in fostering innovation, competition and a sustainable future for the broadband industry as a whole.

I recently hosted Bob Carrick, Global Strategic Lead of Calyx Cloud, on my podcast to explain why the company believes true industry standards are central to the long-term success of its broadband service providers and customers.

It’s an important dialogue that doesn’t deserve enough attention, especially in light of BSPs focusing more energy, resources and creativity on delivering greater value to their customers.

Since the dawn of the Industrial Age, industry standards have played an essential role in ensuring that infrastructure, products and services are safe, reliable and of high quality, while fostering innovation and interoperability.

Bizarre as it may sound today, it is difficult to imagine building a home, building, airport, or other public works project without standards that enhance scalability, faster production, cost efficiency, and safety.

Unfortunately, the benefits of these independent protocols are muted when one company controls the standard, forcing users to use its own products or services.

The Apple and Windows ecosystems are telling examples of two competing industry standards that force iPhone users to stay in the Apple ecosystem and forcefully deny Windows users the benefits of accessing text messages on a Windows PC. In that scenario, Windows users who own iPhones are penalized, thereby limiting their overall productivity.

An industry standard approach drives innovation in a way that is not possible if only one company owns the standard. It also has a differentiation advantage that allows BSPs of all sizes to customize their offerings for homeowners, renters and small businesses in a resource-efficient manner.

We need only look back to when the Bell System operated (eg, limited competition, high prices, sparse offerings and little innovation) before deregulation in 1982. 41 years. Are we going back to those days? Not if Calyx can help it.