During the 15th annual SecureWorld conference in Atlanta, professionals gathered to discuss current threats, attack vectors, and concerns in cybersecurity.
Here are some highlights from discussions we heard:
The world's most valuable resource is dataIn a May article by The Economist, data is named as the world's most valuable resource, surpassing oil.
David Keating, who spoke during an 8:30 a.m. session on Day 1, referenced this article and explained how the data analytics industry will grow to $203 billion in revenue by the year 2020.
"We need to think of data as a regulated asset," Keating says, with both regulatory and analytical frameworks in place.
The GDPR, coming into effect one year from now, will take huge strides in data regulation within Europe and the organizations that do business there.
But what about apps that listen to other devices for advertisers? Or the settlement VIZIO was forced to pay after the FTC discovered the TV company was illegally collecting viewing histories without users' consent?
It's not only important to understand the technologies behind these data collection practices, but also to understand how the data is being used if we are at all concerned with protecting our privacy.
After all, Keating points out, you don't just unidentify data by removing the name.
"In today's society, most people deal with security by keeping their fingers crossed," says Ariel Siegelman, President of DRACO Group, a security training and consulting firm.
This is also true when dealing with terrorist attacks, especially as they become increasingly more prevalent across the globe. People are still going to concerts, attending parades, and leaving their houses in general, all the while crossing their fingers that nothing bad happens.
"I think security is all about seeing your potential negative future and doing something about it to try and stop it," Siegelman explains in his 11:15 session on Day 2.
His three pillars of security are equipment, protocols, and training - much like the requirements for a good terrorist response program.
In both cases, having the right equipment to protect yourself, having protocols in place to deal with an attack, and having the proper training to mitigate and stop the attack are crucial.
"Traditionally, defense has been asymmetrical to the attack," explains Jaeson Schultz, Technical Leader at Cisco. It's much cheaper to defend a network than it is to attack one.
Defense methods are also often evolving out of a response to an attack that is new and sophisticated, rather than the other way around.
"If attackers are using best practices, we need to be using best practices for defense," he explains. This includes knowing exactly what's on your network in order to properly secure it.
Often times, threats are evolving based off of old attacks. Schultz explains how, like fashion, exploits get recycled and repurposed to come back around.
In order to properly stay ahead of the curve, it's important to know past attack vectors, present threats, and be able to anticipate what may come in the future.