Three Things We Learned at RSA 2015

This year’s RSA Conference was bigger than ever. The Pindrop team stayed busy speaking to current and future customers and partners at our booth in the South Expo. We also took the opportunity to bring many of our partners and customers together for two networking events: our Cybersecurity Whisky Tasting with Felicis Ventures at AQ’s Whiskey Room and a great night out at the ballpark to watch the SF Giants beat the LA Dodgers on a game-winning sacrifice fly.
We’re just starting to recover, which means its time to reflect on what happened this year, what we learned, and where we go from here.
1. Security Has A Long Way To Go
Many RSA attendees felt there was a “pall of darkness” over this year’s event. There was certainly some literal darkness, with Amit Yoran’s opening keynote. But more than that, it seemed like everyone was talking about the ways that security has failed over the past year. At the 451 Research Breakfast, Research Director Wendy Nather asked why we in the security community are celebrating when we’re not doing a very good job?
2. Breaches Are Only the Beginning
2014 may have been the year of the mega breach, but 2015 is the year that we start seeing the wide-ranging effects of all these breaches. In Wednesday’s “Gumshoes Part Deux” session, security journalists, including Brian Krebs, discussed their reporting on data breaches, and the need for more threat intelligence across enterprises. “Failure to share information in a timely way causes a lot of problems” noted Krebs.
Pindrop has been monitoring the exploitation of breach channel in the call center, where data acquired from a breach (names, addresses, SSN, health records, etc.) is used to mount further cross-enterprise attacks. Krebs has used the Home Depot breach as a great example of this. Fraudsters bought Home Depot’s information on the black market, then used it in social engineering attacks on several bank call centers.
3. Know Your Enemy, But Also Know Your Customer
In the Pindrop booth, we found ourselves discussing how to verify authenticity as much as how to detect fraudsters. The focus is on streamlining the verification process, both in terms of call time reduction making the process less visible for customers – the intersection between security/fraud and customer experience. Check out our authentication presentation on Slideshare for more information.
So a good time and a productive time had by all – see you next year!