Last week, members of the Merritt Group Security Practice group participated in Zero Day Con D.C., as part of the nation’s largest cybersecurity festival D.C. CyberWeek. This independent conference consists of keynote speakers, panel discussions and interactive learning sessions that came to Washington, D.C. thanks to support from Strategic Cyber Ventures, a venture capital firm specializing in cyber investments. Themed “Hacking Democracy,” this event marked the first time the Con has been held in D.C. since its inception in Dublin, Ireland two years ago.
The day-long lineup provided a platform for cybersecurity executives and all defenders of democracy to learn from the industry’s leading experts about cyber trends and how to best address today’s security challenges. Though discussion topics varied, five themes were consistent during the day’s speeches and panels: big data, data privacy regulations, Industrial Control Systems (ICS)/Internet of Things (IoT), the growing size of the cybersecurity industry, and, finally, the issue of skills shortage in the cybersecurity workforce. Here are some key takeaways for each topic:
Harnessing and Analyzing Big Data Is the Next Challenge. In his opening remarks, Ronan Murphy, CEO of Smarttech247, highlighted that we’ve created the same volume of data in the last two years as had been created since the beginning of time up until 2016. Businesses with a strong cybersecurity strategy will increasingly look to machine learning and artificial intelligence (AI) to harness and aggregate big data to uncover patterns and detect threats more quickly.
Data Regulation Policy Will – and Must – Continue to Evolve. Panelists urged listeners throughout the day to evaluate the U.S. public’s risk acceptance culture, claim ownership of personal data and invest in platforms that give users more control of their identity. As far as governing bodies are concerned in this movement toward greater privacy, regulations like the EU GDPR provide core principles that force companies to think about and treat data differently. During a “Future of Privacy and the Digital Identity State” panel, Michelle W. Cohen, Practice Group Leader of Ifrah Law, emphasized the need for a national standard for privacy protection – and that it is long overdue. She predicts that there will be a big push to federalize data privacy once the CA Data Privacy Act – which will give consumers more control over their personal information online – takes effect and that additional states will follow suit.
Industrial Control Systems IoT Attacks Are a Top Concern. Gartner predicts that 12.86 billion consumer IoT devices will be deployed by 2020, which is a greater number of connected devices than humans in the world’s total population. When it comes to IoT in the supply chain or smart manufacturing and factories, this means increased attack surfaces, for both rogue actors and nation-state sponsored attacks. Many ICS systems also run on older infrastructure that is not easily updated, as there can be no downtime for systems such as power grids or water plants. It’s critical to closely manage these risks and better secure these systems.
The Cybersecurity Industry Is Only Continuing to Grow. As widespread technology adoption and innovation continue, so does the need for cybersecurity. To quote Cybersecurity Ventures’ 2018 cybersecurity market report: “In 2004, the global cybersecurity market was worth $3.5 billion — and in 2017 we expect it to be worth more than $120 billion. The cybersecurity market grew by roughly 35X over 13 years.” On the flip side, the cybercrime industry is growing rapidly too and is a booming economy. Cyber professionals must continue to work together on the big picture of addressing pressing cyber issues and vulnerabilities, rather than focusing solely on generating income for their corporation’s product or service.
The Cyber Skills Shortage Is a Problem. A recent report from Cybersecurity Ventures reveals that the cybersecurity industry will have 3.5 million job openings by 2021. The 100 percent employment rate demonstrates how hot the cyber market is right now. Unfortunately, gender balance and diversity remain a huge issue and women currently only make up 20 percent of the cybersecurity workforce. The fourth and final panel of the day, “The Future of Security Tech and Cyber Teams We Need - Responding to Future Attacks,” discussed this problem. Pascal Luck of Principal, LM Tech Strategies, LLC pointed out that talent exists everywhere, but the question is “How do you find it?” Our client, Cybrary, which provides free online training for aspiring cybersecurity and IT professionals, was mentioned by venture capital investors during this panel as a great resource to help combat the ever-present skills shortage.
While it’s clear the cyber community faces considerable threats and challenges, the overall message from Zero Day was one of optimism. Attacks are increasingly sophisticated, but anti-virus and threat detection software is also faster and more precise than ever before. Cyber professionals have become well attuned to the “playbook” that threat actors are using and can increasingly use resources to identify and remediate threats in real time.
With so many tremendously talented individuals in the industry, cybersecurity innovations are constantly coming down the pike. It’s our job to empower each other as a community of defenders to innovate and discover the most needed security solutions. Zero Day Con taught us that the future is bright for cybersecurity professionals as long as we’re willing to continue to learn, collaborate and face challenges head-on together. Until next time, D.C. CyberWeek!