It has always been my wish to check out a security conference outside of North America.
Security as a global field of practice, often requires global collaboration to operate efficiently. I am interested in identifying what regional differences will I see in AsiaPac. Is the conference content comparable the ones in North America? Do fellow practitioners and colleagues in AsiaPac share the same perspective and insights? Among the biggest security conference/expo- RSA and Blackhat, both host an Asia Pacific version of their events. I am here at RSA Asia Pacific & Japan 2019 to find out what a security conference outside of US would mean.
RSA Asia Pacific & Japan 2019 is happening at Marina Bay Sands Expo in Singapore. From July 16 - 18, the event attracts close to 1,000 attendees and 90 exhibitors. The conference has been a successful venture of RSA (now Dell) to gather regional security professionals to share their thoughts, experience, and perspectives. I will be blogging my experience throughout these three days, hoping to share some insights of what I have learned.
The first day of the event was filled with
half-day industry seminars and
conference kick-off/welcome messages. I managed to attend three industry seminars throughout the day.
The first seminar focused on
management and innovation for the near-term future in 2025. An Australian security firm, Telstra, released its
security report 2019 pointing out similar patterns and trends discussed in similar global security reports. This year, of notice, however, was the increasing board visibility on security topics. The report cited 50% of CISO were providing weekly updates on security to the board. Meanwhile, many CISOs were still reporting to the CIO - indicating many enterprises still perceived security as an IT topic rather than a business-execution (CEO) topic.
The second seminar focused on
resilience and threat intelligence.
Global Resilience Federation was on stage to advocate the importance of sharing threat intelligence among sectors and practices. The talk focused on showing examples of how common cybersecurity threats work in practice, with live demo of how to retrieve an attendee's password from different data leaks in LinkedIn or Yahoo, for example. Threat intelligence and data leaks continued to be a hotly-debated topic. This area of practice was also where the white-hat and black-hat intersect. Different countries and law enforcement agencies were taking control over trading in the dark web. Nonetheless, the speaker argued these
shutdowns were inefficient as new sites would soon be created for this lucrative market.
The last seminar had a specific
focus on financial fraud. Digital Shadows presented a series of its research and white-papers on digital risk. According to its
Business Email Compromise report, it claimed much comprised information was always out there. Asia Pacific was the third region, after North America and Europe, most susceptible to compromised information.
To summarize my first day experience, I have to admit the content shared has more similarities to North American conferences than differences. Though, I observed more than one presenter mentioned
credential stuffing as a contributing factor to incidents and breaches. This was in contrast to citing human factor as the dominating weak point in breaches couple years back. Meanwhile, the push for multi-factor authentication appeared in many conversations as a good defense against credential stuffing and breaches. Once again, MFA had always been on the table, but gained more visibility in the conversations I had seen today.
Look forward to tomorrow, for yet another day of security. ;0)