* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate/)
* [Public Sector](https://www.paloaltonetworks.com.au/blog/category/public-sector/)
* What the Cybersecurity In...

# What the Cybersecurity Industry Needs to Discuss at the RSA Conference 2020

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2020%2F02%2Fpolicy-rsa-conference-2020%2F)  
[](https://twitter.com/share?text=What+the+Cybersecurity+Industry+Needs+to+Discuss+at+the+RSA+Conference+2020&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2020%2F02%2Fpolicy-rsa-conference-2020%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2020%2F02%2Fpolicy-rsa-conference-2020%2F&title=What+the+Cybersecurity+Industry+Needs+to+Discuss+at+the+RSA+Conference+2020&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/2020/02/policy-rsa-conference-2020/&ts=markdown)  
\[\](mailto:?subject=What the Cybersecurity Industry Needs to Discuss at the RSA Conference 2020)  
Link copied  
By [Greg Day](https://www.paloaltonetworks.com/blog/author/greg-day/?ts=markdown "Posts by Greg Day")  
Feb 18, 2020  
7 minutes  
[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)  
[Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)  
[RSA](https://www.paloaltonetworks.com/blog/tag/rsa/?ts=markdown)

The [RSA Conference 2020](https://www.rsaconference.com/usa) is the world's biggest and most respected gathering of CISOs, technologists and cybersecurity specialists. As a new decade draws upon us --- and as the next conference convenes this month in San Francisco --- a new set of challenges is here.

Last fall, I had the honor of reading through 500 or so submissions from cybersecurity experts eager to take the stage at RSA 2020 (I'm on the committee that chooses presentations). What I learned offers a glimpse into emerging problems like deep fakes, stalkerware and surveillance attacks. Longstanding themes, including DevOps and ransomware, are gaining renewed importance.

If you're a business executive, watch out for these trends (or worries). They might affect your organization. Here are some of the biggest challenges that I was seeing based on the submissions, some of which will make the stage at the Moscone Center.

##### **Fakes and deep fakes are the new buzzwords.**

Deep fakes --- faked videos and audio recordings that resemble the real thing -- is a subject of interest for many experts. Anyone can download software to create deep fakes, offering many possibilities for malicious activity. A politician could be faked making a vote-losing comment before an election. A faked recording of a senior executive could order the accounts department to make a financial transaction into a criminal's bank account. New forms of "stalkerware," a type of spyware, tracks smartphone data from victims to build up a picture of their activities; this can be used to create faked videos, voice recordings or written communications. The security industry is still working out its response to this new threat.

##### **Smartphones are being used in surveillance attacks**.

With the growing use of banking apps and touchless payments, smartphones are becoming hubs for financial transactions. This has driven an increase in mobile surveillance attacks, which install tracking software onto phones to monitor people's behavior from their smartphone usage. That enables corporate email fraud, known as business email compromise. The more an attacker knows about a victim's activities, the easier it is to send them a trick email which gets them to download a file containing malicious code. Users need greater awareness of the dangers of mobile surveillance and the steps to counter it.

##### **Ransomware is getting more sophisticated as companies pay out.**

We saw lots of submissions about the evolution of ransomware and the cat-and-mouse game between attackers who are looking for clever ways to get around detection capabilities and defenders seeking new ways to block them. Instead of randomly encrypting any data they can, criminals are targeting high-value business data to encrypt and hold to ransom. In my view, ransomware is midway through its life cycle. We'll be talking about it for many years to come but will eventually have it licked as we sharpen our defenses.

##### **Supply chain attacks are on the rise**.

These are where cyberattackers inject code into a website --- often ecommerce or finance --- allowing them to steal data such as customers' personal details and credit card data. Adversaries have doubled down on this type of attack and have scored some recent successes. In 2019, a well-known British company was fined a record $241 million for a [supply chain attack](https://www.bbc.com/news/business-48905907). It was believed to have been mounted by the Magecart threat group. Other large companies have suffered similar attacks. More attacks are likely. Defenders must improve protections against rogue code and be ever watchful so they can identify and eliminate it.

##### **DevOps speeds up software development but increases security risks.**

DevOps is a transformational method of creating code that links development and operations together to speed up software innovation. DevOps contrasts with traditional forms of software development, which are monolithic, slow, endlessly tested and easy to verify. Instead, DevOps is rapid and requires lots of small, iterative changes. But this increases complexity and opens up a new set of security problems. With DevOps, existing security vulnerabilities can be magnified and manifest themselves in new ways. The speed of software creation can mean new vulnerabilities are created unseen by developers. The solution is to build security monitoring into the DevOps process from the start. This requires cooperation and trust between the CISO and the DevOps team.

##### **Emulation and decoy environments must be credible.**

Large businesses are looking to create "emulation environments" to track down unknown threats. These mimic credible servers and websites but are really there to lure in bad actors in order to observe their behavior and collect data about their methods. Decoys operate in a similar way. The challenge is to create emulation environments that are good enough to fool the adversary into thinking that it is a real-world server or website.

##### **Cloud incident response requires new tools and skills for in-house security teams**.

Organizations are used to dealing with cybersecurity incidents on their own networks. But when their [data is stored in the cloud](https://www.securityroundtable.org/a-cloud-security-strategy-that-executives-can-grok/), security teams can struggle. They don't have full access to security data, as this is controlled by the cloud provider. So they may struggle to distinguish between everyday computing events and security incidents. Existing incident response teams need new skills and tools to carry out forensics on cloud data. Business leaders should challenge their teams on whether they are prepared and capable to manage and respond to security attacks in the cloud.

##### **Artificial intelligence and machine learning**.

We have received countless papers on [AI and ML](https://www.securityroundtable.org/ai-and-machine-learning-do-you-know-the-difference/). These technologies are at an early stage in cybersecurity. Attackers are studying how networks are using ML for security defenses so they can work out how to breach them. They are looking at the way AI experts try to fool image recognition systems into identifying a chicken or a banana as a human. This requires understanding how the system's ML engine works and then figuring out ways to effectively deceive it and break the mathematical modeling. Attackers are using similar techniques to deceive ML models used in cybersecurity. AI and ML are also being used to boost deep fakes. They are gathering and processing huge amounts of data to understand their victims and whether a deep fake attack or fraud will succeed.

##### **Hardware and firmware attacks are back.**

There are mounting concerns over hardware vulnerabilities such as Spectre and Meltdown. These are part of a family of vulnerabilities, revealed in 2018, that affect nearly every computer chip made over the past 20 years. No serious attacks have taken place yet. But security experts are forecasting what could happen if a hacker were able to exploit such weaknesses in hardware and firmware.

##### **Power users need protection**.

Creating secure connections for senior executives and other top staff who have access to the most sensitive corporate data on their own devices is vital. What measures must be taken to keep them [safe](https://www.securityroundtable.org/phishing-isnt-going-away-heres-how-to-not-fall-prey/)?

##### **The security industry is finally taking action on DNS spoofing.**

IP addresses are the strings of numbers that identify computers on an internet network. The Domain Name System assigns a name to every IP address so it can be found on the web. DNS is known as the phone book of the internet. But bad actors can spoof these names, misdirecting users to compromised websites where they risk having data stolen. The industry has finally started to gather more DNS information to identify these problems and prevent DNS spoofing.

How we respond to these threats in the next decade will make for good conversations at the RSA Conference 2020. Hope to see you there.

*This post originally appeared on [Security RoundTable](https://www.securityroundtable.org/the-biggest-cybersecurity-risks-in-2020/).*

*** ** * ** ***

## Related Blogs

### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Palo Alto Networks Extends ISO 27001 Certifications](https://www.paloaltonetworks.com.au/blog/2020/09/policy-iso-27001-certifications/)

### [5G Security](https://www.paloaltonetworks.com/blog/network-security/category/5g-security/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### The Tools and Capabilities You Need for Securing 5G Networks and Data](https://www.paloaltonetworks.com.au/blog/2020/09/securing-5g-networks-and-data/)

### [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Vulnerabilities in Conferencing Tools: Much Ado about Something or Nothing?](https://www.paloaltonetworks.com.au/blog/2020/05/network-vulnerabilities-in-conferencing-tools/)

### [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Are We Prepared to Deal with the Impact of Cyber Threats on 5G?](https://www.paloaltonetworks.com.au/blog/2020/05/network-5g-security/)

### [5G Security](https://www.paloaltonetworks.com/blog/network-security/category/5g-security/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### The Right Approach to Securing 5G](https://www.paloaltonetworks.com.au/blog/2020/05/network-securing-5g/)

### [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### The Rush to Video Conferencing -- Are We Failing to Use Good Cyber Hygiene?](https://www.paloaltonetworks.com.au/blog/2020/04/policy-video-conferencing/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language