(Credits: Jeffrey Hazelwood/CNET; Getty Images)
Security professionals and observers are on the way to one of the biggest annual cybersecurity events, the RSAC Conference in San Francisco. RSAC is happening a little earlier than usual this year, in March instead of April or May. It kicks off bright and early on Monday, March 23, and concludes on March 27 with a closing celebration featuring actor Hugh Jackman.
We'll be there, covering all of the big news and important discussions about the future of online security (and hopefully getting a selfie with Wolverine). Until then, here's a sneak peek at some of the stories we're following before the conference kicks off.
The Psychology Powering Social Engineering
Online scammers are like kids’ birthday party magicians: Once you see how the tricks work, the magic disappears, and they’re just a person shoving a rabbit into a fedora. With that in mind, we look forward to learning all about scammers’ manipulation and persuasion tactics from Randy Rose, a vice president of security operations at the Center for Internet Security. At RSAC, Rose will present a session titled “Mental Malware: Why the Human OS Keeps Getting Hacked.” We expect the presentation to examine human biases, emotions, trust issues, and other psychological factors that tech-assisted criminals use to manipulate all of us online, through our phones, and via screens.
When we understand the human psyche a little better, we may detect deception more often when scammers contact us via spammy phone calls, phishing emails, or text messages, helping us avoid scams. To get a head start on this discussion, check out our article about the most dangerous scams to avoid this year.
AI as Therapist—What Could Go Wrong?
AI chatbots are emerging as unlikely confidantes for survivors of domestic violence, providing online care that comes with little comfort and a lot of privacy and security risks. On Monday, Dr. Diana Freed and Julio Poveda from Brown University will present a structured discussion about the privacy problems chatbots pose at a foundational level.
We also expect to hear a great deal about the dangers these chatbots pose to the safety of at-risk individuals. The team may offer suggestions from healthcare professionals and AI industry experts about securing AI systems. After all, Dr. Freed’s background is in AI governance relating to sensitive populations. We’re curious to see whether Dr. Freed and Mr. Poveda believe there is a future in which these chatbots can be used safely as confidantes, or if the risks are too great, even with stronger protections in place.
Fighting the Rise of Elder Fraud
Also on Monday, we’ll hear from a couple of cyber industry giants: Rick Swenson, managing director at TIAA, a financial services company, and Lisa Plaggemier, executive director of the National Cybersecurity Alliance, about how to protect elderly people from online scams.
We last spoke to Plaggemier for an article about AI-generated tax scams, and she recommended changing how we interact with media online, such as taking time to verify a message sender’s identity before responding and hovering over links to determine whether they are valid before clicking. We expect a business-focused discussion at RSAC that educates customers and helps them change how they interact with products to prevent future successful scams.
The "Black Box" Problem, Explained
On Thursday, we plan to attend a presentation by Mitch Ashley, VP & Analyst at Futurum Research, to ask a question that’s long been on our minds: “Can or will we secure AI?” We’re anticipating a nuanced discussion on why AI hasn’t been able to be secured like other emerging technologies, and we’re interested in hearing what Mr. Ashley thinks the next logical steps are to make it safer.
We think he will touch on the “Black Box” problem of AI, which is that, unlike a linear program that can be analyzed at every step of the process, you cannot view the logical thread of every single decision an AI makes with 100% certainty due to the dynamic way in which a neural network works. The nature of the black-box problem is what many consider an impossible hurdle in truly securing AI against traditional attack vectors.
We’re interested in Mr. Ashley’s proposed solution to this problem and whether it will hinge on AI as a verifier. If it does, we’ll want to hear his take on issues of AI recursion and how an AI verifier or auditor could be proven as trustworthy. Mr. Ashley’s talk hints at ways forward beyond traditional models, so we’re especially looking forward to any novel solutions he may present.
Breaking Biometric Security
One of the final talks on Thursday is by Jake Moore, ESET’s Global Cybersecurity Advisor, on how flawed facial recognition systems can be. This demonstration-based presentation will feature real-life scenarios of Moore bypassing, breaking, and hacking various forms of facial recognition. We anticipate the talk to begin with a showcase of a special set of smart glasses that Moore has configured to identify strangers in real time.
We believe the demonstrations will continue with a display of how security systems using seemingly secure facial recognition software can be defeated with what Moore claims are free AI tools accessible to anyone. We expect Moore to expose the cracks in facial recognition systems and to pose some interesting questions about the consequences of his findings in a world increasingly reliant on the technology. We have our own thoughts on the dangers of face ID, so we’re curious to see where Moore lands on the issue.
Get Ready for a Week With Security Geeks
We'll be at the conference all week, so be sure to bookmark our RSAC page for the latest news as it happens.