The damaging SamSam ransomware attack against Atlanta last March -- and similar incidents that have cost municipalities and corporations millions -- are ironically helping information security professionals make a stronger case to management for investing in cyber insurance, according to Lastline co-founder and CTO Giovanni Vigna, in an interview with SC Media at RSA 2018.
"It's obvious that paying a lot of money to create very strong protection against cyber threats is something that is sometimes very different to sell to upper management because they see the expense and they don't see immediately the return on investment," says Vigna, also a computer science professor at the University of California, Santa Barbara. "But then when these incidents happen where municipalities lose millions of dollars, it's a good case to say, 'Hey, you could make a much smaller investment that would protect you from a vast swath of threats, and not incur...these expenses afterwards."
Vigna wide-ranging interview also touched on the current limitations of artificial intelligence, and how to overcome the cybersecurity workforce shortage through education and diversity efforts. He also offered a glimpse into two of his own conference sessions -- one about security shortcomings in the ultrasonic communications spectrum and the other about how his research techniques in automated vulnerability analysis have successfully uncovered multiple zero-day bugs in the Android operating system.