Last week, security solution provider RSA held its annual RSA Conference (RSAC). RSA pitches the event as "the leading cybersecurity event across the globe." Although the cybersecurity-focused event features the most innovative technologies in the space, the event itself has a history of cybersecurity missteps (e.g. multiple USB malware incidents in 2010, app data leak in 2014). Unfortunately for RSA and its attendees, RSAC 2018 suffered similar problems.
At this year's RSAC event, app attendees originally reported, and RSA later confirmed that over one hundred first and last names of RSA Conference Mobile App users were improperly accessed. RSA confirmed the breach on Twitter:
Our initial investigation shows that 114 first and last names of RSA Conference Mobile App users were improperly accessed. No other personal information was accessed, and we have every indication that the incident has been contained. We continue to take the matter seriously and monitor the situation.
When compared to other newsworthy data breaches, 114 names (most of whom probably had no issue letting the world know of their attendance) probably isn't that big of a deal. While the breach itself wasn't too damaging, the fact that the breach happened to a mobile app for a world renowned cybersecurity event with an emphasis on securing the next generation of technology suggests that mobile technology might be outpacing our ability to secure it.
What's the moral of the story? Scrap mobile and cloud devices and head back to web-based solutions? Some have certainly suggested that, but that probably isn't realistic. Rather, sticking to best practices and taking a proactive approach to security is paramount. Further, don't set yourself up for a label that so many tech companies have been tagged with: "Do what I say, not what I do."