RSA Conference, the world’s leading information security
event, was held last week in San Francisco. More than 36,000 attendees, 704
speakers and almost 660 exhibitors gathered to present new cybersecurity ideas,
products and presentations. Expert Insights attended the show to bring you the
biggest talking-points and industry trends from the world’s leading IT security
We also met with innovative and unique security vendors
across a range of different cybersecurity solutions to discuss issues like skills
gap in IT, the importance of vulnerability intelligence and risk management,
why organizations are still struggling with the cloud, and more. You can check
out these interviews here: www.expertinsights.com/insights/interviews
Here is our round up of the key themes and takeaways from this year’s RSA Conference:
The Human Element
The key theme of the show this year was the ‘human element’. In the opening keynote of the keynote, RSA President Rohit Ghai outlined why this theme was chosen. He spoke about the growth of AI and it is being used to streamline data analysis and make security analysts and the SOC more effective, but also how it’s being used by attackers, to streamline the attack process. In this joint use, AI is not making the human element redundant, but more important than ever in the cyber security process.
Continuing the theme of the Human Element of cybersecurity, Microsoft’s CVP of cybersecurity solutions Ann Johnson delivered a keynote about how security teams can create a culture where people remain your best cybersecurity defence, even in our new era of malicious AI and cloud based threats.
In RSA’s 2020 Digital Risk Report it was found that data privacy risks were one of the top three biggest threats facing organizations, so it’s no surprise this featured as one of the key themes at this year’s show. The CEO of the Future of Privacy Forum, Jules Polonetsky delivered a fascinating talk which considered the relationships and trade-offs between privacy and security, and why security teams need to make sure that the way they use data to protect user data is ethical.
Polonetsky also debated the need to balance the use of data to develop new technologies and innovations, and the importance of making sure that data usage is properly regulated and accounted for, as well as taking a Q and A to discuss some interesting points on the issue of data privacy in the modern age.
The ‘When Privacy Meets Populism: How People Are Influencing the Data Debate’ panel also covered data privacy issues including facial recognition technologies and new privacy regulations coming into force around the world, and the impact this will have on the security industry.
The Global Threat Landscape
What are the new and emerging threats, and how can we stop
them? These are two of the most important questions for security teams, and of
course were a big focus at RSA this year.
One of the most interesting panels of the show covered the five biggest new cyber security threats and how to stop them, hosted by the nation’s top expert on mobile forensics, the director of the Internet Storm Centre and the top hacker exploits expert in the US. These threats included increased use of command and control tools for compromised systems, operating system exploits and new deeply persistent attacks.
One example of these persistent attacks were malicious USB cables – yes cables, not sticks – being used to transmit malware. Panellists also discussed the threats from smartphone compromise and the vulnerabilities facing organizations now that the enterprise perimeter is disappearing.
Another keynote from the show covered different attacks in the current global threat landscape, diving into specific, real-time examples of threat actor activity from both nation-states and criminal groups, with insights from Dmitri Alperovitch, the co-founder of endpoint protection vendor Crowdstrike. Top threats included ransomware, with threats coming from both nation-states and sophisticated criminal organizations.
One of the most interesting and unique talks came from Wendy Nather, Head of Advisory CISO’s at Cisco. She covered the need for security organizations and teams to adapt to the democratization of technology and see users as powerful industry drivers, rather than just seeing users as the ‘weak link’ that need to be protected.
Nather argues that security needs to be democratized, by building a more collaborative security model, simplifying security tools, and creating a more open security culture. You can watch the full keynote here: https://www.rsaconference.com/usa/agenda/we-the-people-democratizing-security
Policy and Government
The final key takeaway from the show was the increasing impact of cybersecurity on governments and policies, including the increased risk of cyber warfare on government and enterprises from rogue nation states.
Admiral James Stavridis, a US Navy officer and former NATO Supreme Allied Commander, and Prof. Juliette Kayyem from Harvard’s Kennedy School and CNN security analyst, spoke in depth about the biggest and emerging new cyber security threats to US national security, democracy and industry.
Here are some other highlights from the show:
Matthew Clapham, Director of Cybersecurity, GE Healthcare covers how GDPR is not a burden to security organizations, but can enhance feature sets. He offers a possible mapping of privacy rights to feature sets to help organizations meet GDPR and other impending data regulations.
Dawn Cappelli, VP Global Security and Chief Information Security Officer, Rockwell Automation and Roy Gundy, Head of OT Cyber Security, Johnson & Johnson take us through the ten most important steps to securing your IT environment.
Elie Bursztein the head of the Security and Anti-Abuse Research team at Google, takes us on an interesting tour of the emerging trends in malicious documents and threats against users within Gmail. Every day Google analyses billions of email attachments to discover and prevent email threats, and this talk outlines what these threats are, and what Google is doing to stop them.
If you’re interested in more coverage from RSA, look out for Expert Insights’ own interviews with leading RSA vendors, to be published soon at: https://www.expertinsights.com/insights/interviews/