5 Takeaways RSA 2018
As more than 50,000 people descended upon San Francisco to learn about more cybersecurity, the event could easily just pass out of mind in a blur of booths, faces, slogans, and jumbled snippets of information. I think it is important to take a step back to absorb all the incredible information that was shared over the course of the week. The conference has certainly evolved from being a small cryptography conference in the 1990’s to one of the premier cybersecurity events in 2018. These 5 takeaways are what I believe to be the most important issues discussed during the conference:
1. Cybersecurity Resources Are Lacking
The lack of cybersecurity resources is more evident than ever in organizations, despite increasing demand. In an ever-growing field, the talent pool continues to decline. Internal resources are beyond taxed because no in-house security team can work 24/7. Only about half of organizations report they can fill cybersecurity positions in under six months. Fewer than one in 10 organizations say they can speedily fill positions within a month of vacancy.
2. AI is front of mind for organizations in their data security posture.
Automation and machine learning dominated the majority of Artificial Intelligence (AI) discussions at RSA this year. It seems that this event will be at least one of the starting points of adoption. The reason being is that cybersecurity departments are already stretched very thin, referencing our first takeaway above, with the overall population of cybersecurity departments’ simply not having the bandwidth to do more. If you can automate your environment in a safe and compliant way, then your organization is a whole lot less dependent on the human factor.
3. Securing IoT is front and center, mobile is not.
Securing IoT was certainly the hot topic. From understanding data repository leaks, to blockchain crypto-mining, to vulnerable industrial code, organizations wanted to understand more about how to secure their IoT devices. However, what was baffling to me was how the security industry has moved past securing mobile devices as evidenced by the lack of conversations and sessions. Mobile is one of the larger arenas to secure for organizations. Why are more people not talking about mobile security? Exploiting the devices leads to personal information of the user and potential access to sensitive data that organizations are so desperate to protect.
4. Data Breaches are resonating with cybersecurity departments in ways they never have before.
From RSA, Facebook will serve as a catalyst for a US version of the GDPR (Global Data Protection Regulation). Let recent personal data exposure be a prime example of not being good stewards with customer data. This exposure of personal data is way more dangerous than what is being advertised. Had the GDPR been in effect, the recent exposure of personal data would be looking at even steeper fines than they are already potentially facing with regulatory bodies, which could be trillions. How will we in the US demonstrate good faith to keep up with these concerns around the globe?
5. Nation-state attacks are on the rise.
These attacks are focused on the core infrastructure of the utilities that our communities rely on every day – e.g. water systems, power grids, cell networks, etc. These threats are more present than ever, but unless you work in a governmental capacity, you will not be aware of the attack until your electricity isn’t working, for example. Right now, the financial sectors are seeing the most concentrated attacks outside of government agencies. As far as the future is concerned, smart cities offer the widest attack surface yet.
- Innovation sandboxes need center-stage to test the efficacy of cybersecurity solutions before deployment.
- The future of data security revolves around encryption and tokenization. Tokenization is the key technology to secure data “in use” while layering it with encryption in transit?
- There are some great things happening in cryptography. Quantum computing and homomorphic encryption are burgeoning, but need more testing in an active application.
- Machine learning and AI is here to stay. With the lack of cybersecurity resources, automation will be a massive aid with the awe-inspiring amount of data organizations are and will process. This is an asymmetrical fight that will require automating detection, response, and data handling.
- Deception technologies like honeypots are tremendously helpful in learning how cybercriminals are attacking your environment.
TokenEx is the enterprise leader in data protection. Follow us on Twitter and LinkedIn. Ulf Mattsson is the Head of Innovation for TokenEx, and he is the inventor of more than 55 patents in the areas of Encryption, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention.