Missed out on the RSA 2018 Conference?
If you missed out on the 27th annual RSA conference in San Fransisco, fear not. There’s always next year.
In the meantime, you can catch up on some of the event highlight reels and speaker sessions and presentations available on YouTube and the RSA conference website (see links under the resources section below).
Ascension Global Technology CEO, Delta Munoz, was one of the 50,000 strong cybersecurity and business professionals in attendance at last week’s premier infosecurity event.
The annual RSA conference is an opportunity for professionals to convene, learn, and converse about the next generation of security and technologies.
This blog presents some of the key take home messages our CEO gleaned from the opening keynote presentation.
Day 1 Opening Address
The opening keynote presentation by RSA President, Rohit Ghai, was encouraging and set the tone and underlying theme for the conference: cybersecurity silver linings. While security professionals face a multitude of challenges, we ought to highlight and celebrate our successes, acknowledge the progress that has been made and look forward to the future.
Cybersecurity is getting better, not worse
The future of cybersecurity is promising. The security community is getting stronger, moving faster and working collaboratively and there is a growing focus on developing cybersecurity talent and fostering diversity. New technology innovations and Security DevOps are moving from security that is “bolted on” as an afterthought to security that is being built in to the heart of the software development process.
No silver bullets in cybersecurity
The silver bullet solution in cybersecurity is a fantasy. It is better to focus on getting the big things right, while not ignoring the little things. Ghai advised security teams to double down on their strengths, study the terrain, anticipate the adversary and focus on the psychology of defense in addition to the technology of defense.
Small, consistent security improvements matter
Forget about aiming to be “perfectly unhackable someday”. Instead, aim to make small but consistent, incremental security improvements every day that cumulatively add up over time. This “aggregation of marginal gains” approach to cybersecurity can result in enterprises becoming a little safer everyday.
Diversity is key to a strong security posture
A strong security posture requires people with different perspectives in an inclusive environment where diversity is embraced.
“Businesses and organizations that are unable to attract diversity in gender, race, national origin, religion, orientation and ideology will struggle to get security right” – Rohit Ghai, RSA President
Complacency and recklessness is the enemy
Risk is in and of itself not the enemy, according to Ghai. Too much or too little risk is the enemy. Organizations can manage digital risk by staying in an acceptable risk zone through business driven security. Ghai refers to this zone as the “Goldilocks zone” of risk that lays between complacency and recklessness.
Learn like the Tesla fleet
Ghai uses the example of Tesla cars and the entire Tesla fleets ability to learn how to avoid a pothole when one Tesla drives over the pothole. Similarly, we need “Fleet Learning” in cybersecurity. As a community, our approach to cybersecurity should be collective. Collaboration needs to take place across teams within organizations – beyond the security and risk teams – and across organizations Initiatives such as the Cyber Threat Alliance provide a platform for high-quality cyber threat information sharing.
Cyber risk is top of mind
Cyber and is the largest facet of digital risk and is driving convergence of risk management and cybersecurity. Cybersecurity is now top of mind for many organizations and is being discussed in the boardroom on a regular basis. Great progress is being made in the quantification of cyber risk and in the rising field of cyber insurance. The value of cyber insurance premiums worldwide is already in the billions of dollars, and expected to grow to 14 Billion by 2022. Ghai says, “We are maturing in terms of quantifying cyber risk with standards like FAIR and Bowtie”.
Video of Day 1 Opening Keynote Presentation by RSA President, Rohit Ghai