Something happened last month that hasn’t fully happened in 28 months, as some 40,000 cybersecurity individuals convened in person at the RSA conference in San Francisco. Since COVID, the conference has been primarily virtual.
A lot has happened in those nearly three years. In October of 2021, the President of Microsoft called the SolarWinds catastrophe a “wake-up call.” In early 2020, hackers secretly broke into Texas-based SolarWinds’ systems and added malicious code into the company's software system. In one of the largest examples of a backdoor “hack” that could have infected thousands of systems around the world, hackers managed to infiltrate Solar Winds’ system and have their malicious code inserted into an update. That code was then widely dispersed to potentially thousands of customers. Some major companies like Microsoft, Intel and Cisco were reportedly infiltrated. Government agencies such as Treasury, Justice, the Energy Department, and the Defense Department were reportedly hit. Some reports said the attacks even reached into the Cybersecurity and Infrastructure Security Agency (CISA), the office at the Department of Homeland Security whose job it is to protect federal computer networks from cyberattacks.
In April of 2023, the RSA conference convened in San Francisco. How did the events of the past 28 months impact the conversations at the conference? It seems that some of these issues that have fully developed in the last three years, are now being pushed into the mainstream, and discussed at some of these major industry events like RSA.
Considering the “COVID era” developments in cybersecurity over the last three years, it was clear that vendors and attendees to the RSA conference shared concerns that have become not just the realm of government or regulatory body solutions, but also of critical interest in the mainstream world of business and technology.
The White House’s National Cybersecurity Strategy, published in March 2023, was a major topic of conversation. The Strategy proposes measures such as new regulations to establish baseline standards of cybersecurity and increased public-private collaboration in cybersecurity defense and threat disruption.
The importance of “collaboration” or cooperation between organizations, individuals and law enforcement was strongly voiced and discussed, as was the need for better education and investment in cybersecurity in both the long and short term. Certainly, demands by Government entities on reporting requirements have fueled this thinking. The consensus that now seems to be taking shape is that cybersecurity demands a united front particularly as AI, machine learning, and automation in cybersecurity solutions continue to evolve.
Another talking point is that integration among organizations, individuals, security researchers, and law enforcement is essential and will become even more so as cyberthreats become more sophisticated and more difficult to anticipate. Investors and executives strongly agreed that sharing threat intelligence is essential for staying ahead in the cybersecurity landscape.
Generative AI as a rapidly evolving tool, was a familiar and lively topic of discussion at the conference, with executives postulating that it would be a major player in augmenting cybersecurity threat detection and response. The upshot is that both executives and policymakers see the potential of generative AI to formulate and execute convincing social engineering attacks faster and more widely, while CISOs are optimistic that generative AI will be a force multiplier for their teams’ prevention, detection, and response efforts.
Many executives and policymakers expressed concern that current cybersecurity solutions assume and require significant capabilities of their customers to manage and expect too much know-how of end users. At several events, speakers bemoaned a talent shortage in cybersecurity. Relatively few organizations possess advanced cybersecurity expertise or have the resources to afford a professional CISO and dedicated engineering teams to deploy and monitor disparate cybersecurity products and patches.
Another critical topic of discussion at RSA was that experts stressed the importance of cybersecurity education and awareness, for both individuals and organizations, with a cross-pollination of technical and human resource across companies and organizations. The shortage of skilled cybersecurity professionals remains an ongoing and pressing concern. With a trained talent pool, the burden of security know-how falls to the customers, who don’t have the training or knowledge to adequately protect themselves from cyberthreats. The need for dedicated engineering teams to deploy and monitor disparate cybersecurity products and patches was expressed repeatedly. This is a particular area of concern as cybercrime is expected to hit $10.5 trillion by 2025.
The RSA Conference 2023 highlighted the need for collaboration, better education, and investment in cybersecurity. Key takeaways included the emphasis on AI, machine learning, and automation in cybersecurity solutions, the importance of closing the gap between CISOs and executives/boards, and the need for collaboration between organizations, individuals, and law enforcement to address cyber threats. It will certainly be interesting to see where the cybersecurity sector is headed in the future.
At CYRIN we know that as technology changes, a cybersecurity professional needs to develop the skills to evolve with it. The people who run our most sophisticated systems, the military, have continued to entrust us with training some of these specialized cyber warriors. For the military, for educators, for the private sector, we continue to evolve and develop solutions with “hands-on” training. The most effective training that is crucial to attracting and keeping the critically needed people who defend our systems. Our courses teach fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. These tools and our virtual environment are perfect for a mobile, remote workforce. People can train at their pace, with all the benefits of remote work, remote training, and flexibility. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!