Year after year, technology and security professionals flock to the RSA Conference in San Francisco. It is the annual opportunity for security professionals to tackle the biggest issues and trends impacting the industry. From talking to customers about 5G and what that means for security strategies to listening to brands, such as Uber discuss the future of data protection, here are the five key trends which underpinned this year’s event.
1. It’s all about trust
Rohit Ghai, president of RSA, spoke about the future of trust and remarked: “Trust is to the economy, what water is to life”. A powerful statement but one that set the tone for the conference.
Large scale breaches are gradually chipping away at consumer trust and businesses need to quickly make changes to navigate the complex nature of getting data privacy and security right.
This is something Uber knows better than most, experiencing a breach of 57 million users’ data in recent years. Uber’s CPO, Ruby Zefo, joined a panel on the future of data protection, exploring the importance of protecting PII and defining the difference between who owns and controls data in a bid to show the company is making changes.
Uber is not the only business that knows the cost of losing customer confidence and trust – and so speakers around the conference were quick to press how they were putting the right security and privacy procedures in place.
2. AI needs humans to solve problems
According to Cybersecurity Ventures, the cost of cybercrime is predicted to be $6 trillion a year by 2021. This is a huge business and hackers are constantly looking for, and finding, new ways to make money.
To counter this, businesses are investing in technologies which strengthen their defences, but this can also fuel attacks.
It’s a topic that Steve Grobman, Senior VP and CTO of McAfee, took on at the event, stating that “AI creates as many challenges as it solves”, he also mentioned that people and machines need to work together.
While it is imperative to have the right technologies in place to protect data, a robust team that understands the potential vulnerabilities across the organisation will help ensure no stone is left unturned.
3. 5G and the need for transparency
Given the imminent rollout of 5G, there was some debate as to what this means from a security perspective.
5G in many ways is great news, providing superfast, broadband-like download speeds, meaning that digital experiences will be more streamlined – encouraging consumers to shop and consume content anywhere, at any time.
But with consumers becoming more connected, comes more touch points where data owners could be vulnerable to a breach. Robert Joyce, Advisor for cyber strategy at the US National Security Agency tackled what 5G means for organisations, explaining that transparency with consumers is essential in this new era.
There will inevitably be challenges with 5G and security – therefore ensuring there is an open dialogue with consumers is key.
4. More education is needed to improve cybersecurity
The need to improve education and understanding of cybersecurity was highlighted by General Paul Nakasone, United States Army, Commander, United States Cyber Command, National Security Agency (NSA). Nakasone compared the need to improve the level of cybersecurity education to the equivalent importance of the 1960’s space race – a big claim. However, other speakers echoed this need for education and upskilling of teams too.
This education isn’t just important for IT teams and security professionals, however. There is a need for those at board-level and in the c-suite to truly understand where their company has weaknesses. Too many businesses are unaware of their greatest vulnerabilities, which is why we see headline after headline informing consumers of data breaches.
Ultimately there should be more investment in people and teams to help this process – this is something the c-suite should have firmly on their radar in 2019.
5. Rethinking efficient third-party management
Data breaches are often due to a weak link via a third party. For example, website security breaches can originate from third-party marketing technologies which a business does not control. Some of which companies might not even be aware of.
This issue is something that sparked debate in a panel on ‘Rethinking efficient third-party risk management’. Todd Inskeep, principal, cybersecurity strategy, Booz Allen Hamilton, made the point that there are two types of third-party risks: “what you can control, and what you can’t, and the only thing you can control is contract liability.”
New risks are always occurring and clear agreements must be in place. But, organisations can and must take steps to mitigate risk and take ownership of their website supply chain.
For instance, most website data breaches are preventable by implementing the right technology. Moreover, if businesses do their due diligence company-wide and identify where possible risks are in the first place, this will help prevent breaches and give more control to the organisation. This is a huge and often thankless task but there are partners out there to help businesses build strategies and implement technology to mitigate risk.
There’s no denying that our industry has come a long way in the last few years but there is much more work to be done. See you next year!