There’s Never a Dull Moment in the World of Security
After the disruption caused by the last-minute cancellation of Mobile World Congress, there were some mutterings as to whether RSA Conference 2020 (RSAC) would still happen. The media were suspicious and several sponsors withdrew in the weeks preceding the event. Nonetheless, the RSA bandwagon continued rolling with more than 36,000 attendees who made their way to the Moscone Center for their annual fill of cybersecurity updates and developments.
Before I share my thoughts on this year’s event, however, it’s worthwhile to reflect on how RSAC has developed since the first time I attended in 2011. As we know, this industry is ever-evolving – and one of the year’s largest security trade shows is no exception to change.
Blast from the Past
I remember 2011 as the year of the cloud; or, more specifically, security in the cloud. This was the hot topic of the time, as plenty of sessions covered it not only from a technical perspective, but from a legal and privacy standpoint. Cloud was not new in 2011, but it had matured to the point where even government agencies were starting to look at adoption, creating a critical need to protect and regulate data.
With cloud adoption underway, the logical next step was Big Data. A focus topic for RSA Conference 2012, the underlying concepts continued to mature, as more organizations moved into cloud services over the coming years. Initially, conversations were focused on how to make the best use of these vast data-lakes with predictive analytics. But, very quickly, the topic shifted toward how do we protect the data, with the realization that it was of such high-risk for attackers looking to either prevent access to, modify or delete corporate data – and then resell or ransom information to the highest bidder.
During the second half of 2016, the Yahoo! breach occurred, exposing more than one billion user records. Despite hearing more tales of caution about the need for IoT security, this attack was driven by the Mirai botnet that had been responsible for the DYN cyberattack in October of that year. This meant the focus during RSA 2017 was twofold, with sessions on how to better protect data and ensure privacy, as well as ones focused on the need for IoT security, given it had experienced such a gain in notoriety.
Fast forward to 2018 and data was still a big topic at RSA, but this time for different reasons: the EU General Data Protection Regulations (GDPR). There were many keynotes and sessions held in this area, as organizations worked to understand how they would be affected by the GDPR, including how it was relevant to non-EU organizations.
No Time Like the Present
Bringing us up to 2020, the theme for this year’s show was ‘The Human Element.’ Many presentations were focused on understanding the hacker point-of-view and how they see opportunities with un-patched, or un-addressed, software and network vulnerabilities.
This year, I noticed a big uptick in companies talking about technology that uses Artificial Intelligence (AI) to leverage and understand analytics, and not always in the ways that we might expect. The winner of the RSA Innovation Sandbox Contest was a company called SECURITI.ai, which is focused on AI-powered PrivacyOps. Considering just a couple of years ago we were still debating what needed to be done, this is an exciting development.
Several vendors also presented on different authentication methods, from the traditional two-factor authentication that we’re all used to now, to new technology from Pindrop with Deep Voice 3 that aims to recognize an individual’s voice as quickly as three syllables. Of course, authentication also raises the issue of facial recognition and how this is being used in some countries for law enforcement. As commercial solutions, such as video-doorbells, take hold, does this introduce privacy issues? Or, could the data be leveraged for covert surveillance? This is a question I’m certain will return in 2021.
This then leads me into an area of personal interest: networking and career advancement. This is an often under-reported part of the conference, but one that is of critical importance as we know there are just not enough people entering the industry today to meet demand. There were some solid conversations around the value of certifications, whether we focus on recruiting from the right educational backgrounds for cyber and the importance of promoting diversity as key to improving recruitment numbers. A few key takeaways:
• Do we need more clearly defined career paths for cyber?
• Should we be looking to recruit from non-technical areas?
• Does today’s gamer make a good cybersecurity professional?
Overall, even with the concerns about Coronavirus that may have reduced overall attendance, RSA Conference 2020 was very much worthwhile to attend. We’ve seen a shift away from ‘common themes’ across the event to real development in plenty of new areas that truly advance cybersecurity. There are still too many solutions out there vying to be heard, but this is not a terrible thing. It at least means that people are learning about existing risks, new risks and future risks.
When it comes down to it, we are all professionals. Our responsibility is to ensure that our customers, colleagues and businesses are well-protected against current and future cyber-attacks. As such, conferences like RSA are invaluable in offering conversations, identifying new technologies and promoting new ideas to achieve this.