Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Resilience: RSA Conference 2021

For many of us, RSA Conference 2020 in San Francisco was the last time we came together as a community, met with colleagues, and saw new technology offerings. It was one of the last global events held in person before the lockdown, and since that time, we’ve had to switch to digital methods for interaction and communication.

For many of us, RSA Conference 2020 in San Francisco was the last time we came together as a community, met with colleagues, and saw new technology offerings. It was one of the last global events held in person before the lockdown, and since that time, we’ve had to switch to digital methods for interaction and communication.

RSA 2021 planned to run in person, and the event was delayed from February until May for this reason – but ultimately, many of us are still unable to travel. So, the decision was made to shift to virtual.

This year the whole world moved to a digital format and one where we’ve seen threats rise incrementally with growth in ransomware, credential theft, financial scams and phishing. All attack vectors could take advantage of remote working or dealing with high-stress situations such as frontline health response.

The result of this change is that we’ve gained a new attitude in how we balance our work tasks and developed new levels of resilience in response to challenges created by the COVID-19 pandemic. Whether bolstering or enhancing corporate security posture, creating awareness for formerly office-based employees now working from home or responding to the damage caused by an unfortunate breach or attack, we have learned the importance of resilience and the need to learn from success or failure. The result is that we become more robust in response to ongoing changes.

This was a key message from RSA 2021, delivered with a solid positive story, with excellent supporting takeaways from many keynotes.

Look to new opportunities in hiring a digital workforce

The pandemic produced new challenges for security teams in addition to their existing workload. They not only found themselves working remotely – but with a workforce doing the same, threats that could be spotted on the corporate network were now starting to hide on a home WiFi. We saw the fastest threat surface expansion in memory. 

However, this move to remote work does present the opportunity to create a more diverse workforce. At the end of 2020, a report from (ISC)2 estimated around 2.8 million employed cyber professionals in a market with approximately 4 million roles available.

Advertisement. Scroll to continue reading.

Why not broaden the hiring horizon to help address this challenge?

In the past, it was a requirement for the security team to be located in the operations centre, close to the systems supported. The pandemic has proved that this is not always necessary. There are still roles that need local support, but for many engineers working at home, it could be argued that investment to improve remote working makes their job more accessible – and can open the door to hiring remote security specialists in the future.

The benefits of this include the opportunity to hire a more diverse workforce, in terms of people and cultural differences created by their home location, the chance to have a security team located more closely to regional offices and cost reductions by not having to create desk space for every engineer in the corporate SOC.

Keep monitoring for vulnerabilities, and use the results

In the last year, we’ve settled into remote working. We are used to changes in our daily routine that include more VIP and video conference calls, electronic collaboration and the additional security needs established to keep our information safe as we work from home. 

The opportunity to return to the office is on our horizon. However, as much as the hubbub of the office will be welcome, the stress and cost of a commute combined with long hours away from home are not so welcome. Creating a hybrid of office and remote work will become essential for employee welfare and happiness but will need to be continuously secured.

Organisations must test their environment frequently to keep ahead of threats targeting office and remote working. The insights from security tests feed threat intelligence solutions, keep threats outside the network and inspect encrypted traffic, which can contain unpleasant hidden payloads.

Zero-trust was a big topic at RSA 2021, and Rohit Ghai discussed this in his presentation, proposing that we consider this a “mindset, not just an architecture”. 

We must work to the assumption that any connection is high-risk until proven otherwise. According to a report from McKinsey, growth in internet connections is running at around 127 devices per second. Securing and protecting related data for each instance is not possible – but using threat assessment data to create an accurate risk profile, then requiring any connection to be compliant before connecting is the best way to keep threats at bay.

Keeping up the experience

This year was the 30th birthday of the RSA conference, and we had to attend the party over videoconference. However, the experience was positive, and this is one of the most important things that I would take away from the event – it’s all about the experience.

In a world where it’s so easy to change providers, move apps and change how we work at scale, it’s the experience that is key to generating sticky solutions. Security is imperative as data protection is a business imperative and a legal requirement, but cumbersome security can spoil the user experience.

As we move from remote work and back into offices, we’ve learned a lot about being effective at home, and the security teams have fought off attacks successfully. Ensure that the learnings of 2020/21 are applied at scale for a positive experience where enhanced security is a partner on this journey and not an inhibitor.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem