RSA Conference 2018 Takeaways

Trends, technologies and talking points

As the RSA conference draws to a close, we’re looking back with red-shot eyes, at the week that was. RSA has evolved from a small cryptography conference to a mega cybersecurity global event, with over 42,000 attendees. What’s hard to fathom is that the conference this year is drawing the curtains on its 27th event. More than 550 companies staged their innovations across two expo floors at San Francisco’s Moscone Center.

The RSA halls for one week served as the pulsating center of emerging cybersecurity innovations and the latest technologies. Scheduled sessions tackled hot button topics such as IoT, cryptocurrency, and GDPR – the biggest acronym in security at the moment.

Here are some takeaways from an outstanding, top-notch experience:

Defense alone won’t protect cyber castles
IDSs, IPSs, WAFs etc., and all their respective next generation offerings are no longer enough. A new order is calling for a different approach and a revised strategy that can help the industry transition from an ‘arms race mentality’.  A new continuous offensive-defense approach is beginning to address issues such as business continuity and ongoing remediation. Organizations are voicing a need to increasingly invest in products that mitigate risk as well as network disruption.

The cyber skills gap’s labor pains are not going away
A newly released report by ISACA shows 59% of organizations have unfilled security positions while 54% claim it takes three months to fill a position. With demand predicted to grow over the next year, the need for automation is increasing. Training new recruits, as suggested in some panels, may not be enough. Replacing manual operations such as pen-testing and red team exercises with ongoing and recurring automated solutions could offer one form of ‘epidural relief’.

The impact of automation on cybersecurity
New automated social engineering Tactics and techniques harnessed by hackers are wakening up the white hat – black hat trench war. Leading cyber experts are predicting cyber-criminal automation will match some of the best products on the market to date. Next generation automation tools will need to address a new breed of threat actors equipped with increasingly sophisticated products and more computing power. Future cyberattacks may be almost impossible to stop as they start to mimic online traits. The force majeure behind them may have a target asset; whether it’s a blueprint of a new product or a financial source enabling highly lucrative gains.

IoT and the fading perimeter
IoT was a big buzzword in RSA sessions this year. With time-to-market taking over security priorities, the ubiquitous presence of IoT connected products hails a new era of security headaches, if not nightmares. The deployment of myriads of IoT devices coupled with a fading perimeter means the attack surface is expanding. The promise of connected technology consorts with a source of a new potential threat. The risks for organizations, business and even consumers are worrying, as standards and policies are not keeping up.

 GDPR  and the guerrilla in the room
The GDPR Essential Seminar at RSA put the spotlight on a topic that was undoubtedly one of the ‘guerrillas in the room’. Affecting almost every company in Europe and beyond, GDPR is bellowing out an increasingly loud nell, as the go-live date – May 25 draws near. Many companies are still struggling to come to grips with requirements for; public profiling, breach notifications and security issues. Compliance with article 32 in particular, is impacting the cybersecurity community, as it aims to deliver practical guidelines for organizations seeking to improve their security processes while keeping personal data secure.

New cybersecurity Tech Accord at RSA advocates collective action
Advocating the idea of doing more together,  a new Cybersecurity Tech Accord was recently signed by many large global technology companies. The accord is a welcomed move towards building greater resilience and security. It is a public commitment among 34 global companies to protect and empower the Internet community and improve cyberspace security and stability.

During RSA accord members including; Facebook, Microsoft, HP, Cisco, Dell met and exercised a show of hands in favor of collective action and capacity building. Let’s hope the initiative manifests itself beyond a PR exercise.