Date: 27/4/2018

Author: Rebecca Eastwood, Global Communications Director, Performanta

Attending RSA is full of mixed emotions for me. It’s great to see familiar faces and meet new ones, walk the halls and attend the keynotes and sessions. The mixed emotions come when I put myself in the shoes of the attending security leaders; I would quite simply be overwhelmed with the challenge ahead.

Looking back to improve the future

Taking a look at the past provides a clearer perspective on where we want to go. It drives what happens next and the theme of the conference, ‘Now Matters’ reflected that. Each keynote covered the successes the cybersecurity industry has had protecting against the adversary, but also focused on the big changes that need to happen to simply survive.

Rohit Gha, the president of RSA talked about not relying on looking for silver bullets – instead focus on making 1% improvements that allow us to better our security posture daily. Brad Smith, the president of Microsoft told us organisations need to put security first in every decision made; effectively looking beyond the technology itself. McAfee CEO, Chris Young, declared that we’re all suffering from breach fatigue. We need an imminent cultural shift to move cyber security into the spotlight, giving it the attention it truly deserves. Despite the headlines, it seems we’re all in agreement; cyber security is still not front of mind in organisations yet. It’s edging towards the top table, but it’s yet to take a seat.

Securing digital freedom by driving cultural change

Our digital freedom relies on getting this right; effecting both our working and personal lives. Cisco’s Senior Vice President, Chief Security and Trust Officer, John Stewart, summed it up for me. He explained that we’re all critically dependant on technology, we’re not adequately protecting it yet. It’s a dangerous scenario to be in as our dependencies strengthen day by day. Digital transformation is going to embed these security challenges deeper into the heart of business. It’s time for organisations to demand that all technology vendors, regardless of industry, develop products with security in mind. Of course, artificial intelligence will have a big impact; the adversary it using it against us and we will need to fight back in machine-time.

These additional challenges could set to snowball with the ever-increasing cybersecurity skills gap. By 2021 it’s estimated that there will be 3.5 million jobs available in cyber that we do not have the capacity to fill. It paints a bleak picture unless a further change happens diversity.

In short, we need to encourage more cultural and gender diversity. Maybe diversity was such a hot topic at the show because of the backlash against the initial practically all male keynote line-up; 19 out of the 20 speakers announced were men. Regardless, it was hard for anyone attending not to be left with an imprint of its importance to our future.

Girls Who Code founder Reshma Sanjani explained that while universities in the US have more female students, only a small percentage of these girls go into tech roles. While boys are taught to be brave, girls are taught to be perfect. Coding requires bravery – you will get things wrong all the time, until you get it right. She started with just 20 girls and now has over 90,000 students.

Cisco’s John Stewart concluded that if this change doesn’t come, then legislation will step in; with GDPR as an indicator of this. It’s time to take control of our destiny.

As I sat in the audience I couldn’t help but wonder – what were the security decision-makers sat around me thinking? Do they really feel empowered to make change happen, or just overwhelmed by the task ahead? We all need to be agents of change, but we need to acknowledge when the task is either too big, or when we need help.

The industry still works in silos – pockets of technology that stake claims to addressing certain business needs. The truth is that for technology to meet its goals, it needs to be optimised, integrated and understood in terms of business risk. At Performanta we believe good security is bespoke security. Your journey is unique with its own unique business risks. No single or multiple technology solution will ever provide the perfect fit. Only you know your needs, your organisation and your future goals.

The message of the conference was one of change. Judging by the reported leak of some user information from the RSA Conference app, this change can’t come soon enough.

Whether it’s diversity or building the next generation of technology that can keep up with our adversary, change is coming – like it or not. It’s time for the industry to come together and for security professionals to recognise that whilst an essential element, technology alone does not solve the problem. They must recognise that the skills are out there, and that help is available.

Performanta works with organisations to bring together people, processes and technology – to understand business risk and to provide the focus that can often be lacking when you’re feeling daunted at the start of the journey. We help organisations improve their security posture one step at a time. Now really does matter.