Key RSA Conference Takeaways 2023

Another RSA Conference just wrapped up with several CYGNVS leaders gathered in San Francisco to learn from and network with the world’s best cybersecurity experts at the annual 2023 RSA conference.

The conference provided a fascinating opportunity to share perspectives with other cybersecurity professionals, discussing the challenges and current shortfalls for many organizations.

After the conference, I had a chance to sit down and discuss insights our team gained at the conference, and what it means to our clients.

Our 5 key takeaways are:

1. AI is everywhere – Generative-AI, AI-Powered, Purple-AI… what is it?

   We’re still learning how to harness the incredible power of AI, and many practitioners are concerned about what it means for their career prospects. We believe AI can most effectively be used to supplement human intelligence by creating and refining algorithms to help solve organizational problems and detect threats that might otherwise be overlooked, and to drive automation on the back end.

2. Security analytics – “you need data, we have it, let’s solve problems.”

   Most organizations already have an ecosystem of data – so the question becomes, how do you get more information from your data and leverage it more effectively?

   One example of how analytics are being utilized in cybersecurity is by enhancing endpoint detection capabilities that incorporate behavior analysis alongside signature analysis. These solutions can immediately identify if a legitimate-seeming action is coming out of the wrong file, directory, or application. This can be a gamechanger for small organizations, who previously didn’t have the ability to enhance their prevention and detection controls.

3. Passwordless – access management technologies are becoming crucial as we move beyond onprem authentication to SaaS and SSO solutions – but vendors need to do a better job at serving multiple use cases.

   Cloud platforms are driving the necessity of a single, secure access point for countless cloud instances across your organization. You need to access them through a privileged account management solution, using a common access mechanism. We saw a lot of vendors building solutions to solve this problem with passwordless solutions – but many of them only solve for a few use cases. We agreed the technology needs to be consolidated so that organizations don’t need to support multiple solutions to solve all of their use cases.

4. Cyber warfare is real – the effects and reach of military warfare in the Ukraine and Russia extends to multinational and supply chain organizations.

   That's going to have collateral damage to multinational organizations that operate in those regions, which could be US companies. There is a trickle down effect that is actually heightened. I’ve had conversations with experts at several cyber insurers since the war started over a year ago, and they've seen an overall increase of ransomware and extortion attacks on their insured as collateral damage.

5. Supply chain security – it’s the elephant in the room that wasn’t addressed until now.

   As vendors build software that includes other software code, including open-source or pre-purchased components, you may have very little idea what’s imbedded in the application. Ultimately, organizations need to know not just what’s in the box, but what are the threats inherent to each of the different ingredients in your recipe. This issue is becoming increasingly important with the U.S. government recently creating new rules where if a vendor published software with vulnerabilities, whether they know it or not, they are liable. There's a lot of interest in not just solving this because it's the right thing to do, but also because any vendor that you become a part of that sells to the US government can ultimately be traced back to you.

TLDR – What We Should Be Talking About

Many vendors are focused on prevention, risk management, and detecting the “bang”. This is part of the equation – but there’s a piece that’s missing

Our chief cyber business officer, Steve Curtis, told me about a discussion he had with Michael Coden at BCG. Steve asked him, “Say you had $100 of InfoSec budget, and you already spent $99 on prevention. If you had $1 left, would you spend it on more prevention, knowing you can't get to 100% effective prevention? Or would you spend that last dollar on a better response capability?”

Michael's response was, “First of all, yes. You would spend that last dollar on better response, because it's inevitable you're going to need it. But it takes a while to build preventative controls, so given there may be a time lag, you should really spend the first dollar, not the last dollar on response capability.”

We all agree there are many new proactive, integrated, analytical, AI solutions on the preventative – ‘left of bang’ side. But organizations also need to prioritize the ‘right of bang’ capabilities for preparation and response to a cyberattack.

-Nick Essner, Cyber Solutions Lead

Join the CYGNVS conversation – learn the important lessons from the front lines (and what not to do) when faced with a cyber crisis!

CYGNVS is your plan and your team in your pocket. CYGNVS mobilizes you and your extended team to your plan wherever you are whenever you need it. Have access to your plan even if your systems are compromised or Active Directory is unavailable. Communicate securely, away from the prying eyes of your attacker with out-of-band communications. Guide your team step by step to follow your personalized response plan. Don’t have a plan? Don’t sweat, the CYGNVS library can accelerate your maturity. Our team will even help you customize your plan to your environment and run a tabletop exercise to practice with your enter team. Don’t delay resiliency, start today with CYGNVS.”