That’s a Wrap – Key Takeaways from RSA Conference 2024
Over 40,000 professionals descended on San Francisco’s Moscone Center for this year’s RSA Conference. With impressive keynote addresses from U.S....
2 min read
Allen Pogorzelski : Jun 12, 2024 12:17:22 PM
The CYGNVS team attended the Gartner Security and Risk Summit in National Harbor, Maryland, June 3-5, 2024. In case you missed it, here are some of the key takeaways.
The theme of this year’s Summit was “Building Cybersecurity Resilience in a Complex World.” The opening keynote, “Augmented Cybersecurity: How to Thrive Amid Complexity,” set the tone by highlighting resilience over protection. According to Gartner surveys, the biggest gap is how security professionals rate their ability to “Respond” and “Recover” from incidents, rather than “Identifying,” “Protecting,” or “Detecting” threats.
For security professionals, the biggest opportunity for improvement lies after a breach has occurred.
Another major theme was “Enhancing Business Continuity in Third-Party Cyber Risk Management.” The speakers noted that 40% of the time, business sponsors move forward with vendors despite their identified cyber risks. The onus is on security professionals to work with critical suppliers to bolster risk management processes and ensure continuity.
The speakers also suggested that many companies have overinvested in cybersecurity technologies. The recommendation? Adopt a strategy that uses the fewest technologies necessary to observe, defend, and respond to threats. This approach can free up resources to invest more in solutions that focus on resilience.
Mental health and burnout among security professionals were recurring topics, including during the Day 3 keynote. A “zero tolerance for failure” culture, coupled with a high incidence of cybersecurity incidents, is taking a toll. Gartner research showed 81% of organizations experienced at least 25 cyber security incidents in the past 12 months. Combined with resource and talent shortages, this environment is leading to low morale, fatigue, and poor decision-making.
Some analysts suggest the need for a more fault-tolerant and learning-focused culture. But in talking with other attendees over lunch, it was clear that no one believed this change would ever happen in their organizations.
No surprise, AI’s influence on cybersecurity was a hot topic. Several sessions discussed how AI is not only impacting software products but also escalating the number and severity of cyber incidents. Examples of how AI has lowered the bar for entry include AI-generated deep fake material, code, and phishing strategies—all highlighting the need for heightened vigilance.
Ransomware remains a top concern. In the session, “Protection from the Risk Within: Managing Insider Risk,” Paul Furtado shared alarming statistics on the growth and cost of ransomware incidents—between 68-84% growth, depending on the study. Attack dwell times (the time between gaining access to a network and executing the ransomware) have dropped in the last year from three days to one. He also mentioned that attackers now access data within 72 minutes of a successful phishing attack. These trends underscore the urgency of addressing ransomware threats.
Over 40,000 professionals descended on San Francisco’s Moscone Center for this year’s RSA Conference. With impressive keynote addresses from U.S....
At the heart of our communities, municipalities deliver crucial services, ensuring public safety and maintaining infrastructure. Yet, this centrality...
The Black Hat Conference in Las Vegas has been one of the most important cybersecurity conferences for decades, recently celebrating its 26th year in...