RSA Conference Day 1: The Only Constant is Change
I am at the RSA Conference 2022 in San Francisco, my first time as a member of the private sector, since retiring from the FBI last year. I attended one of the keynotes on the first day of the conference, in between panels on incident response, security best practices, and collaboration with government. RSA Chief Executive Officer Rohit Ghai’s keynote addressed change. As the world adapts once again, the technology industry’s experience shaping transformational shifts will determine the next normal. Here are four takeaways from his remarks:
1. Disruption is a Fair but Tough Teacher
Disruptions catalyze transformations. The pandemic triggered a massive acceleration of digital change. Digital disruptions have spilled over into our physical world as we saw with the Colonial Pipeline ransomware attack and gas shortages. In the Ukraine-Russia conflict, cyber has been a big component with the Ukrainian volunteer hacker army being three times the size of its physical army. We live in a hyper connected world where physical and digital is now indistinguishable.
Is this scary? No, because disruption is a tough but fair teacher. Some things don’t change like what matters most to us. Ultimately, cybersecurity is a story about change and triumphing over disruptions.
2. Care about the Constants But the Only Constant in Cybersecurity is Identity
Cybersecurity helps protect our ability to use technology to access or create information, but information is changing all the time while growing exponentially. Technology remains vulnerable to new technology, new exploits. We are constantly playing a game of whack-a-mole to defeat emerging threats.
The cybersecurity sector has been built for reactivity – we are constantly chasing the threats. Instead, we need to build solutions based on the one constant in cybersecurity – identity. Most attacks are based on compromised identities. Multi-factor authentication has been commercially available since 1986 yet, today is only at 50% adoption. We need to have a requiem for passwords and adopt 100% MFA. In a zero trust world, we can use an infrastructure agnostic platform with 360 degree coverage for better identity management.
3. Imperatives Are What Matters Most and Veracity is the Number One Imperative
Protecting our critical infrastructure is an important imperative. Traditionally, we have protected our information systems by focusing on confidentiality, integrity, and availability. But, the new frontier is veracity of information on the platform. Disinformation topples governments, kills companies, causes war until it boils over and it can destroy the very fabric of society.
Common sense remains the most powerful weapon against disinformation. The best way to authenticate content is to authenticate the creator. Who created it? What is their reputation? This is what we should be asking. Veracity of information is the real imperative.
4. Cyber Disruption Tells Us To Prioritize Security Over Convenience
We are constantly faced with choosing entitlements and conveniences versus security. There is a constant tradeoff between security and convenience, but cyber disruption tells us to prioritize security over the gluttony of convenience. We are in the midst of the fourth industrial revolution with pervasive connectivity, artificial intelligence, and decentralized edge computing. We need to reorient out thinking and focus on transformation, veracity of information, and security.
Care deeply about constants. Focus on imperatives. Transform we must – our survival depends on it.
I look forward to hearing what the cyber community sees next, particularly as the legal landscape is poised to dramatically change. Stay tuned for updates and more observations from the RSA Conference.