At the RSA Conference 2017 in San Francisco, the atmosphere may have been upbeat and celebratory, but the mood captured the state of security around the world
At the RSA Conference 2017 in San Francisco, the atmosphere may have been upbeat and celebratory, but the mood captured the state of security around the world.
The conference kick-started with a keynote by Zulfikar Ramzan, CTO, RSA Security, followed by an interesting line up that included Brad Smith, President and Chief Legal Officer, Microsoft, Christopher D. Young, Senior Vice President and General Manager, Intel Security and Honorable Michael McCaul, Chairman at the House Homeland Security Committee.
There were four key thoughts that seeped through all their keynotes:
1. Security is a business concern; not just IT's
Ramzan's advice to security leaders was to focus on five things: a) Treat risk as a science; not a dark art b) Simplify what you control c) Plan for the chaos you cannot control d) Prepare a budget for your response plan e) Collaborate with different stakeholders in your organization. "Corporate executives do not care if an incident involved a vulnerability caused by an SQL injection; they'd like to understand the business implications. An ambitious enterprise is truly a joint venture between business and security." he said.
2. Security vendors must come together
"This is perhaps the most fragmented sector in the whole of tech industry," said Young. He emphasized on the need for security vendors and the industry to join hands in tackling the new perils that are threatening our enterprises and our governments.
"Internet of Things (IoT) should not become the internet of terrorism," he added. Young spoke of initatives supported by Intel, such as OpenDXL, GitHub, nomoreransomware.org and cyber threat alliance. The Cyber Threat Alliance (CTA) is a group of cyber security practitioners from organizations that have chosen to work together and share threat information for the purpose of improving defences against advanced cyber adversaries across member organizations and their customers.
3. The Need for Talent and Diversity in the security workforce
Taking a cue from Trump's executive order, Smith underscored the importance of talent and diversity in the global technology workforce. "We need to create a new independent organization that brings together the best and brightest in the private and public sector and the academia," said Smith. "As a global technology company, we are in a position to forge a unique level of understanding and respect for the needs of people around the world," he added.
Honorable Michael McCaul, also took a stance in the favour of diversity. While addressing the RSA security conference attendees, he said, "In the light of recent events, everyone's wondering whether the US policies will continue to welcome international talent. Let me state one thing clearly: Our country is built by immigrants, and it is a magnate for creators and entrepreneurs who are willing to take risks and pursue their dreams. “Therefore, we must maintain that tradition, not just for our country's credibility but for the survival of Liberty itself," he added.
4. Cyber security is a global security agenda
"Cyber space is the new battlefield," said Smith. ""We should come together and reflect on the entry of nation state attacks. Think of the decade that we are traversing on how the cyber attacks have moved away from being enthusiasts, to financial thefts, and to governments around the world." he added.
Pointing to the recent revelations about the involvement of Russia in influencing the US election, McCaul noted that espionage is not the only battle, but our democracy is at risk. "Our adversaries are turning digital. Our cyber rivals are overtaking our defences. Nation states are using cyber trolls to steal country’s secrets, copy IP, faceless hackers are stealing our financial data, and terrorists are abusing encryption and social media to crowd source the murder of innocent people," he added.