Nation-state cyber threats, daily cyberattacks, security industry innovation and diversity in the security industry were among the more pressing topics making news today during the first full day of RSA Conference 2018.
RSA, attracting 50,000 to San Francisco’s Moscone Center, is the biggest security conference of the year. The 27th annual edition kicked off today with a round of keynotes, the expected flurry of product announcements, industry surveys and buzz on speakers who are there and aren’t.
Here’s a snapshot of what we’re seeing from PAN’s security newsroom:
Time for a “Digital Geneva Accord”
As the RSA Conference opened, a group of 32 tech companies headed by Microsoft and Facebook announced the signing of a “Digital Geneva Accord” and pledged not to aid governments in cyberwar. At the conference itself, Microsoft President Brad Smith amplified on the announcement, urging action on nation-state cyber threats.
“Cyberspace has become the new battlefield, and the tech sector has the first responsibility,” Smith said in a Tuesday RSAC keynote. “We are the first responders on this new battlefield, and it needs to be a shared responsibility with the industry and with customers around the world.”
Survey says: Cloud users are worried about data security
Industry surveys are popular news vehicles at RSA Conferences, and this year is no exception. McAfee issued a report on cloud security revealing that security is still top of mind with cloud users. The survey of 1,400 IT professionals showed significant adoption: 83 percent of companies surveyed store sensitive data in the public cloud. But only 69 percent trust that their information is secure. Our client iboss released a survey last week, showing that SaaS adoption is outpacing the ability to protect enterprise networks in cloud environments. In total, 61 percent of enterprise IT staff cite data privacy as a primary concern for the growing adoption of SaaS.
At the conference itself, McAfee CEO Christopher D. Young said the cybersecurity industry can learn from the way the air travel industry has battled hijacking. “Airlines really do a remarkable job with this,” he said.
Skills gap is widening
In another survey, the ISACA presented sobering data that suggests the lack of cybersecurity skills is getting more problematic. ISACA released its State of Cybersecurity 2018 report, which showed 59 percent of organizations have open security positions that they cannot fill, while 54 percent said it takes an average of three months or longer to fill those positions. The report “not only shows an expansion of the skills gap reported in the past, but also begins to trace its contours,” according to ISACA. “Technical resources, particularly technical individual contributors, are in the most demand. That demand is likely to increase over the short to medium term.”
Diversity is on the agenda
When the RSA Conference announced its keynote speakers in February, IT professionals took to Twitter to complain about the lack of diversity in the lineup. With the exception of Monica Lewinsky — who was to give a talk titled “The Price of Shame” — every single keynote speaker was a man. RSAC’s organizers heard the criticisms and reacted. They rejiggered the lineup to include seven women, including Homeland Security Secretary Kirstjen Nielsen, prominent game developer Jane McGonical, and Reshma Saujani, the founder of Girls Who Code.
This just in: Joyce cancels
Also on the speaker issue, there was a bit of buzz the past couple days about one official scheduled to speak at RSA who pulled out at the last minute. That was Rob Joyce, the White House cyber security coordinator. Joyce was scheduled to give a talk at RSA but cancelled, days before the announcement Monday that he would be the latest official to leave the White House.
The industry is making progress
During another Tuesday keynote, RSA President Rohit Ghai sounded an optimistic note, saying he thinks the industry has made great strides since last May, when the WannaCry destructive malware outbreak took down servers worldwide.
“WannaCry … was our wake-up call,” Ghai said. “We failed to patch a known vulnerability … Since then, we have picked up our game with vulnerability risk management and patching IT and OT [operational technology] infrastructure.” At the same time, he added, the repercussions for information security failure continue to mount: “Cyber incidents now put everyone’s career at stake, from the chairperson of the board to the CEO on down.”