Although it was a noticeably smaller crowd and trade show floor than previous shows, the 31st annual RSA Conference marked arguably the most important version of the show as IT and security professionals were eager to learn about what the cybersecurity industry is doing to help protect their organizations.
According to conference officials, the event attracted over 26,000 attendees and 400 exhibitors to the Moscone Center in downtown San Francisco in the first in-person version of the event since the COVID-19 pandemic began impacting trade shows in 2020.
Linda Gray Martin, vice president of RSA Conference, said in a statement that the event plays an important role in bringing the cybersecurity industry together to share information, challenges and perspectives as cyberattacks grow in frequency and sophistication.
“We’re committed to providing a year-round platform for the community to engage, learn and access content, whether it’s online through RSAC 365 or at in-person events, as we all work together to contend with whatever cybersecurity challenges come next,” she said.
Unsurprisingly, the show was much smaller than the last fully in-person event in February 2020, when more than 36,000 attendees and nearly 660 exhibitors were present to showcase the latest in cybersecurity software and trends.
Ransomware is still public enemy no. 1
Ransomware dominated much of the discussion during the event, including at a media breakfast hosted by cybersecurity giant Palo Alto Networks.
Wendi Whitmore, senior vice president of threat intelligence for the company’s research arm Unit 42, said ransomware has become the most prevalent cyber threat for organizations over the last decade, with average ransom payments increasing 75% year-over-year to $925,000.
There is also a growing trend of ransomware groups adopting new tactics and becoming aligned with nation-state threat actors. We saw these internal workings in the Conti ransomware leaks, and recent attacks against Costa Rica’s government.
These groups are becoming more professional, Whitmore said, with one such case the company worked on Christmas Eve involving a ransomware attacker that opened a “very professional customer service portal” through which the attackers engaged as if they were a legitimate penetration testing business.
At the conclusion of the incident, the group sent the organization’s CIO a thank you note thanking the organization of their business and outlining how they helped them harden their defenses, according to Whitmore.
Closing the workforce gap will take a multi-pronged approach
To help protect against ransomware and other attacks, organizations need more skilled IT and cybersecurity professionals. However, they are becoming increasingly harder to find.
I had a lengthy conversation with Jim Chilton, general manager of Infosec Institute and the CIO of parent organization Cengage Group, about how to do just that. One of the ways the cybersecurity training and awareness group is doing so is through new role-based training that provides personalized training and certification recommendations for the 12 most in-demand cybersecurity positions. This is designed to help companies upskill and cross-train talent at scale.
“It allows you to take people from different professionals, different capacities and different walks of life and allow them to go through training and certification to be ready to close this (workforce) gap,” Chilton says.
Cybersecurity is not a diverse field
Hiring people from “different walks of life” would inherently mean that new cybersecurity professionals should not all look the same. However, there was not much diversity on the trade show floor.
Expanding cybersecurity opportunities to underserved communities is one way to help close that workforce gap, Chilton says. To that end, Infosec Institute markets its low-cost skills-based training and apprenticeship programs.
Diversity as a solution to the cybersecurity and IT workforce gap was a sentiment also echoed by Lucia Milică , global resident CISO at security software company Proofpoint, who spoke with TechDecisions in the company’s suite at a nearby hotel during RSA Conference.
“If you walk around the expo hall, you see far less women than you see men,” Milică says.
The need for diversity in the industry is a firm belief for Milică , who says its not only the right thing to do, but the most effective for business outcomes.
“You can tap into new potential that we have traditional not really welcome or allowed,” Milică says, citing studies that show that diverse teams are proven to be more effective with the addition of diverse thought. For a field as in-demand and volatile as cybersecurity, new perspectives should be encouraged, she says.
That leads to groupthink, which leads to a culture where nobody’s opinion is challenged.
“If nobody’s ever pushing back or is afraid to speak up to tell you what the issues are, then you clearly have not established that level of trust that is needed to build a highly effective team,” Milică says. “diversity of thought is critical.”
AI and ML are being pitched as a solution to workforce gap, burnout
Just as organizations are struggling to find cybersecurity help, current professionals in the industry are leaving due to stress. According to a new study from cybersecurity software firm Deep Instinct, 45% of security professionals are considering leaving the industry altogether due to unsustainable stress. Another 46% say they know someone who has left the industry due to stress.
According to just about every software vendor exhibiting at RSA, a solution to that burnout is artificial intelligence, machine learning and automation to help IT and cybersecurity professionals focus on helping the business grow rather than react to security alerts and incidents.
TechDecisions met with Charles Everette, a cybersecurity veteran and director of cybersecurity advocacy at Deep Instinct, who said the company embraces deep learning – a subset of machine learning —and applies to cybersecurity to help companies predict new threats, which helps companies protect against unknown attacks.
According to Everette, that technology helps prevent false positives and alert fatigue, giving customers more bandwidth to be more proactive.
“The industry needs to take a more proactive approach, and we can do this with new cutting-edge technology,” Everette says.
More public-private partnership is encouraged
Several government agencies were exhibiting and speaking at RSA Conference this year, including the U.S. Cybersecurity & Infrastructure Security Agency (CISA), NSA and FBI.
With threat actors and large-scale nation state campaigns wreaking havoc on public and private networks over the last few years, these agencies have made it their mission to be more proactive in alerting the private sector about threats, including ransomware and nation-state attacks.
CISA especially has been actively sharing information, including which vulnerabilities are being actively exploited via its catalog of known actively exploited vulnerabilities. Many have pointed to CISA’s work and others in the government for making information sharing easier and reducing the negative stigma that comes when an organization is compromised.
“If there’s any silver lining to the conflict is that there’s so much threat intelligence conducted between private industry, public partnerships, government and between private industry partners,” says Whitmore of Palo Alto Networks.