5 key takeaways for CISOs, RSA Conference 2024 – CyberTalk

EXECUTIVE SUMMARY:

Last week, over 40,000 business and cyber security leaders converged at the Moscone Center in San Francisco to attend the RSA Conference, one of the leading annual cyber security conferences and expositions worldwide, now in its 33rd year.

Across four days, presenters, exhibitors and attendees discussed a wide spectrum of topics, including groundbreaking cyber security innovation, new perspectives, and transformative cyber security solutions.

The theme of this year’s conference was “The Art of Possible,” reminding attendees that challenges can be overcome, especially as a collaborative community. If you missed the event, discover key takeaways below:

5 CISO takeaways: RSAC 2024

1. Artificial intelligence. More than 100 conference sessions grappled with the topic of AI. There was much discussion surrounding the use of AI within cyber security, both on the part of the ‘good guys’ and that of the ‘bad guys’. A number of CISOs expressed concerns pertaining to the risks around shadow AI, comparing it to shadow IT.

Experts also emphasized the need to distinguish generative AI from other types of AI. Panel discussions expanded on AI-focused conversations through discourse on large language models and the predictive benefits that such technologies bring to cyber security tooling.

2. Data governance. Alongside discussions on AI, data governance emerged as a prominent conference topic. While some conversations explored AI’s specific role in data governance, others zeroed in on the need to really know a given organization’s data and the need to develop data governance policies that align with frequently revised and updated compliance standards.

One cyber security executive deftly highlighted the data-oriented challenges that stem from biases associated with three different areas in a given company – the engineers who create data, the C-suite team, which uses the data, and the CISO, who controls data security.

Given biases in perspectives, true data governance continues to be trying. And such biases arguably degrade overall cyber security efforts.

3. Zero-Trust losing the spotlight. In 2023, Zero-Trust dominated RSA Conference discussions. However, this year, while still a general conversation topic, the buzz around Zero-Trust appeared to have diminished. According to a handful of CISOs, many organizations are already well into their Zero-Trust journeys, which may explain the waning interest.

4. CISA announces Secure by Design program. The top cyber security agency in the U.S. reported that 68 of the world’s leading software manufacturers have signed a voluntary pledge to design products with security built in from the start.

CISA Director Jen Easterly expressed the necessity of Security by Design in the wake of widespread hacking campaigns operated by nation-state actors. “We can together achieve long-term security through fundamentally more secure software,” she stated.

The pledge says that within a year, all involved companies will increase the use of multi-factor authentication across products, reduce the use of default passwords, reduce the prevalence of entire classes of vulnerabilities, make efforts to increase the installation of patches by customers, and be more transparent and timely about common vulnerabilities, among other things.

5. Resilience building. Discussions emphasized that resilience isn’t achieved solely through technology, but rather by fostering collaboration across stakeholder groups. CISA’s Secure by Design program exemplifies the collaborative approach.

Further information

Other topics addressed during the conference included inheriting cyber security from past CISOs, how ransomware prevention has evolved, balancing innovation and security in the cloud, and of course, as noted previously, no one ran out of things to say about artificial intelligence.

For deep-dive insights into cloud-delivered, AI-powered security solutions, click here. To receive compelling cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.