A Time for Optimism: Cybersecurity is Stronger than Ever
Highlights from the Opening Keynotes of RSA 2018
It’s easy to call 2017 a cybersecurity failure. WannaCry alone rocked the digital world to the core. But it was only made worse when we realized that the attack was perpetrated by governments, not individuals or criminal organizations.
But across the board, the speakers of the opening keynotes at RSA 2018 called for optimism. While there is still a lot of work to do and the job of cyber defenders is by no means done, these keynotes highlighted that the work they do every day is making a difference.
The Little Things Count
It may not look like it, but the cybersecurity progress that has been made over the last 30 years of RSA conferences is making the world safer.
“Joe, your brilliant deployment of multifactor authentication to stop a massive breach will never make the New York Times,” said RSA president Rohit Ghal.
That is the danger of cybersecurity. The only news is bad news. The best state of affairs is when there is nothing to report. The end of the keynote by McAfee CEO Christopher Young was a video whose mantra was “Nothing important happened today…except everything.”
“We need to shift our focus from becoming perfectly unhackable one day to being a little more secure every day,” said Ghal.
All the little things do add up. Every activity that makes us a little more secure is time well spent, because security is an ongoing battle. There is no silver bullet for security, and while the daily grind may feel like a thankless task, that is how we win.
Adapting to Change
Microsoft president Brad Smith spent much of his talk calling for governments to do more to defend us now that the battlefield has shifted to the cyber realm. We need to view attacks on machines as attacks on people.
“We need a new digital Geneva convention,” said Smith.
WannaCry, which exploited a vulnerability in Microsoft operating systems, had a global impact by shutting down key elements of our society that have come to depend on machines. In the U.K. 19,000 hospital appointments were cancelled because of WannaCry.
But cyber defenders have advantages over the hackers. When hackers find a creative way to breach companies, we can force them to be creative again by closing that vulnerability. Young pointed to the how the air travel industry became more secure over time by adding security measures when would-be attackers tried new techniques
By working together and sharing information we can make the increasingly connected world more secure. Ghal praised organization like the Cyber Threat Alliance and Smith pointed to a new coalition of security companies that have promised to prioritize security.
Turning Awareness into Action
If there is a good side to the “breach a day” cadence of stories coming out about cybersecurity, it is that awareness of cybersecurity issues is reaching board members and executives.
Ghal pointed to a statistic that 89 percent of board agenda have cybersecurity on the agenda at some point. It’s a step in the right direction, but there is more to do.
“The awareness is there, but there is a failure to turn that awareness to action,” said Young.
There needs to be a cultural shift in the approach to cybersecurity. In addition to the incremental progress of small gains, everyone needs to take responsibility for cybersecurity. There are signs of progress on that front across the industry with the adoption of DevSecOps, which pushes cybersecurity to the beginning of the development process.
The gains from baking in cybersecurity from the start cannot be matched by the “bolted-on” approach we’ve taken in the past.
Incremental success is a hard story to tell. It’s a lot easier to focus on the disasters of cybersecurity like WannaCry, but the truth is that there is a reason for optimism. For every attack that we hear about, there are hundreds or thousands that defenders stop dead in their tracks.
The hard work of cyber defenders may be a thankless task, but it’s working and it’s making a difference.
Check back tomorrow for the next blog in this series live from RSA where we’ll have insights from our panel of industry experts.