This month, thousands of security practitioners, CISOs, government officials, reporters, PR people (including a dozen of our own #HWCyberSquad members), and more flocked to Moscone Center in San Francisco to come together to dig into the biggest trends driving the cybersecurity industry.
This year’s theme was “the art of possible” which showcased itself in many ways:
Each year, the ideas brought to RSAC get bolder, push more boundaries, and impress more than the years prior. Here are some of our top takeaways that dominated this year’s conference:
Coming in first place as no surprise is the topic of AI – this year AI took center stage in conversations much as it did in the year prior, but this year felt different. Last year, AI was being discussed as a cure-all, whereas this year we saw a shift in conversation to AI as a supplemental tool to an entire security stack.
For not being sentient, AI can cause a lot of emotions in people including security experts. Depending on where you looked, what sessions you attended, and who you interacted with, the sentiment around AI and its use cases –on the criminal and defender side alike– widely ranges. We witnessed for the second year in a row some cyber vendors relying on the threat of attackers using AI to push their defenses, while on the media side, the Highwire team heard from many reporters that they aren’t getting any qualified leads on the real-world use cases on the dark side of AI which is making it hard to write on the subject despite the immense industry pressure.
This year’s RSA Conference drew in over 41,000 attendees with 400+ of those attending accounting for members of the media, a 20% drop in media attendance compared to the 2023 turnout likely due to shifts in newsroom budgets after a historically hard year for the news media industry. Despite this reported decline in media attendance, reporters on the ground were busy this year building their longer-lead stories, digging into the trends (Are we really seeing hackers use AI? What are we looking at for 2024 election security?), and writing 15K+ articles according to MuckRack data.
Coverage of the conference to date has ranged from daily recaps from SC Magazine and CRN to special event highlights in Axios and WSJ. Articles also had a range of quoted individuals including threat researchers, government officials, CISOs, CEOs, and others – #HWCyberSquad Tip: It’s not always the case that the most top-tier outlet reporters want the highest-tier spokesperson (i.e. Reuters doesn’t always mean CEO). Matching reporters' interests and styles with spokespeople is one of the biggest keys to success, especially at conferences.
With every passing year, the government involvement increases at RSAC (and Black Hat and DEFCON, but we’ll get there this summer). This year RSAC was not only attended but keynoted by the likes of Secretary Antony J. Blinken, Secretary Alejandro N. Mayorkas, Ambassador Nathaniel Fick, Director of CISA Jen Easterly, National Cyber Director Harry Coker, and more.
We saw public-private partnerships –and promises– highlighted on a large scale with the CISA-led Secure by Design pledge receiving around 70 signatures from major tech and cyber companies including AWS, Microsoft, Google, Cisco, CrowdStrike, Rapid7, and more.
Highlighted at the conference this year was the value of these intertwined partnerships. As cyber threats continue to pose a challenge at all levels of government, the collaboration between the government and the cybersecurity industry is accelerating to help address cyber threats to safeguard communities against ransomware, data theft, election security risks, and critical infrastructure attacks.
We watched the Change Healthcare breach unfold weeks ago, which persisted as a theme throughout media conversations at the conference – this isn’t a one-off instance, the public reputational damage and continuous conversation of a cyber incident is the standard, especially with the new SEC regulation that requires publicly traded companies to disclose “material” cybersecurity incidents to the agency, making it harder to hide a breach.
More than ever before, companies must have a crisis plan in place for when (not if) a cyber incident occurs in their environments. To help companies with cybersecurity issue communications, Highwire PR launched our new Comprehensive Cybersecurity Crisis Communications Service during RSAC.
This new service sets companies up to prepare for, monitor, and manage any cybersecurity issues, this new crisis communications offering will provide companies with a full range of support including:
Looking to hear more insights about this year’s RSAC? Drop us a line – we’re happy to chat!