RSA Day 1: Why Cybersecurity Isn’t Working and Where We Go From Here
The #HWCyberSquad is on the ground at RSA 2020, and we’ll be recapping each day’s highlights right here in one place! Tune in all week for the latest from our award-winning security practice.
This year’s RSA theme is The Human Element, which certainly came through in today’s opening keynotes. Speakers and panelists kicked off this week’s conference by critically examining the past, present, and future of cybersecurity, and how we can better secure not just technology, but the people behind it.
People At The Forefront
We kicked off the day with RSA Security President, Rohit Ghai, who recapped what cybersecurity has looked like in the past, what it looks like now, and how it should ideally evolve and shift as we head into 2020 and beyond. He led by saying that in order to change the future of cybersecurity, we need to do three things — examine and analyze the stories we have, imagine the story we want, and strategize a way to realistically achieve it. He argued that right now, cybersecurity professionals are living in a state of cognitive dissonance. They understand that humans need to be at the center of what they do, but are not doing enough to consider humans when creating cybersecurity strategies. Ghai noted that leaders are being too technical in their approaches to cybersecurity, and that “preparing for the worst does not prepare you for the likely.” By putting humans at the forefront of cybersecurity, organizations will be better equipped to stop emerging threats.
Designing Cybersecurity For The Everyday Individual
Another theme highlighted in today’s presentations was the need for cybersecurity that the everyday individual can easily digest — not just the experts. Wendy Nather, Head of Advisory CISOs at Cisco, highlighted three ways that we can do this — shifting from a control model to a collaboration model, simplifying the cybersecurity controls we use, and opening up cybersecurity culture to everyone. By designing cybersecurity to be adopted rather than for it to be enforced, organizations can make cybersecurity something that users would rather choose. If security was designed in a digestible, consumer-grade fashion, humans could more easily adapt in their everyday lives.
Cybersecurity At A Global Scale
Of course, some of the hottest global issues were also discussed, including the pros, cons, and practicality of quantum computing, and what is being done around election security as we approach voting day.
Steve Grobman, Senior Vice President and Chief Technology Officer at McAfee, made the case that our current practices are far too similar to what we’ve employed in the past — particularly as it pertains to quantum computing. Quantum computing is a real risk, even if it isn’t completely here yet. Panelists on the annual Cryptographer Panel shared similar sentiments, noting that currently, quantum computing is nowhere near safe enough to protect against nation states. All agreed that quantum computing needs to be designed cyber-smart if it will ever be a possibility.
The same goes for election security – panelists on the Cryptographer Panel compared our election security to a “cyber pearl harbor” and spoke to how we need to engineer our voting systems to be inherently secure. Chris Krebs, Director of the Cybersecurity and Infrastructure Security Agency, noted that 2016 was a clear wakeup call, but reassured audience members that federal leaders across agencies are working diligently to make sure the 2020 election keeps voters protected.
Overall, there’s one thing that all of the speakers agreed on today — the current model for cybersecurity just isn’t working. Business leaders and security practitioners alike need to implement smarter cybersecurity measures that put more focus on the people. How humans — both benevolent and malicious — act and think need to be at the forefront of everything we employ if we want to protect against emerging threats at local and global scales.
Stay tuned for tomorrow’s keynote recap, and be sure to follow Highwire on Twitter and Instagram for more RSA 2020 insights at @HighwirePR.