The Art of Possible: Redefining Cybersecurity in the Age of Data as the New Perimeter
I have now had the privilege of attending RSA for over 20 years, yet this conference never grows old! My RSA 2024 started on Sunday, speaking with a group of Cybersecurity executives on translating cybersecurity risks for a Board of Directors. The National Association of Corporate Directors (NACD) guidance on this topic came up a number of times, I find it useful, and you reference it as well.
The conference officially got started on Monday and was themed as “The Art of Possible”. The conference served as a convergence point for over 40,000 cybersecurity professionals and business leaders in San Francisco’s Moscone Center and surrounding areas. This year’s discussions delved into the forefront of cybersecurity innovations, addressing emerging threats, and the evolving landscape where data has become the new perimeter.
My key take-away, there are several important themes evolving in our industry and we have shifted from Identity as the new perimeter, to Data being the new perimeter of cybersecurity, and most companies are struggling to define that territory.
At times I have heard the analogy that cybersecurity is like a chess game. I would argue in chess you see the whole territory, or in this case the chess board. You know where all the pieces are, and you know how they are allowed to move. I think chess is too black and white, pardon the pun, related to the colors of the chess board. I think our craft is more like a series of poker hands, where we are making probabilistic bets based on incomplete data sets. Similar to only seeing your cards in poker and only the hands played by your opponents.
With that in mind, let’s explore the pivotal insights from the conference, focusing on the implications of AI, data governance, geopolitical threats, quantum computing, and the importance of resilience in modern cybersecurity.
Artificial Intelligence in Cybersecurity
Artificial Intelligence (AI) emerged as a central theme, with over 100 sessions dedicated to exploring its impact on cybersecurity. The discussions highlighted both the opportunities and challenges presented by AI. Experts emphasized the necessity of distinguishing generative AI from other AI types and explored how large language models can enhance cybersecurity tools. AI’s dual nature, acting as both a defender and a potential threat, was a recurring topic.
CrowdStrike CEO George Kurtz underscored the critical need for adopting AI-driven next-generation Security Information and Event Management (SIEM) solutions to stay ahead of cybercriminals. AI’s ability to predict and prevent cyber threats before they manifest is seen as a game-changer. However, concerns about “shadow AI,” akin to shadow IT, were raised, stressing the importance of monitoring and regulating unauthorized AI applications within organizations.
Data Governance: The New Cybersecurity Perimeter
Ten years ago, we started to analogize the data is the new oil. Given data may empower, but also imperil, I would suggest that day is the new uranium. Would you like to know where your uranium is?
As organizations increasingly digitize their operations, data has become the new perimeter in cybersecurity. I’m plagiarizing myself when I state “The World Bank defines governance as “the manner in which power is exercised in the management of a country’s economic and social resources for development. Governance has been defined as the rules of the political system to solve conflicts between actors and adopt decision (legality).” Galileo Galilei, the Tuscan physicist, mathematician, astronomer, and philosopher who contributed to the Scientific Revolution, once said, “Wine is sunlight, held together by water.” We can translate that into, “Resilience is execution, held together by governance.” The RSA Conference 2024 brought data governance to the forefront, addressing the complexities of managing and securing data across different organizational levels. Effective data governance policies are crucial in ensuring compliance with evolving standards and protecting sensitive information.
Speaking of resilience…
Resilience Building: Beyond Technology
Resilience in cybersecurity goes beyond implementing advanced technologies. The RSA Conference emphasized the importance of fostering collaboration across different stakeholder groups to build a resilient cybersecurity posture. Mandiant CEO Kevin Mandia highlighted the evolving tactics of ransomware groups and the necessity of a holistic approach to resilience. Here is a simple question to ask yourself as a Chief Security Officer when things go sideways, “Who will suffer with me when we have a serious breach?” If you don’t have a list of stakeholders incentivized with skin in the game, you don’t have a collaborative and resilient team in place. Today is a good time to start building one.
Geopolitical Concerns and Cybersecurity
The intersection of cybersecurity and geopolitics was a significant focus at RSA 2024. With the rise of nation-state actors and their sophisticated cyber campaigns, the need for a robust and coordinated defense strategy has never been more critical. CISA Director Jen Easterly highlighted the increasing threats from countries like China and emphasized the importance of building a “secure by design” infrastructure.
The voluntary pledge signed by 68 leading software manufacturers to enhance product security from inception was a notable development. This pledge aims to address common vulnerabilities, promote multi-factor authentication, and improve transparency in vulnerability disclosures and can’t hurt in the age or Ransomware, also a hot topic at the conference. Such collaborative efforts are essential in fortifying national cybersecurity defenses.
Quantum Computing and Cryptography
Quantum computing, with its potential to revolutionize data processing and encryption, was another interesting theme. Renowned cryptographers, including Whitfield Diffie and Adi Shamir, discussed the implications of quantum computing on current cryptographic techniques. The panel addressed concerns about quantum computers breaking existing encryption standards and the need for developing quantum-resistant algorithms.
Recent advancements and scares in quantum computing have underscored the urgency of preparing for a post-quantum world. Organizations are advised to stay informed about developments in this field and begin planning for the transition to quantum-safe cryptographic methods.
The Future of Cybersecurity: Embracing the Art of Possible
As we look ahead, the insights from RSA Conference 2024 provide a roadmap for navigating the complex and ever-evolving cybersecurity landscape. The theme “The Art of Possible” reminds us that while challenges are inevitable, they can be overcome through innovation, collaboration, and a forward-thinking mindset.
- Adopt AI-Driven Solutions: Leveraging AI to enhance threat detection and response capabilities is crucial. Organizations must stay vigilant about the ethical and secure use of AI to prevent it from becoming a double-edged sword.
- Prioritize Data Governance: With data as the new perimeter, robust data governance policies are essential. Ensuring data integrity, compliance, and security across all levels of the organization can mitigate risks and enhance overall cybersecurity posture.
- Strengthen Geopolitical Defense: In the face of rising nation-state threats, a coordinated and proactive defense strategy is vital. Collaborative initiatives like the “secure by design” pledge can significantly enhance national and organizational cybersecurity resilience.
- Prepare for Quantum Computing: Staying ahead of quantum computing advancements and planning for quantum-resistant cryptography will be critical in maintaining secure communications and data protection in the future.
- Build Resilience Through Collaboration: Technology alone cannot ensure cybersecurity. Building resilience requires a collective effort from all stakeholders, fostering a culture of security awareness, and promoting collaboration across different sectors.
The RSA Conference 2024 has set the stage for a future where the possibilities in cybersecurity are boundless. By embracing innovation, prioritizing data governance, and fostering collaboration, we can navigate the challenges ahead and secure a safer digital world.
Conclusion
Key takeaways from the RSA Conference 2024 underscore the dynamic nature of cybersecurity as data has undeniably become the new perimeter. Effective governance, combined with cutting-edge technology and collaborative efforts, will be key to managing the risk probabilities we face. Embracing the “Art of Possible” is not just a theme but a call to action for the cybersecurity community to rise to the challenges and create a resilient, secure world. Thank you to Gary Miliefsky and the team at Cyber Defense Magazine. I will be speaking at their annual conference this October 31st – November 1st. Gary and team run a top notch event and I encourage you to attend!
About the Author
Nick Shevelyov is the Founder and Managing Partner at vCSO.ai, a cybersecurity and data privacy Advisory and Consulting firm helping companies enhance their risk strategies and product companies improve their go-to-market storytelling and channel development. He is the former Chief Security Officer (2007 – 2021) at Silicon Valley Bank, the bank of the innovation economy. He is the author of “Cyber War…and Peace”, has been published various periodicals, sits on the Board of Directors of the Bay Area CSO Council, and advises several Venture Capital and Private Equity firms.