Organizations Must Assess Vulnerabilities More Often
RSA 2020, held in February of that year, was one of the last major technology events to take place in person. This year’s event, which continues through May 20, was delayed in hopes that it could go on in person, but was ultimately shifted to a digital format. Speakers will focus on how organizations succeeded in securing remote work environments at a time when ransomware attacks and phishing exploits aimed at employees spiked dramatically, as well as on how they should secure hybrid work environments as employees return to some in-person work and the key security trends of a post-pandemic world.
To fail less often, organizations must use frequent assessments to gain visibility into their vulnerabilities. When they gain that visibility, they should employ threat intelligence to understand their industries’ likeliest antagonists, including their tactics, Ghai said. Deploying zero-trust security environments — which Ghai described as a “mindset, not just an architecture” — is no longer aspirational but imperative in a work-from-anywhere world. Proper zero-trust environments include multifactor authentication, microsegmentation and the limitation of trust to what is “absolutely required.”
The Internet of Things and complex supply chains are broadening attack surfaces. “By some estimates, we are connecting 127 devices to the internet every second, but it’s not just connected devices, it’s connected organizations and the private data flowing through this value chain,” he said. “The average company shares private information with 583 third parties, yet only one-third of organizations maintain a comprehensive inventory of these parties. There are too many dominoes stacked too tightly together — and, look, we can’t ensure that each domino stays upright; instead, we have to space them further apart.”
That means deploying risk assessments via third parties to limit supply chain attacks and employing AI-powered engines that help organizations analyze incidents and prioritize responses.
Better Security Requires a More Diverse Digital Workforce
The pandemic has produced fresh challenges for security teams while making most of the old ones bigger, said Cisco Systems CEO Chuck Robbins, who spoke as part of the conference’s first-day keynote. “We know that we’re now dealing with a very expanded threat surface,” he said. “Every individual is carrying an average of four devices, and this just creates more opportunities for breaches.”
If cybercrime were a country, it would have the third-largest economy in the world, after the U.S. and China, Robbins said, with $6 trillion in global damage caused annually. Consequently, organizations must rethink their entire security architecture with an eye toward vastly more distributed networks that lack perimeters and that include significantly more remote work for the long term.
Perhaps the greatest single security challenge organizations face is a dearth of qualified talent. There only 2.8 million cybersecurity professionals working in the industry worldwide, yet there are more than 4 million unfilled cybersecurity jobs right now, Robbins said.
“We have more unfilled opportunities than we have trained professionals in the world,” he said. “We have to train people, we have reskill people, we have to continue to develop the existing talent. We have to make it easier for people to get into cybersecurity and we have to look at untapped sources of talent.”
Women for example, represent just 24 percent of cybersecurity professionals, even though they represent a majority of new entrants into the larger workforce, he said.
“We must be inclusive to grow our community and find diverse talent,” Robbins said. “It’s a collective priority for us.”