Security

RSA 2021: What to Expect at This Year’s Digital Event

With resilience as its theme, the major cybersecurity conference will explore how businesses are staying safe in a changed world.

Bob Keaveney

Bob is the managing editor of BizTech magazine.

It was shortly after the conclusion of RSA 2020 in late February last year that the world changed. A few days following the San Francisco-based cybersecurity conference, one of the largest events of its kind in the world, organizers informed some of the roughly 40,000 attendees that a few participants had tested positive for the coronavirus. A few days after that, businesses started shutting down and sending workers home.

It’s no wonder, then, that the theme of RSA 2021, which returns as a digital event beginning May 17, is resilience.

“I don’t think there could have been a better theme for this conference or for the past 12 months,” said Hugh Thompson, chair of the conference’s program committee, in an event preview video. “If you think about an enterprise, the security organization is effectively the organization that’s responsible for resilience. We saw a lot of interesting subtopics around resilience, including lots about securing a remote workforce — in fact, we have a whole track built around that. And it’s not just, ‘Hey, what are the best practices for a remote workforce?’ It’s ‘What are the human implications of securing folks that are now in an environment you can’t control?’”

Artificial Intelligence, Zero Trust, Among the Topics at RSA 2021

This year, RSA will feature more than 200 educational sessions across 24 informational tracks and will include 19 keynote addresses. Resilience is a concept that will be threaded through many of the sessions, as speakers describe how they and others endured the massive security challenges of sudden remote work while their organizations weathered the concurrent business disruptions. “We’re seeing that topic woven in everywhere,” Thompson said.

Scheduled sessions include “The Coming AI Hackers,” in which the Harvard Kennedy School’s Bruce Schneier will describe a world where “the tax code, financial markets and any system of laws” can be hacked by AI-powered bots, disrupting social, economic and political systems. This week’s ransomware attack on the Colonial Pipeline, disrupting gasoline delivery for days and sparking panic buying in some parts of the country, is an example of the type of social disruption that cyberattacks can cause.

In addition, Microsoft CISO Bret Arsenault will discuss his company’s deployment of zero-trust security for its own employees and the lessons it has learned since the start of the pandemic. Mark Weatherford of the National Cybersecurity Center will lead a panel discussion on how businesses should set security priorities under ever-worsening circumstances. Anne Mortimer, managing partner of the law firm Hunton Andrews Kurth, will draw from her experience to describe “bungled breach responses.”

Luminaries delivering keynote address at this year’s event include Chuck Robbins, CEO of Cisco; Steve Grobman, CTO at McAfee; Angela Weinman, Vmware’s head of global governance, risk and compliance; Vasu Jakkal, vice president of security, compliance and identity for Microsoft; Dow Chemical CISO Mauricio Guerra; and Johnson & Johnson CISO Marene Allison.

SolarWinds CEO Will Speak at RSA 2021

One of the most interesting sessions will feature Sudhakar Ramakrishna, CEO of SolarWinds, who will discuss the major supply chain attack that hit the company last year. “For the first time, SolarWinds shares its unique view of the attack’s ‘what, how, and who,’ including key learnings about the novel tradecraft that can help the industry better prevent and protect in the future,” notes RSA on its website.

A key trend in cybersecurity in recent years is information manipulation, which can include anything from “fake news” designed to influence an election to sophisticated phishing attacks. Concerning the latter, Thompson noted that threat actors have dramatically improved their tactics and the technology they use to target employees since the days of dubious emails from Nigerian princes.

“Think about what used to be a standard email compromise,” Thompson said. “You’d get an email coming in to finance and it would have a great story about why you should wire a sum of money somewhere immediately. Today, some of those attacks involve deepfakes and you might get a call from, apparently, the CEO, when it’s actually not.”

Keep this page bookmarked for articles and videos from the event, and follow us on Twitter @BizTechMagazine and the official conference Twitter feed, @RSAConference.

Getty Images/ gorodenkoff