After a COVID-driven hiatus, this June, the RSA Conference returned to San Francisco. With three action-packed days, there was a lot to talk about. Below are five conversations that trended throughout the conference.
1. Shift from “Best of Breed” to Platform Solutions
Companies face various cyber threats and need security solutions that help manage these risks. Historically, the focus has been on deploying best-of-breed solutions centered around managing a certain risk or securing a particular environment. With the growing complexity of corporate security infrastructures and the overwhelming volume of security alerts, the conversation has begun shifting away from best-of-breed to platform solutions. Fewer solutions with wider capabilities help eliminate context-switching between solutions, time-consuming configuration, and maintenance for a variety of standalone solutions, subsequently empowering security teams to do more with less
2. Moving Beyond the Password
Passwords have long been a weak spot in organizations’ cyber defenses. Weak, common, and reused passwords are vulnerable to password stuffing and cracking attacks, and phishing attacks risk the exposure of user credentials.
While the death of the password has long been discussed, recently their elimination has been of heightened interest. An evolution beyond the password to passwordless authentication — relying on “something you have” or “something you are,” rather than the “something you know” (passwords) — provides the strong level authentication that is vital for an effective zero-trust security strategy.
3. API Security is the New Buzzword
Historically, web application security has focused on the web applications themselves. While lists like the famous OWASP Top Ten describe threats that web applications face, they do not always consider the totality of an organization’s public-facing infrastructure.
Application programming interfaces (APIs) are as, if not more powerful and vulnerable to misuse as web applications, but have received much less security attention. However, this has begun to change with the introduction of the OWASP API Security Top Ten list and a focus on securing these APIs against automated attacks.
4. “Transforming” the Human Aspect of Cybersecurity
“Transform” was the theme of RSAC 2022 – and it does not just apply to technology. The “human element” is also a core component of the cybersecurity landscape and updating approaches to managing the people side of cybersecurity is essential to its success.
One of the biggest challenges that companies face when attempting to protect themselves against cyber threats is the difficulty of finding and retaining skilled personnel to fill critical roles. Closing the cyber skills gap requires security teams to possess the tools needed to succeed and avoid burnout, while also working to support and encourage upskilling and reskilling to fill vacant cybersecurity roles.
5. Continue to Focus on Cyber Hygiene
The latest and greatest tools are always a major part of an RSA Conference, and this year was no exception with XDR, ZTNA, and many others making an appearance. However, not all cyber threats can be solved by buying and deploying another new tool.
Cyber threat actors commonly look for the low-hanging fruit and take advantage of errors in cybersecurity hygiene. While cybersecurity hygiene seems simple, the rapid expansion of corporate IT infrastructure makes it easy for insecure configurations, unpatched vulnerabilities, and other security threats to slip through the cracks. To maintain cybersecurity hygiene and protect the organization at scale, companies need AI/ML solutions that can automatically identify and remediate cyber hygiene issues.
How MorganFranklin Can Help
RSAC 2022 defined major security goals for companies, including eliminating the password, securing APIs, integrating the security infrastructure, ensuring security hygiene, and reimagining how to close the cyber skills gap. Taken at face value, these goals may seem overwhelming, but they can all be achieved with the right strategy and tools.
MorganFranklin can help companies to transform these conversations from aspirations into reality. With deep experience with the available security solutions, MorganFranklin’s experts can help with developing a strategy, implementing key functionality, and helping companies to take the next step on their security journey.