How To Tailor Key Risk Indicators (KRIs) To Your Organization’s Specific Threats
Every organization faces risk each day, but no two organization’s risk landscapes look exactly the same. It’s the…
In many ways, the RSA Conference is unparalleled among global cybersecurity events.
From sheer size to the number of opportunities to rub elbows with tech heavyweights, the conference stands alone for its ability to draw attendees from the far reaches of the industry. Every year startup founders and corporate CEOs, academics and practitioners alike descend on one city for five days, making it the temporary, buzzing epicenter of the security industry. For newcomers, experiencing the teeming bazaar of cybersecurity sights, sounds, and sales pitches can be downright overwhelming.
This year, San Francisco’s Moscone Center played host to the festivities, including presentations, special keynotes, and training sessions on the new topics and technologies that are defining the contours of the industry. True to the conference tagline—"Where the World Talks Security"—this year's dominant conversation involved the one topic that’s become a persistent bugaboo for company leaders around the world: information security and the specter of the dreaded data breach.
My LogicGate team and I were fortunate to attend the conference, and though it’s impossible to take advantage of every opportunity, we still came home with some valuable takeaways to share with others. Below are a few themes that emerged:
We can’t predict the future of cybersecurity—but we still try
Everyone wants to play the game of predicting where cybersecurity is headed, and the RSA Conference is always a hotbed of technological prognostications and tea-leaf prophecies. This is in part due to the tireless interest in the topic—everyone wants to see into the proverbial crystal ball.
Unfortunately making accurate long-term forecasts remains a difficult endeavor. Just going back five years, it would have been hard to foresee where we are now in terms of tools, spending, data breaches, and all the rest. Many talks at RSA try to predict the future, but we need to collectively admit that it’s a futile practice. What we should be doing is focusing on compliance and operational efficiency.
Spotlight on vendor management
Third-parties are essential opportunities for businesses to decrease costs, outsource tasks, and increase competitive advantage. That said, vendors do create a significant source of risk as information gets shared between each party. As breaches affect more and more organizations—and third-parties serve as the source of the breaches—tighter vendor security will be a focus.
UX is a must-have
User experience is critical to even the best risk and compliance management technology. Good technology can be subverted by a poor end user experience when employees create their own workarounds, resulting in shadow IT and data disparities. The bottom line: risk and compliance pros want technology to be as easy to use as apps on their iPhones. By keeping employees happy, the risk of shadow IT is reduced by the system being properly utilized.
A version of GDPR for the US is on its way
On this side of the Atlantic, California is at the forefront of consumer data protection with the California Consumer Privacy Act (CCPA) going into effect in 2020. Other progressive states such as New York may also initiate consumer data protection legislation in the near future. As more states make strides toward their own versions of CCPA, this will lead the federal government to take a stance on consumer privacy, creating a national standard. It wouldn’t make sense for each state to individually govern consumer data. If you can imagine, data coming from Ohio to New York being held to different governance laws would create a messy situation.
Playing the long game of software acquisition
SaaS solutions make it easy to download, implement, and start experimenting with different platforms rapidly. While this is a great benefit over old-school legacy solutions, companies need to take a long-term perspective on software acquisition, similar to hiring. A company may be looking to fill an immediate need today, but what about six months, one year, or five years from now? Software needs to match the company’s long-term vision in capabilities and scalability.
Findings at RSA are always insightful for cybersecurity professionals, and we look forward to attending again in 2020.
