After an impressive performance by Kevin K.O. Olusola to open the RSA Conference keynotes in San Francisco on April 17 2018, Rohit Ghai, President of RSA Security, presented an optimistic view of the industry, explaining why he believes cybersecurity is getting better, not worse.
“The headlines of last year are a reminder that unprecedented digital risk exists, and it casts a dark shadow over whether what we’ve done over the last several decades matters at all,” he said. “It absolutely does matter − cybersecurity is getting better, not worse.”
He argued that the cybersecurity industry concentrates too much on hacker advances rather than its own advances. “Let’s talk about the future of security, not the future of threats,” he said. “Our security community is getting stronger and moving faster.”
The New York Times aren’t going to cover how technology has managed to stop a huge data breach, and there’s a reason for that, explained Ghai. “After all, we don’t want to reveal the details of our security posture.
“We can, however, celebrate our success as a community. We need to focus on the cybersecurity silver linings – do more of what’s working and do it faster.”
Paying attention to the psychology of defense, not just the technology of defense is crucial, advised Ghai. “The spirit of the defender matters as much as the shield.”
We need to focus on the cybersecurity silver linings – do more of what’s working and do it fasterRohit Ghai, President of RSA Security
For years, he said, the cybersecurity industry has motivated itself by fear of what happens if we fail. “We should start inspiring ourselves with the glory of what we enable if we are successful.”
He advised focusing on the cybersecurity silver linings, which he broke down as follows:
End of the silver bullet fantasy
“We are no longer lusting after latest shiny gizmos. We need to focus on getting a bit better every day, rather than focusing on becoming totally unhackable one day.”
We need to focus on security hygiene. “Hackers are human after all and they do have finite resources and follow the past of least resistance. They are attracted to juicy or easy targets. It’s ok to be a juicy target, being an easy target is not so great. WannaCry was our wake-up call”
Quicksilver law of cyber defense
New technology is a weapon for both the offense and the defense. “They have the same technology that we have. New technology equals new vulnerabilities. It’s as much a target as a weapon. We are getting better and better at getting to the ball before our opponent.”
Magic of sterling teamwork
“There is huge power in security that is designed in rather than bolted on. We need to move security upstream into the heart of the DevOps perspective. As an industry, we are teaming better than ever and everyone is chipping in.”
“Cyber incidents put everyone’s career at stake,” continued Ghai. “It takes a lifetime to build trust and only a moment to lose it. Our collective risk as an industry is that we fail to avoid a breach of trust in technology itself.
“Our biggest successes will never make headline news. But our work isn’t about this, it’s about protecting people and tech in an increasingly difficult world and about enabling the digital adventurers so they can make the world safer.”