More than 50,000 cybersecurity professionals have gathered in San Francisco for the RSA Conference this week. The theme of the show, Now Matters, highlights the urgency and pressure felt in cybersecurity today. The week-long event kicked off with a series of keynotes from RSA President Rohit Ghai, Microsoft President Brad Smith, McAfee CEO Christopher D. Young and U.S. Department of Homeland Security Secretary Kirstjen Nielsen.
"There are 50,000 of us here which is a great testament to the growing power of our community, and what we do with our time together matters more now than ever," Ghai said. "Now matters because it drives what's next."
He said that cybersecurity professionals need to not only stop breaches inside of their organizations, but also realize how that collective risk impacts society.
"For years, we have motivated ourselves by the fear of what happens if we fail,” Ghai said. “What if we could inspire ourselves with the glory of what we enable when we are successful?"
He then outlined three silver linings that can help cybersecurity pros see the positives, using sports success stories to drive his points home:
- Celebrating small victories – every move of the needle can help
- Anticipating risk when adopting new technology
- Fostering collaboration within cybersecurity and across the organization
The Cybersecurity Tech Accord
Smith began by explaining how 2017 was a wakeup call for cybersecurity, and now is the time to decide what we will do to improve the world. Last year we saw attacks unlike any we’d seen before, and as more devices are connected, vulnerabilities increase.
“In a world where everything is connected, anything can be disrupted,” he said. “What that means for us is that everything needs to be connected, from the cloud to the edge.”
He said that industry needs to come together to put security first, and he announced that 34 companies joined together for the Cybersecurity Tech Accord.
This digital Geneva Convention follows four principles:
- Protect all of our customers and users everywhere, regardless of circumstance
- Oppose all cyberattacks on innocent citizens and enterprises
- Take new steps to work together to add resiliency across the ecosystem
- Commit to partnering together to enhance cybersecurity
Establishing a Culture of Cybersecurity
Young compared cybersecurity to air travel and safety and said that just like how transportation safety has evolved over time, so will cybersecurity.
“We have to drive a culture where cybersecurity truly gets the prioritization that it deserves in all of our programs, in all of our offices,” he said. “We have to agree that cybersecurity has not reached the level of security it needs to reach.”
Young said that people often ask him why the problem hasn’t been solved and why cybersecurity isn’t a priority.
“Many people don’t believe cybersecurity is their job and their responsibility, but part of that is because we haven’t begun to change the culture in organizations,” he said. “We must prioritize cybersecurity if we are truly to drive progress in our industry.”
Young said that cybersecurity is on the board’s mind – they are talking about it – but they don’t know how to take action.
“We as practitioners have yet to find ways to help them translate that awareness into action,” he said. “They need our help connecting what we do every day to what the mission and values of their organizations are all about.”
Collaborate to Combat Cyber-Threats
As threats multiply, the picture is becoming dimmer, not brighter, Nielsen said. Today, cyber is a target, a weapon, an attack vector and a method.
“Cybersecurity is national security,” Nielsen said. “Cybersecurity is now everyone’s problem. It’s affecting our lives, our livelihood and our way of life.”
With bolder and more brazen cyber-criminals than ever before, cybersecurity professionals, the industry and government need to work together to thwart them. Nielsen called on cybersecurity professionals to be proactive in sharing what they find to strengthen the cyber-ecosystem.
“Your risk is now my risk,” she said. “You can no longer protect yourself in a vacuum.”
She added that everyone is vulnerable, and the only way to succeed is to share ideas, share threats and crowdsource the response.
“We don’t need to close ourselves off from the world to protect ourselves,” she said. “Together we will forge a path to build confidence in security.”
Read more from RSA 2018:
Advance your cybersecurity career with the CompTIA Cybersecurity Career Pathway.