The first RSA Conference took place 30 years ago. It was conceived by the then-CEO Jim Bidzos, and consisted of roughly 50 people in a room discussing cryptography – the focus area of that first assembly. By the turn of the millennium, the conference expanded internationally, reaching audiences in Europe, China, Singapore and Abu Dhabi. Ten years later in 2011, the RSA Conference boasted an impressive 18,500 attendees in the United States alone.
While the cybersecurity community has been awed by the sheer growth in attendance, the RSA Conference has also evolved in many more qualitative ways. From initially a niche gathering in the corners of the cybersecurity world, it has developed into a more inclusive collective with a keen focus on business objectives.
“Over time, the conference became more business oriented. It had broader themes and a broader focus. We really see ourselves now at the intersection of business, policy and technology. The conference’s growth is a real testament to how the cybersecurity industry has grown in visibility; it touches all of our lives," said Linda Gray Martin, VP, RSA Conference.
The headlines of daily living punctuates Martin’s observation that cybersecurity “touches all of our lives.” Each year brings new threats and different challenges, all of which require rethinking our approach to cybersecurity. Large and small businesses alike are at potential risk and, therefore, it’s of paramount importance that all organizations, in an evermore connected world, are armed with the right tools.
A Focus on Cyber Resiliency
We’ve reached a point in time where having strong, reliable cybersecurity is more than just a nicety – it’s a well-touted and accepted necessity. No business can operate safely without it. The topic, itself, has been discussed, debated and written about countless times over the past decade. Of growing collateral interest and practicality, as illustrated by its having attracted attention as last month’s RSA 2021 Conference topic, is cyber resilience.
So, what exactly is cyber resilience and its relationship to cybersecurity? Essentially, cybersecurity describes the ability to protect against and avoid threats, mitigating vulnerabilities and their potential impact. Impact is where cyber resilience – a business’s ability to mitigate damage – and cybersecurity overlap.
The entire concept of cybersecurity as historically conceived – constructing an impenetrable perimeter against which any predatory actors stood no chance – is of little use today. It’s as outdated now as the paradigm of “reactive dection” has become in light of the emerging paradigm of AI-supported “proactive protection.”
If merely protecting against the threat is not enough, what defines adequate cyber resilience? A strong cyber resiliency program ensures continuity of operations with minimum impact to a business despite an incident. It is an iterative process providing the means of recovering from a successful attack. While the specific measures to ensure cyber resilience will most likely vary from business to business, a good starting point is to work out where cyber events and incidents could have the most damaging effects.
This is where the concept of a “digital twin” can play an important role. A digital, simulated model of your organization or its processes can help you understand the impact of an event on overall output and efficiency.
Technology continually offers new opportunities for businesses to grow and put strategic imperatives into action. As a seasoned member of the cybersecurity community, I have experienced first-hand the unprecedented new threats that come concurrently with the incredible benefits of technological advancement. These advancements are seen as an opportunity, as a new door to be explored and through which bad actors can advance their attacks, attacks that become concomitantly more sophisticated by the hour.
While it may seem pessimistic to accept the fact that cyberattacks, even in the wake of AI advancements, are going to occur – it’s our reality today. As a cybersecurity community, it is imperative that we continue to iterate and improve upon our cyber resilience strategies to ensure they provide an effective – and realistic – approach to addressing nefarious behavior.
Because at the end of the day, as the old adage reminds us, “We have to be right every time to win; Hackers only have to get it right once.” But by minimizing the fall-out and loss tied to these successful exploits, organizations can both protect themselves and reduce the value of cybercriminal activities.