February 21, 2017 By Kevin Beaver 3 min read

I think it’s safe to say that we’ve all learned, in some way or another, that talk is cheap. From an early age, and especially into adulthood, we’re presented with situations where we feel like we’re being sold something that benefits the seller more than it does us. This fundamental human challenge is front and center in the field of information security, and it tends to be most prevalent at industry events such as the RSA Conference.

RSA Wrap-Up: Key Takeaways and Trends for 2017

As I walked around speaking with vendors, attending specialty track sessions and listening to the keynotes, it seemed that everyone had the magical silver bullet to fix enterprise security woes. Looking past the hype, however, there were several reasonable, believable trends to take away from RSA. Here are the things I think you should pay attention to and, perhaps, explore for your information security program in the coming year.

IoT Steals the Show

The issue of securing the Internet of Things (IoT) seemed to provide the most talking points at this year’s RSA show. I’m guessing that’s because IoT is sexy, cool and a new frontier for all of us. The key lesson I took from the show was to bring IoT into the fold of your security program. If you don’t, it’s just a matter of time before yet another medium is creating unnecessary business risks.

That said, there is some fearmongering around IoT. To me, that sends a message that all IoT devices are vulnerable most if not all of the time. The assumption is that these devices are connected to the internet or otherwise easily accessible and are therefore easily exploited. But that’s not true in most of the situations I’ve seen in my work. Sure, the onslaught of IoT devices can introduce new risks, but every situation is unique. Risk context is critical, so don’t just assume it’s all gloom and doom.

Listen to the podcast: RSA Speaker Charles Henderson discusses the future of IoT Security

Security Analytics: The Final Frontier

Analytics is that final frontier of security oversight that we can’t seem to master. With cloud-centric artificial intelligence and big data analytics claiming to solve our current challenges associated with logging, alerting and responding, perhaps these emerging solutions will inch us toward getting a better grip on this area.

Still, don’t expect drastic improvements. I remember “event correlation” being the security term du jour at a security conference I spoke at back in 2003. We’ve come a long way since then, in some respects, with threat management and incident response. But it seems we have such a long way to go.

Shortage of Expertise

Both security and privacy professionals are in increasingly high demand. That’s great job security for us, but it’s facilitating business risks that may never be properly addressed, at least not in the foreseeable future.

Based on what I’ve witnessed in my work, rather than simply adding more headcount to solve security and privacy problems, we need to work smarter. Courses in goal and time management can go a long way for IT and security professionals. Even more amazing, however, are the opportunities professionals often miss because they’re too busy majoring in minors — putting out fires that don’t need attention instead of focusing on what’s most important in terms of security.

It’s a challenge, for sure, but the key is to make sure you’re maximizing your current resources. There’s always more that people can do.

Don’t Take the Bait

Everyone has something to sell. That’s how the world works. The important thing is that you become — or remain — a savvy consumer and question what other people are proposing.

Although I do believe that most information security leaders should isolate themselves from marketing banter and focus inward on their known weaknesses for a year or two, it’s hard to avoid the challenges associated with emerging technologies, laws and relationships in today’s business world.

Keep your finger on the growing pulse of the items listed in this RSA wrap-up, among other issues you’re hearing about, but maintain a firm grasp on your core security program. The latter is where you’re going to get the best returns on your investment.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today