February 21, 2017 By Kevin Beaver 3 min read

I think it’s safe to say that we’ve all learned, in some way or another, that talk is cheap. From an early age, and especially into adulthood, we’re presented with situations where we feel like we’re being sold something that benefits the seller more than it does us. This fundamental human challenge is front and center in the field of information security, and it tends to be most prevalent at industry events such as the RSA Conference.

RSA Wrap-Up: Key Takeaways and Trends for 2017

As I walked around speaking with vendors, attending specialty track sessions and listening to the keynotes, it seemed that everyone had the magical silver bullet to fix enterprise security woes. Looking past the hype, however, there were several reasonable, believable trends to take away from RSA. Here are the things I think you should pay attention to and, perhaps, explore for your information security program in the coming year.

IoT Steals the Show

The issue of securing the Internet of Things (IoT) seemed to provide the most talking points at this year’s RSA show. I’m guessing that’s because IoT is sexy, cool and a new frontier for all of us. The key lesson I took from the show was to bring IoT into the fold of your security program. If you don’t, it’s just a matter of time before yet another medium is creating unnecessary business risks.

That said, there is some fearmongering around IoT. To me, that sends a message that all IoT devices are vulnerable most if not all of the time. The assumption is that these devices are connected to the internet or otherwise easily accessible and are therefore easily exploited. But that’s not true in most of the situations I’ve seen in my work. Sure, the onslaught of IoT devices can introduce new risks, but every situation is unique. Risk context is critical, so don’t just assume it’s all gloom and doom.

Listen to the podcast: RSA Speaker Charles Henderson discusses the future of IoT Security

Security Analytics: The Final Frontier

Analytics is that final frontier of security oversight that we can’t seem to master. With cloud-centric artificial intelligence and big data analytics claiming to solve our current challenges associated with logging, alerting and responding, perhaps these emerging solutions will inch us toward getting a better grip on this area.

Still, don’t expect drastic improvements. I remember “event correlation” being the security term du jour at a security conference I spoke at back in 2003. We’ve come a long way since then, in some respects, with threat management and incident response. But it seems we have such a long way to go.

Shortage of Expertise

Both security and privacy professionals are in increasingly high demand. That’s great job security for us, but it’s facilitating business risks that may never be properly addressed, at least not in the foreseeable future.

Based on what I’ve witnessed in my work, rather than simply adding more headcount to solve security and privacy problems, we need to work smarter. Courses in goal and time management can go a long way for IT and security professionals. Even more amazing, however, are the opportunities professionals often miss because they’re too busy majoring in minors — putting out fires that don’t need attention instead of focusing on what’s most important in terms of security.

It’s a challenge, for sure, but the key is to make sure you’re maximizing your current resources. There’s always more that people can do.

Don’t Take the Bait

Everyone has something to sell. That’s how the world works. The important thing is that you become — or remain — a savvy consumer and question what other people are proposing.

Although I do believe that most information security leaders should isolate themselves from marketing banter and focus inward on their known weaknesses for a year or two, it’s hard to avoid the challenges associated with emerging technologies, laws and relationships in today’s business world.

Keep your finger on the growing pulse of the items listed in this RSA wrap-up, among other issues you’re hearing about, but maintain a firm grasp on your core security program. The latter is where you’re going to get the best returns on your investment.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today