Resilience became part of our DNA this past year. As RSA Conference kicked off, Rohit Ghai, CEO and General Manager of RSA, took to the stage to thank our “digital-first responders” who showed resilience in making sure our kids could still log in to their classrooms, researchers could collaborate on vaccines, and governments could serve their citizens. In his opening keynote, Ghai shared three ideas to achieve resiliency: Fall less often; withstand the fall; rise up stronger.
These three ideas permeated throughout the keynotes and sessions at RSA Conference this week. One resounding concept that nearly everyone, from CISO to practitioner, agreed on is that we need to challenge ourselves about how we think about and manage digital risks.
The first step in accepting that challenge is to admit that we need to break out of the status quo and face the reality that how we have been managing risk will no longer work in the post-pandemic era. Jimmy Sanders, Head of Information Security at Netflix DVD, and Angela Weinman, Head of Global Governance, Risk, and Compliance at VMware, teamed up to address the topic in their keynote, “Telling Hard Truths to Impact Change in Cybersecurity.” One of those hard truths is that security risk is out of focus. Sanders explained, “If we can’t accurately determine risks, it becomes difficult to accurately recover from impacts.” Sanders and Weinman went on to say that we need to look at risk across the spectrum, not just under one narrowly defined scenario. For example, when it came to enabling a remote workforce, many organizations were not prepared. Sanders noted, “Many of us focus our plans on who is critical, and as it turned out last year, that meant everybody in your organization.”
Several keynotes this year addressed the resilience of the very bad actors we are at digital war with every day. Dmitri Alperovitch, Chairman, Silverado Policy Accelerator, and Sandra Joyce, Executive VP, Head of Global Intelligence at FireEye, discussed in “Global Threat Brief: Hacks and Adversaries Unveiled,” how two major hacking events, SolarWinds and the Microsoft Exchange Hafnium hack, were similar in nature in terms of the objective but vastly different in how the adversaries behaved. Alperovitch and Joyce also speculated on the tactics and motives of nation-states and criminal gangs that present the most risk.
Alperovitch shared what he believed to be the biggest threat we face: “To me, the biggest threat is actually not the nation-states, it’s ransomware. It’s impacting everyone on the planet—from your grandmother who now has to find Bitcoin to unlock her family photos to school districts and hospitals to the largest companies.” Millions of Americans felt the impact of ransomware directly when only days ago, the Colonial Pipeline was shut down by ransomware, causing gas outages across the East Coast, prices to rise up over $3 a gallon, and forcing a major supplier of critical infrastructure to pay a $4.4 million ransom to resume operations.
The SolarWinds hack was a hot topic in several keynotes. The most notable keynote on the topic perhaps was “Hacking Exposed: Next-Generation Tactics, Techniques, and Procedures by Michael Sentonas, CTO at CrowdStrike, the company that discovered the malware used by the SolarWinds hacker. Before jumping into a live demonstration of how part of the attack worked, Sentonas stated, “One of the most sophisticated aspects of the campaign was how skillfully the attacker took advantage of architectural limitations in Microsoft’s Active Directory Federation Services,” noting it allowed the hacker to jump between an organization’s on-premises environment and into the cloud.
While several keynotes addressed what we are up against and the threats we face as an industry, others focused on ways to fight back. One reality organizations will need to grapple with is how to manage the risk of hybrid environments. The pandemic accelerated digital transformation and cloud adoption, with the CEO of Microsoft remarking they saw two years of digital transformation in just two months. In the keynote, “Securing Today’s Unbound Enterprise,” Forcepoint CEO Manny Rivelo sat down with Georgie Barrat to discuss the topic, noting, “We are going to continue to see a hybrid world. The key is how you orchestrate around that hybrid world. The most important thing is that you don’t have a two-headed policy: one set of security solutions for on-prem and one set of security solutions for the cloud.”
The world we are coming back to will be different, and on that, most agree. One thing that will be different for sure is the role of the CISO within most organizations. In the panel, “Spanning the Globe: The State of the Industry from the People Who Run It,” security leaders from some of the world’s leading organizations lamented on how they led through crisis and what they expect next. Darren Kane, CSO at nbn™, anticipates the role of the CISO will develop and grow into a Chief Trust Officer, where the focus will be on building security and reliability to create trust. “You have to trust the provider and the service being provided, and we are the custodians of that trust.”We lived through a global pandemic and came back more resilient. But as Chuck Robbins, CEO of Cisco, noted in his opening keynote, “We have not encountered a global cyber pandemic. We have not been fully tested.” New questions will require new answers to achieve resiliency, and the answers lie in a single quote by Albert Einstein that resounded throughout numerous sessions at Conference this year: “We cannot solve our problems with the same thinking we used when we created them.”