As I reflect on the RSA Conference, a few thoughts come to mind. It was only a couple weeks ago, but given current events and the Coronavirus pandemic, it feels much longer. There were all the trappings of a traditional trade show. Walking the show floor was as usual, full sensory overload, with each carnival barker clamoring for your attention with much fanfare—”Come see the one-eyed snake,” “Hercules battling the greatest of threats with the greatest of ease”—you know it when you see it. There is also the choose your own security adventure between the Innovation Sandbox, the tracked sessions, the keynotes, and of course the expo halls.
What’s often difficult to see with any clarity is what are the threats. The RSA Conference will have you believe it is everything—everything is a threat. Not only that, but to be responsible you must both have everything, and you must do everything. Why else would all these organizations spend all this money and time to be in San Francisco?
Sometimes we need a face for a threat, sometimes for the simple fact that you need an enemy if you want a fight. We like to say it’s the Russians or the Chinese as if a foil is necessary to draw the lines between what is black or white. What I am finding to be a greater challenge when I am walking through the streets is perhaps the real threats are the ones we ignore not through ignorance (as we all know what that is), but through conscious acceptance of risk and doing nothing anyways.
So, what do we do? We can look to the future. Artificial Intelligence (AI), and Machine Learning (ML) is the topic du-jour. While I don’t disagree with the potential benefits both as a practitioner and consumer of these technologies, I struggle with the labels we use. Calling something both artificial and intelligent based on a questionable belief that we can somehow teach a machine to learn better than we can teach ourselves seems like we have the potential to once again place too many “eggs” of belief in tomorrow’s basket.
Don’t get me wrong. These technologies can do a lot, but we should be careful putting our faith into false idols. One thing I did take away from the 2020 RSA Conference is the power of bringing people together. While we might not all be going in the same direction, so many of us are in the same boat (whether we like to think we are or not). The theme of the event was the Human Element this year and given the carnival atmosphere, made more real through all the dizzying applications and ways we choose to connect digitally. I know we won’t lose sight of the connection that must be formed when a whole bunch of people from a whole lot of places come together with a common purpose. Sometimes we need to focus on rising the tide and not making more boats.
It’s important to remember that you can’t prevent 100% of attacks. There is no such thing as total protection. There are lots of tools available, but effective cybersecurity still requires human beings—and having the right expertise to identify and prioritize issues.
