This post is also available in: עברית (Hebrew)
RSA 2020 annual information security conference held in San Francisco during the last week of February focused on the Human Element in cybersecurity. Rohit Ghai, RSA President, said: “I feel that we have lost control of the narrative as an industry, and we need to take that back and make sure we clarify the role of all the human characters in our story.”
His recipe for changing the security narrative is part celebration of the industry’s successes and part denial of financial gain for threat actors, according to siliconangle.com.
71% of the cyber attacks are financially motivated, he said citing Verizon’s 2019 data breach report. Estimates are that ransomware attacks alone cost US government agencies and businesses over $7.5 billion in 2019.
The advantage of cyber attackers vis a vis the security industry lies in the fact that they are more organized. Rohit claims that while the industry prepares for the most complex events and techniques, in fact, most of the attacks are not sophisticated.
One of the problems is professional exhaustion. The fear from breaches, the amount of information and know-how required for constant updating is exhausting, and this impairs defense capabilities. Additional problems are connected with deficient communication with users, business and counterparts.
Rohit calls for focus on resilience. Cyber security industry should reiterate the defenders’ narrative and share stories of success, not just breaches and failures, although it is clear that it is impossible to win in each and every event.
Atlanta is an example to a city that sustained a ransomware attack. It didn’t win, but neither the hackers, because the city refrained from paying, and eventually built more resilient infrastructures.
He said one of the difficulties in recruiting manpower for cyber defense is the fact that people do not want to join the losing group. The industry’s focus on technology led to a neglect of the defenders’ psychology.
In sum, Rohit calls cyber industry to recruit forces from the outside, exterior to the immediate ecosystem, and open up the profession to people that are not necessarily cyber qualified, in order to create variation and different points of view, that are not necessarily technological.
Interested in learning more about the latest innovations in cyber? Attend i-HLS’ InnoTech Expo in Tel Aviv – Israel’s largest innovation, HLS, and cyber technologies expo – on November 18-19, 2020 at Expo Tel Aviv, Pavilion 2.