Over 2,400 people submitted applications to speak at this year’s RSA Conference, presenting their knowledge of contemporary cybersecurity as a focal point of consideration for industry professionals in 2020. Those submissions span tutorials, training, demos and expert keynote speeches designed to communicate innovation is digital defences with the approximately 50,000 people expected to attend.
These submissions represent the top concerns of experts working in cybersecurity today and the kind of challenges they expect to face in 2020. Ten trends featured predominantly across the range of submissions, which have fed into the central theme of this year’s conference.
Here are those ten trends and our take on why they are so significant to modern cybersecurity.
The central theme of the 2020 conference is the human element. People are at the core of any business and will engage with an organisation’s sensitive information at most stages as it is processed. Human beings are fallible and far easier for criminals to exploit than state-of-the-art software. Knowing how to implement a security-first attitude in your organisation, keep your staff fully informed about digital risk and create a technologically responsible environment is crucial to ensuring that your business will be safe against emerging threats.
New products designed to make business processes easier come onto the market all the time. When you incorporate new software into your systems, you introduce the possibility of new risks. You have to put in the extra work to make sure your cybersecurity remains as consistently effective across your entire network once it has been altered to accommodate new tools. If products come to market with security features built in, their integration with existing systems becomes easier and your infrastructure as a whole will be better protected against emerging targeted threats.
IT and OT security
Historically, IT and OT departments, responsibilities and supply chains have been broadly separate. As modern businesses evolve, the two have begun to converge. Acknowledging this overlap and finding a way to efficiently merge the two distinct operational cultures in a way that won’t compromise the work they already do separately. Knowing how to navigate the impact this will have on an organisation’s culture is key to maintaining effective security across an infrastructure.
This is another element in which the overlap of two historically separate departments is causing security experts to rethink their approach. Integrating security into DevSecOps is critical when it comes to improving communication within a business to optimise necessary processes. Making sure your frameworks will do what you need them to, and that you have the right people to implement them effectively, is something every organisation needs to consider.
With GDPR having been in effect for almost two years, both businesses and consumers are cautious about their data and their privacy. GDPR-compliant organisations are already seeing a variety of benefits to their operations, impacting everything from ethics to efficiency. Developing businesses processes with privacy and data security in mind can not only meet compliance standards, but also refine the way business is done and massively influence customer satisfaction.
Having a comprehensive understanding of the risks that exist in the wider digital landscape is key in being able to thoroughly defend against cyber threats. Artificial intelligence is making some progress when it comes to detecting anomalies, but there is only so much that machine learning can achieve without human engagement. As these tools develop, it is important to consider their limitations and to better map out the evolving relationship between technology’s limitations and human involvement.
As business culture, technology and governance all continue to mature, it is important to re-evaluate the underlying frameworks that support your systems. Keeping these updated to match the development of technology, regulation and culture within your business will allow you to better embrace change in every department.
No business is secure unless every member of staff has a comprehensive knowledge of security best practice and a thorough understanding of how and why to implement such measures. This gets more relevant every day and new threats are developed to match the pace of both developing technology and to exploit the expiration of old systems. Proper education and up-to-date training is key for any organisation that expects to last.
Every department in your organisation can be optimised to the max, but your business will still suffer if they can’t communicate and collaborate properly. For a business to run smoothly, communication needs to be clear enough that people in every department and at every level thoroughly understand their roles and their relationships with the rest of the company.
There is a worrying shortage of skilled cybersecurity professionals. Many businesses are at risk of exploitation as there simply aren’t enough staff available with the expertise to protect them. People already within the cybersecurity industry need to consider how they can attract new talent to their organisations, how they can train existing employees to tackle new problems and how they can develop diverse and talented teams that are equipped to handle any eventuality.