RSA Conference 2022. PHOTO: Cybercrime Magazine.

RSA Conference: It All Started With 3 Little Letters

Now in its 31st year, the 2022 cybersecurity extravaganza should be the best ever

Charlie Osborne

London – May 4, 2022

After two years of COVID-19, working from home, and live event cancellations, the RSA Conference is on the horizon. Its themes provide a snapshot of the most pressing issues facing today’s cybersecurity industry.

RSA Conference organizers say the event is where “the cybersecurity world comes together,” with the team “dedicated to delivering unbiased insights, education, and thought leadership from industry experts.”

RSA has become popular enough since its inception in 1991 to warrant the interest of investors who intend to turn RSAC into a “standalone, independent business.”

Even today, decades later, cybersecurity experts still flock to the event — and this year’s conference, taking place in San Francisco between Jun. 6 – 9, provides us an insight into the current themes in cybersecurity — although, as the pandemic taught us, they are in a constant state of flux.

If you take a look at the keynote speakers on offer in 2022, ranging from evolving threat data to working from home (WFH) security concerns, emerging threats, and geopolitics, the problems faced by defenders today are vast — but it is events like RSA that can promote the sharing of ideas and solutions.

RSA Conference: The Past 30 Years

It all started with 3 little letters

Rohit Ghai, CEO of RSA, puts it best with his keynote address: “Emerging technologies, expanding connections, hidden vulnerabilities: our sector understands that change is only constant.  As the world adapts once again, our industry’s experience shaping transformational shifts will determine the next normal.”

The constant evolution of cybercrime is a challenge faced by the industry at large. According to Steve Morgan, founder of Cybersecurity Ventures and editor-in-chief at Cybercrime Magazine, some of the most topical issues surrounding these challenges are ransomware, cybercrime-as-a-service enterprises, and the emerging threat of cryptocurrency-related cyberattacks.

“Ransomware rages on as cyber fighters chase more sophisticated attacks launched by many organized crime gangs and solo malicious actors using RaaS kits,” Morgan says. “Cryptocrime is the second-fastest-growing type of cybercrime behind ransomware and it’s not clear that today’s cybersecurity experts fully understand it, let alone are able to combat it.”

Another key topic at the event is the ongoing changes caused by the COVID-19 pandemic. Businesses and their employees worldwide were forced to adapt — and so did the cybersecurity companies and teams protecting them.

Businesses, naturally, are worried about ensuring there is a balance between WFH, office operations, productivity, and profitability. But unfortunately, organizations may force security to the sidelines to the benefit of productivity and workflows — and this is an area that must be addressed, not just by cybersecurity professionals but also by business leaders.

“The fact of the matter is that there is a trade-off when it comes to just about every aspect of security whether it’s turning on multi-factor authentication (MFA) and then having to scramble for your phone when logging in, to taking time out of the day to attend a security awareness training session, and so on,” Morgan commented.

The problem of training and retaining talent is another issue that will be discussed at RSA, and one that can be asked not just in younger industries, such as cybersecurity, but in almost every business you can think of.

However, in the infosec community, the issue is becoming critical — and has become a driver toward transformation.

Technologies including artificial intelligence (AI) and automation can ease the pressure on existing cybersecurity teams, but this isn’t enough. As a result, there have been recent pushes in bug bounty program adoption, education, and retraining initiatives.

Cybersecurity Ventures has followed the skill shortage over the past eight years. From 2013 to 2021, cybersecurity-related vacancies grew by 350 percent, with 3.5 million jobs remaining unfulfilled.

However, according to Morgan, the urgency surrounding the skills gap has become a welcome catalyst for transformation — and now, we are finally seeing a plateau, if not a decrease.

“The single biggest change driver, as far as we’re concerned, has been building a cybersecurity talent pipeline over the past five years, and it’s finally paying off,” Morgan commented. “For the first time in a decade, the number of unfilled jobs has leveled off and there is light at the end of the tunnel.”

Charlie Osborne is a journalist covering security for ZDNet. Her work also appears on TechRepublic, Cybercrime Magazine, and other media outlets. 

Go here to read all of Charlie’s Cybercrime Magazine articles.