The 2019 global RSA Conference theme celebrates our successes and urges us to continue improving the security of our digital world.
At RSA, this is more than a conference theme, it is how we view our role in cybersecurity – making things better. Earlier this year, during the opening keynote at RSA Conference U.S., we told the story of a great future for all of us in a bright new era...a better time and place. This week, kicking off RSA Conference APJ in Singapore, co-presenter Holly Rollo and I continued to explore what our industry needs to do now to make the digital world better. As C.S. Lewis put it, "There are far better things ahead than any we leave behind."
The New Why
BusinessInsider magazine tells us that every single one of the Fortune 500 companies have been attacked. Think back to your first time. What was your reaction?
In 1986, the first widely documented case of a bad actor came at the Lawrence Berkeley National Laboratory in California. Dave Cleveland, a systems manager, found 9 seconds of computer time that didn't get paid for by a department. It was a seventy-five-cent error which was supposed to be impossible on his systems. He had no clue that this problem would lead to the creation of a multibillion-dollar industry.
Now, 33 years later in the 21st century, we have worldwide frameworks for cooperation, support, training, and a lot of smart people who work exclusively on these problems full-time in a best-effort race to try to keep up with the bad actors. Solving problems such as, what products do we let into our corporate environments? How does a company assure a customer that its product is safe? How painful is it when a flawed product must be removed from the corporate environment? Each of these are massive problems that we all focus our efforts against daily. And now governments and the courts are involved. It all comes down to trust, and we all have high expectations that our trust, as companies, customers, and consumers, will not be violated.
We talk a lot about these concepts, as well as the "what" and the "how" of this industry. What we can do to leverage modern technologies and how we can ensure that the future is, indeed, better.
Simon Sinek has said, the what and the how are important but it's best to start with the "why". I submit that several hundred billion dollars and a few decades in it is time to rethink the why of cybersecurity.
Why change the why?
In a word – "Digital". Some say it's just a buzz word. Is it real? Is it an incremental change or a quantum one? Let's unpack "digital".
- Technology has always been an accelerant, but with digital we are seeing real time businesses and as the business dances to a faster rhythm, technology needs to dance in tandem.
- Digital is not just more technology, it means technology in places it's never been like inside pace-makers, inside cars, inside light bulbs. At this point many leaders have argued that technology is the business.
- Data has always been the output of technology. In the digital world, data is the fuel for – not just the exhaust from – technology. It powers machine learning and artificial intelligence.
- Our supply and distribution chains are not just physically connected but digitally connected.
- In this digital world, our community of risk and security professionals have moved from being background defenders of the business to the forefront enablers of digital transformation.
It is clearly time to rethink the why.
As digital transformation enables new business models, creates mesmerizing experiences and unleashes unprecedented productivity, it also magnifies and accelerates risk. Organizations adopting digital technologies are not prepared for this level of permeation of technology into their business; digital risk becomes the largest risk any organization faces. The digital economy is built on a foundation of trust. Data and technology are vulnerable to cyber attacks, can displace human jobs and can devour human attention span spawning societal challenges. Digital technologies are a formable force for the progress of humanity, and they magnify digital risk. As we've seen organizations fail to demonstrate cyber-resilience and competency in managing data privacy and integrity, we see a growing erosion of trust in technology.
Our collective new why is – Enabling Trust in a digital world.
Enable trust; not eradicate threats. Enable digital wellness; not eradicate digital illness. That's our new why.
Our collective "what" going forward is this idea of Digital Risk Management. Allow organizations to chart a safe passage to their digital future by managing risk along the way. Risk is what enables innovation. Avoiding risk avoids progress so we must manage risk.
Our mission may appear overwhelming but it's more worthwhile than ever. It's attainable if we work together and find ways to break out of the silos we traditionally lived in. IT, Security, Risk and business teams must all work together to tame digital risk.
This is a weak link sport. Everyone must play a part for us to win.
If you think about the role of IT, it's not just to build technology solutions to power the flight to the digital future. IT is responsible for reducing the attack surface by designing security in as an intrinsic part of the stack and the development process
Security must shift left and shift right in the world of SecDevOps. The security teams must apply business context to take a risk orientation as their job is not to eradicate breaches but minimize business impact. The risk teams move with the velocity of the digital business and learn how to communicate cyber and digital risk to the business stakeholders.
Finally, the role of business is to define the digital agenda and effectively communicate it as context to the IT, Security and Risk teams to help them prioritize.
This is a team sport. IT and Business converge to enable digital transformation while Security and Risk converge to enable trust.
What does a trust-enabled world look like? It's an amazing world where we unshackle innovation, allowing it to move at the speed of thought, driving incredible economic and humanistic gains. A trust-enabled world is amazing.
It's the why we do what we do.
So, if you find yourself daunted by the what or the how of our incredible mission, take a moment to reflect on the why.
Find inspiration in the why.
The digital future of the world is counting on us to do just that.
# # #
Learn more by watching RSA's 2019 RSA Conference Keynotes. Videos Courtesy of RSA Conference:
- The Trust Landscape, featuring RSA President, Rohit Ghai, and Security Strategists, Niloofar Razi Howe
- The New Why of Cybersecurity, featuring RSA President, Rohit Ghai, and RSA Senior Vice President and Digital Transformation Leader, Holly Rollo
Join the #TalkingDigitalRisk conversation on Twitter and social media by following @RSAsecurity.