From third-party supply chain attacks to exploits targeting Microsoft Exchange to worries about our election security and infrastructure, the world faces unprecedented and unrelenting cybersecurity challenges.
Yesterday, U.S. Secretary of Homeland Security Alejandro N. Mayorkas, Girl Scouts’ Interim CEO Judith Batty, and Dr. Chutima Boonthum-Denecke from Hampton University’s Computer Science Department discussed those issues at a special event hosted by RSA Conference.
During the webinar, Secretary Mayorkas outlined his vision of the Department of Homeland Security’s cybersecurity efforts and priorities. The Secretary’s remarks underscore the complexity and urgency of addressing these challenges, and the need to develop resilient systems that can protect what matters most.
Here are four highlights and key takeaways from Secretary Mayorkas’ remarks that can help us all build our cybersecurity resilience:
1. The “hard truth” about cyberattacks
After discussing the extensive SolarWinds attack, Secretary Mayorkas acknowledged the “hard truth” that “no one is immune from cyberattacks…While one can reduce the frequency of incidents through modernized defenses, ultimately it is not a question of if you get hacked, but rather when. We must therefore also bolster our capacity to respond when incidents do happen.”
The secretary’s remarks underscore the importance of RSA Conference’s 2021 theme, Resilience. The information security and cybersecurity communities combat relentless threats to our data, wealth, hospitals, even our water supply.
The threats we face aren’t going away – but neither are. It’s one of the reasons why RSA Conference continues to be such an important moment for our industry to connect with one another, share what’s working, and prepare for the future.
2. Move to a zero-trust mindset
Resilience requires ranking: given that the threats we face aren’t going to stop, Secretary Mayorkas noted that the U.S. needs to “focus on a risk-based approach” that would determine “what risks to prioritize and how to allocate limited resources.”
It’s a problem that many organizations and families are working through as well. For businesses, one of the best ways to address this issue is to move toward a zero trust mindset and continually verify your users, resources, and applications. To get zero trust right, every organization needs to define its risk parameters and assess what events would lead to organizational losses, how frequently those events occur, and the magnitude of their losses. Identifying high-value assets can help businesses take their first (and typically most important) steps.
It’s worth noting that zero trust isn’t a product, service, or vendor: it’s a goal to aim for. Organizations may already have solutions on hand that bring them closer to zero trust.
3. Cybersecurity affects the real world
Secretary Mayorkas announced several sprints that would help implement his vision of cybersecurity resilience. One of those sprints will focus on improving the resilience of industrial control systems: “the cybersecurity incident at the water treatment facility in Florida last month was a powerful reminder of the substantial risks we need to address.”
The attack on Oldsmar, Florida’s water treatment facility that Secretary Mayorkas referenced is an important example of the growing number of Internet of Things (IoT) and Industrial Internet of Things (IIoT) connections that our sector will need to protect. GSMA predicts that there will be 25 billion IoT connections by 2025, up from 12 billion in 2019. GSMA also expects that enterprise IoT connections will overtake consumer connections in 2024, and will “almost triple between 2019 and 2025,” accounting for just over half of all IoT connections in the next four years.
More connections mean more vulnerabilities. IoT grew up outside traditional IT visibility, so it’s important to begin planning to secure and control the IoT Edge Ecosystem as soon as possible.
4. Stay strategic and long-term
“We must ensure that our work is not driven only by the crisis of the day,” Secretary Mayorkas said. “We must get ahead of the curve and think long term.”
As important as it is to address immediate needs, security teams and IT leaders need to take the long view. The workplace of the future is changing, and those changes are getting baked in today. IT leaders can help their organizations create better security and get a bigger ROI out of workforce transformations by looking ahead and playing to where the puck is going.
Stay connected, stay ready
If the last year showed us anything, it’s that the next change is coming.
We can prepare for whatever that transformation is if we stay connected: the RSAC 365 Virtual Series provides seminars and summits to support and inform the cybersecurity community on new threats, innovative technologies, and foundational best practices throughout the year.
Make sure to also follow RSA Conference on Twitter for more of the voices, insights, and perspectives that will shape the cybersecurity agenda in 2021 and beyond.