The 3-day RSA Conference 2020 Asia Pacific and Japan, held virtually last week through live-streamed keynotes and webinars, focused on the theme ‘The Human Element’, since “humans are the very heart of the cybersecurity industry”, as told by the RSA Conference Senior Director and General Manager Linda Gray Martin.
In its 50 plus sessions, various experts from the cybersecurity field associated their topics to people, relating to the theme of the conference.
During its second day, keynote speaker Ann Johnson from Microsoft discussed “The Rise of Digital Empathy”, in which she tackled the state of cybersecurity we are facing right now, especially in the middle of a pandemic. Essentially, cybersecurity these days should be more empathetic to the end users, with a personalised setup tailored for the specific needs of the user.
Johnson discussed that what we are seeing right now as the biggest shift to an entirely remote workforce caused by the COVID-19 crisis and with this, we were reminded that security technology is fundamentally about improving productivity and collaboration through inclusive end user experiences. Through digital empathy, every user is empowered to work dynamically based on their individual preferences. This allows each employee to use the right device; at the right time; in the right way, which maximises productivity.
As the virtual conference went on, other speakers talked about how the basic safeguard of industries for their cybersecurity is their employees. John Strand, Owner of Black Hills Information Society, argued that companies should start from the very basic nature of security and not dwell too much on solutions that are repeatedly used. A loop, as he called it.
According to his talk titled “Security Basics: Burn It All and Start Over”, the usage of traditional security defences alone such as firewalls and anti-virus won’t work because they are going out of date very quickly. People must first utilise simple yet fundamental security provisions, such as:
Making your passwords longer.
Using two-factor authentication.
Proactively looking for actual attacks using proven cybersecurity tactics, techniques and frameworks such as MITRE ATT&CK
Improving the logs of your systems.
In another session, Keyaan Williams, founder of Cyber Leadership and Strategy Solutions, talked about security beyond penetration testing, which many companies are focusing on instead of defensive strategies. As he said, “You cannot manage security without people, and you need the right people to be well-trained and ready to support security”. Williams also discussed that developing employees on the defensive side of cybersecurity would be more helpful than just doing ethical hacking or penetration to the system.
Overall, the core message of the mentioned sessions is to educate people about where they fit in the overall cybersecurity puzzle and to teach them the basic principles of security. This is so that problems may be “nipped in the bud”, as they say, or mitigated in the future because really, it all starts within oneself.
What the cybersecurity industry needs are the insights and perspectives from all of the diverse users, putting humanity first to be able to deal with many of the security problems we are faced with today.