Security

RSAC 2022: How Organizations Can Work Together to Improve Cybersecurity

Despite their differences, organizations and their competitors all face a common adversary in cybercriminals.

Joe Kuehne is an Associate Editorial Director at BizTech magazine.

Cybersecurity is built on relationships. Organizations have technological relationships with the data they generate, but they also have personal relationships with the people behind the data — customers, vendors, partners, suppliers, employees and even competitors.

No organization operates in a vacuum, and the interconnected nature of their operations behooves them to work in a way that responsibly considers the individuals and other organizations around them.

This is perhaps most clear when it comes to cybersecurity. While each organization may have different objectives, they all face the same enemy in a threat landscape that continues to expand at an alarming rate. At RSA Conference 2022, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, called for private and public organizations to work together to combat the cyberthreats they all face.

Click the banner below to receive exclusive industry content when you register as an Insider.

Data Privacy Protects Business Assets and Customer Interests

The interconnectedness of cybersecurity initiatives and the need to develop trusted relationships were recurring themes throughout the conference. Nearly every speaker acknowledged how challenging it can be to establish trust in the face of overwhelming rates of data generation.

According to Dominique Shelton Leipzig, privacy and security partner at the law firm Mayer Brown, “We are generating globally 2.5 quintillion bytes of data per day. That’s 18 zeros behind it.” Organizations face the dual challenge of unlocking the value of the data they’re creating while protecting the privacy of the people behind that data. If they neglect the former, they sacrifice potential profit and miss out on a competitive advantage. If they ignore the latter, they could lose the trust of their customer base, which is becoming increasingly informed about data rights and concerns.

“The issue of privacy has — almost, it seems, overnight — gone from a legal issue to a business issue. It seems like almost every day I pick up the news, and on the front page, there is something there dealing with data, privacy and insight,” Leipzig said.

Keith Enright, chief privacy officer at Google, said, “Processing data, even at that astonishing scale, can be good. If we are making people’s lives better, if we are delivering value to our users and our customers around the world and we’re doing it responsibly, we need to challenge this assumption that processing data is intrinsically negative or hostile or harmful. Because I don’t believe that’s the case if we're doing it in a responsible and thoughtful manner.”

Diversity Is the Solution to the Talent Shortage

A strong data privacy strategy demands innovation and expertise, both of which can be in short supply considering a widely acknowledged talent shortage. Recruitment and retention have become critical to any company looking to build a solid IT team and a culture of security.

“We need to really think about how we attract more talent and retain that. And that means we need to be more inclusive. We need to create platforms that every person, no matter who you are, can do your best work and thrive,” said Vasu Jakkal, vice president of security, compliance and identity at Microsoft.

“For 20 years now, we’ve dealt with the same problem. Our demand for security analysts, engineers, researchers and consultants far exceeds our supply. And every single day, that gap continues to grow,” said Bryan Palma, CEO of Trellix.

“Our lack of diversity is holding us back in two important ways. First, we are turning away great people and doing our industry a significant disservice. By failing to cultivate a more inclusive environment and neglecting to provide pathways for more female and non-binary people, people of color, and people from the LGBTQ+ community, we are only widening our already enormous talent gap. We are all better when we benefit from the diverse perspectives of others,” Palma said.

Palma said a less diverse IT team is simply bad for business. “Our lack of diversity restricts our ingenuity, innovation and ability to recruit the next generation of talent.”

We need to create platforms that every person, no matter who you are, can do your best work and thrive.”

Vasu Jakkal Vice President of Security, Compliance and Identity, Microsoft

Working Together to Thwart Cybercriminals

Increasing diversity requires making resources more accessible to and equitable for all communities. Two speakers from Cisco introduced the concept of a security poverty line, which is the baseline level of minimum security posture an organization must maintain. Jeetu Patel, Cisco’s executive vice president and general manager of security and collaboration, said, “When companies don’t have the right level of resources or know how to go out to maintain that, that’s when they fall below the security poverty line. And what that does is put the entirety of the ecosystem at risk.”

Shailaja Shankar, senior vice president and general manager of Cisco’s security business group, echoed Patel’s concerns, calling for cooperation among leading organizations and assistance for smaller companies. “Large organizations are able to negotiate the right kinds of terms with their vendors, suppliers and partners the way that small organizations are not able to,” she said.

“When I think about nonprofit organizations, I actually think of them as critical infrastructure. When nonprofit organizations are not able to attend to the victims of violence, they’re not able to be there in times of disaster, and they’re not able to feed the hungry, then we are all impacted,” Shankar continued. “The challenges facing the organizations that are below the security poverty line are so large that no single organization can actually address them. I welcome you all to work with us. I welcome you all to join us in making sure that we do the right thing for this interconnected world.”

Patel put it this way: “When we talk about competing with one another, competition is good because it makes us all better. But the real competition isn’t each other. The real competition are the bad actors. Let’s make sure that we can all join forces. I think there has to be a business model shift to make sure that people below the security poverty line are also kept secure so that the entire ecosystem is safe. Collectively, we think we can defeat our adversaries.”

Keep this page bookmarked for articles and videos from the event, and follow us on Twitter @BizTechMagazine and the official conference Twitter feed, @RSAConference.