Last week I had the privilege of mingling with a record 40,000 attendees at the 25th RSA Conference at San Francisco’s vast Moscone Convention Center. It was my 11th RSA, each one slightly bigger than the last. Yet with cyber threats continuing to morph and intensify, it is hard to imagine RSA actually peaking any time soon.
I sat down with some 40 security and privacy experts, including chatting with EY’s Director of Global Cybersecurity Ken Allan and EY’s U.S. Advisory Services Director Henry Burgess as we rumbled around the streets of the city by the bay in a limo van. To take advantage of a couple of sunny days, I also conducted a number of interviews in nearby Yerba Buena Gardens city park.
Free resources: Planning ahead to reduce breach expenses
Wielding my trusty Zoom H4N Handy Recorder and two well-worn Shure SM58 mics, I left with the kind of substantive insights you only can get one-on-one at a gargantuan event like this, where everyone arrives primed to share deep intelligence.
I came away with an encouraging sense of a jelling consensus: Yes, the bad guys remain well ahead. That’s because the good guys remain obsessed with pursuing productivity gains built on Internet-centric commerce. This, in turn, continues to open fresh attack vectors that well-organized, well-funded bad guys can easily exploit, without having to break much of a sweat.
That said, there is a plethora of amazing technologies that can slow down the bad guys—more than 700 vendors pitched and promoted their wares at the Moscone Center. But it’s almost too much, at this point. Decision-makers at large organizations are frustrated. Collectively, they spent north of $90 billion last year on old and new defenses, and yet measuring the effectiveness of such systems remains elusive.
Meanwhile, the majority of small- and medium-size companies are just waking up. Many are overwhelmed and don’t know where to start. Yet addressing cyber exposures, as part of routine risk management, is something every business must do. And smaller businesses probably will respond to services that truly help them.
The encouraging part has to do with vendors recognizing and responding to nuances in demand from organizations of all sizes. Keynote speakers and panel experts riffed on the Internet of Things, industrial control systems, encryption, artificial intelligence, crowd sourcing, machine learning and more. My one-on-ones touched on cyber dashboards, Distributed Denial of Service attacks, insider attacks, hacktivism, managed security services and forensics techniques.
In the weeks ahead, I will post these conversations as part of ThirdCertainty’s new podcasting service, which launches today. To begin, give a listen to my chat with Fortscale CMO Kurt Stamberger from the floor of Moscone’s south exhibition hall. Stamberger helped get RSA rolling in the early 1990s—and continues to toil in the vanguard.
More on cybersecurity for SMBs:
Managed security services help SMBs take aim at security threats
SMBs should start with simple solutions to manage security risks
To manage antivirus solutions, SMBs need a security mind-set
This article originally appeared on ThirdCertainty.com.