What you missed at RSA Conference 2024: Key trends and takeaways – Source: securityboulevard.com

The 32nd annual RSA Conference (RSAC) – one of the biggest cybersecurity shows in North America — was held in  San Francisco last week at the Moscone Center. The who’s who-event was jam-packed with hundreds of vendors, speaking sessions, and all kinds of goodies.

However, more important than the swag (and there was lots of swag) were key updates on government policies, guidelines and frameworks, as well as new discoveries concerning threat actors and advice for security leaders as the lay out their plans for 2024 and beyond.  Here are the major updates that matter, ranging from artificial intelligence (AI) to software supply chain security (SSCS).

[ Learn more in our Webinar: Top Trends & Takeaways from RSAC 2024 ]

Cybersecurity obsesses on AI

It’s no surprise that the subject of artificial intelligence (AI) and the impact that generative AI (GenAI) tooling has on different areas within cybersecurity were major topics of consideration at this year’s RSA Conference. The rhetoric around this topic to date has been balanced between concern for threat actors abusing this technology, as well as high hopes for how AI can assist threat hunters and security teams in their efforts. This dichotomy was evident at RSAC 2024.

For example, research by IBM and AWS (Amazon Web Services) on the current state of GenAI security found that despite 82% of C-Suite respondents to a poll said that “secure and trustworthy AI is essential to the success of their business.” However, only 24% are actually securing their GenAI initiatives. Equally concerning: IBM found that nearly 70% of respondents believe that, when it comes to AI, innovation takes precedence over security.

The IBM/AWS survey paints an alarming picture: While the use of GenAI for business goals is generally popular, concern for securing these programs is lagging – amounting to an afterthought for senior executives. 

U.S. Homeland Security Secretary Alejandro Mayorkas shared concern for the current state of AI in his keynote at the show. Mayorkas noted in his talk that the Department of Homeland Security (DHS) is particularly focused on how AI can be implemented in ways that not only protects the privacy and safety of Americans, but also the country’s critical infrastructure.  He said he was hopeful regarding the DHS’s newly established AI Safety and Security Advisory Board, which hopes to balance AI’s benefits with risks related to critical infrastructure. 

In another keynote presented by Tom Gillis, Senior VP and General Manager at Cisco, there was agreement for the need to protect critical infrastructure. Gillis stressed that cybersecurity leaders should harness the power of AI to bolster defenses, and avoid getting caught up in the hype around the technology.

“As AI gets weaponized by adversaries – the only way to stop those attacks is by making sure that you can use AI natively in your defenses.”

—Tom Gillis

RSAC speaker Elie Bursztein, an AI Cybersecurity Technical and Research Lead at Google’s DeepMind, shared hopeful thoughts with attendees concerning AI. His talk highlighted the ways in which cybersecurity can use GenAI for the better, such as identifying and fixing security risks in open-source repositories or remediating software vulnerabilities.

“AI is eventually going to give us back the advantage [over AI-empowered adversaries] because the upside of using it is really, really large.”

—Elie Bursztein

While AI looks promising for software supply chain security, there is more research and innovation that needs to happen before this technology can reach its full potential in out-pacing adversaries, he said.

The state of U.S. software supply chain security policy

RSAC has usually been an avenue for government officials to share key updates regarding cybersecurity policies and initiatives. This year’s show was no exception, and software supply chain security was in the spotlight. 

In his keynote speech to attendees, U.S. Secretary of State Antony J. Blinken laid out his department’s goals in securing the digital systems that power the nation’s critical infrastructure.

“The distinction between the digital and physical realms is eroding.”

—Antony J. Blinken

To account for this concern, Blinken unveiled the new U.S. International Cyberspace and Digital Strategy, which he said treats digital solidarity “as our North Star.” Blinken defined digital solidarity as the shared understanding among the tech world that it is necessary to be responsible and safe with emerging technologies. 

This new strategy aims at aiding software supply chain security efforts, confirming the need to ensure that new software products and version releases are secure from threats. Those threats include malicious tampering with code, the exposure of software secrets and credentials, and more. Blinken said in his speech that the U.S. government is using its discretion to further software supply chain security and other cybersecurity goals. 

“The United States is forging tech partnerships that will make critical technology supply chains more resilient, more diverse, [and] more secure. It is crucial that we work with trustworthy vendors and exclude untrustworthy ones from the ecosystem.”

—Antony J. Blinken 

Secure by Design aims to bolster the software ecosystem

U.S. Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly unveiled new efforts from the agency that align with Blinken’s concern for digital solidarity. CISA’s Secure by Design initiative, released over a year ago, has now expanded to include the Secure by Design Pledge, which is described as a “voluntary pledge focused on enterprise software products and services.”

The goal is that by signing the pledge, software producers will promise to “make a good faith effort” during the next year to adopt seven goals, which include reducing entire classes of vulnerabilities, increasing visibility for product customers into cybersecurity intrusions, and more.  Several notable companies have already signed the pledge, including Microsoft, CrowdStrike, Google, and SentinelOne. CISA is encouraging software firms that are interested in taking the Secure by Design Pledge to email CISA at [email protected].

Join the discussion: Get more insights from RSAC 2024

Join RL for a live discussion with two top cybersecurity experts (and RSAC 2024 speakers) on Wednesday, May 22 at 12pm ET. Speakers include Devici CEO Chris Romeo and BlackGirlsHack’s Tennisha Martin, who will share their top takeaways from this year’s big show — and answer your questions.

*** This is a Security Bloggers Network syndicated blog from ReversingLabs Blog authored by Carolynn van Arsdale. Read the original post at: https://www.reversinglabs.com/blog/what-you-missed-at-rsa-conference-2024-key-trends-and-takeaways