SAN FRANCISCO—There is a constant drumbeat of negative news in the cyber-security industry, but there is room for some positive messages as well, according to RSA Security President Rohit Ghai.
Ghai kicked off the 2018 RSA Conference here on April 16 with a keynote address in which he detailed cyber-security silver linings.
"Cyber-security is getting better, not worse," Ghai said. "Here's what I propose we do with our time. Let’s not talk about the hackers' advantages—they can do that in their own conference. Let's talk about our advantages."
In a year of bad news, there are cyber-security silver linings, Ghai said. One such silver lining: The notion of the so-called "silver bullet" is now gone.
"In cyber-security we are not lusting after the latest shiny gizmos. We are taking a business-driven security approach to managing digital risk," he said. "Risk is not the enemy. Too much of it is, so is too little of it."
Ghai noted that between complacency and recklessness there is a Goldilocks zone of risk. RSA Security's mission is to help organizations en route to their digital future to stay in that zone, he said.
Security teams are overwhelmed, and 44 percent of incidents go unhandled, which has led to terms like "cyber-fatigue." "I don’t know what's next in our cyber vocabulary. Perhaps 'cyber-frustration'?" Ghai said. "I personally like 'cyber-joy'—the feeling you get when you kick a hacker's behind."
By prioritizing incidents based on business context and focusing on the crown jewels of an organization—the most critical people, systems and processes—Ghai said that organizations get a recipe for cyber-joy.
"We are focused on being safer everyday rather than being unhackable someday," he said. "We have escaped the lure of the silver bullet fantasy."
Another silver lining outlined by Ghai is that the best defensive teams anticipate better than anyone.
"For us in cyber-security, new technology is an accelerant," he said. "But the Murphy's law of cyber-security states that new technology equals new vulnerabilities and that technology is as much a target as it is a weapon."
There has been a gap between when an emerging technology becomes mainstream and when cyber-security professionals have learned how to use it, according to Ghai. That gap, he said, has been narrowing in recent years, especially with the adoption of artificial intelligence and machine learning.
"Malware identification and spam detection have been poster child use cases for machine learning, and now with sophisticated risk models, it is also helping us combat fraud and money laundering," Ghai said.
Ghai also highlighted government actions and policies, including the European Union's General Data Protection Regulation (GDPR), as helping to put the issue of data management and data privacy front and center, not just for the EU but globally.
In addition, Ghai said business stakeholders are more engaged than ever before, with cyber-security a board-level agenda item.
"It's simply the nature of our work that our biggest wins will never be front-page news," he said. "When we execute on the silver linings, we don’t make headlines. In fact, we stop the bad ones."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.