The RSA Conference 2024 in Five (Plus One) Topics

The RSA Conference 2024 was another hit! With the theme “Art of Possible,” the event explored collaboration in cybersecurity and how the power of community can drive tremendous transformations.

Speakers at RSAC 2024 emphasized the need for a collaborative approach, where organizations, practitioners, and researchers come together to share best practices, threat intelligence, and innovative solutions. Noteworthy examples highlighted at the event included the Cyber Threat Alliance (CTA) and the Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative (JCDC).

Despite the emphasis on people-centric cybersecurity efforts, AI dominated the discussions. While these themes aren’t mutually exclusive, it was clear that AI readiness from a security perspective is a heated debate in progress. Many panels and discussions focused on this crucial topic.

What did we learn and see during that week in San Francisco? Here are our 5 (+1) takeaways.

1. AI is here to stay, but security is not a priority

AI was a central topic in nearly every conversation. Generative AI (GenAI) is influencing all aspects of cybersecurity, on both sides of the threat landscape. Discussions revolved around the risks posed by GenAI and the new, improved tools it offers to mitigate threats.

However, the IBM/AWS “Securing Generative AI” study revealed that current efforts are insufficient. Only 24% of respondents are securing their GenAI initiatives, and a staggering 70% prioritize innovation over security. As with other recent technologies, “secure by design” is not a top concern for many business leaders.

2. RSAC 2024 introduced powerful "Secure by Design" initiatives

The Cybersecurity and Infrastructure Security Agency – CISA introduced a “Secure by Design” pledge at RSAC 2024, signed by 68 organizations, including major players like Cisco and AWS. The pledge commits software and platform developers to:

  • Promote multi-factor authentication (MFA) usage
  • Reduce default passwords across products
  • Eliminate entire classes of vulnerabilities
  • Increase the installation of security patches
  • Implement vulnerability disclosure policies
  • Add more detail to Common Vulnerabilities and Exposures (CVE)
  • Gather more evidence of intrusions

3. Emerging trends in attack techniques were presented during RSAC 2024

Attendees and panelists discussed the five most dangerous new attack techniques that organizations need to be aware of. Many of these attacks are enabled or enhanced by GenAI and exploit human factors as key vulnerabilities. The top 5 attacks are:

  • Supply chain attacks: Exploiting vulnerabilities in third-party software and services to gain access to target organizations
  • Ransomware-as-a-Service (RaaS): The rise of RaaS platforms making it easier for cybercriminals to launch ransomware attacks
  • Deepfakes and synthetic media: Using AI-generated fake content to deceive and manipulate victims
  • Internet of Things (IoT) botnets: Exploiting vulnerabilities in IoT devices to create large-scale botnets for malicious purposes
  • Cloud-based attacks: Targeting misconfigurations and vulnerabilities in cloud infrastructure to gain unauthorized access

4. Software Supply Chain Security and AI/ML Challenges

A critical area of discussion at RSAC 2024 was securing the software supply chain. Sessions highlighted the complexities of Software Supply Chain Security (SSCS), the role of AI and ML in addressing these challenges, and the need for effective risk mitigation strategies within the AI/ML supply chain.

Speakers stressed the importance of understanding the entire software supply chain, including third-party components and services. They discussed using AI and ML to automate the detection and remediation of vulnerabilities, and the challenges of ensuring the trustworthiness and reliability of AI/ML systems.

Don't Just Check the Box!

Find out how to move from checking compliance boxes to Human Risk Management that delivers behavior change and SOC alert reduction.

5. Government Policies and Initiatives in Cybersecurity

In addition to the CISA “Secure by Design” pledge, RSAC 2024 featured key updates on government policies, guidelines, and frameworks related to cybersecurity, with a particular focus on U.S. software supply chain security policy. Notable discussions included the U.S. International Cyberspace and Digital Strategy, emphasizing digital solidarity and responsible use of emerging technologies to enhance cybersecurity efforts.

Speakers from government agencies, such as CISA and the National Institute of Standards and Technology (NIST), shared updates on their latest cybersecurity initiatives and guidelines. For instance, NIST presented its updated Cybersecurity Framework, which now includes a dedicated section on supply chain risk management.

+1. RSAC 2024 showed Human Risk Management is here to stay

We had the pleasure and honor or being at RSAC 2024 helping represent the shift from traditional Security Awareness to Human Risk Management (HRM), as outlined in Forrester’s The Human Risk Management Solutions Landscape, Q1 2024

At RSAC 2024, we had the pleasure of representing the shift from traditional Security Awareness to Human Risk Management (HRM), as outlined in Forrester’s The Human Risk Management Solutions Landscape, Q1 2024.

Our industry peers (vendors, specialists, analysts) also drove this conversation, and the shift is noticeable: security leaders are eager to understand how to upgrade their security programs through integrations and a deeper understanding of human risk.

We held demos of our HRM platform, showcasing its ability to reduce security alerts caused by employees, provide a clearer understanding of security programs and infrastructure through advanced analytics, and deliver real behavior change with custom content and real-time learning interventions.

If you want to see a personalized demo of our HRM platform, you can schedule a time with our team here.

Rodrigo Leme

Rodrigo Leme

Marketing Director for Right-Hand Cybersecurity, Rodrigo has over 20 years worth of experience in Technology companies in Brazil, US, Canada and other countries. He is based in Sao Paulo, Brazil, and loves everything tech, music, marketing, writing, and hockey (go Canucks!).

More collection from our blogs

Ally is engaging, different, flexible, automated, device agnostic and aligns with our goals to be a cutting edge bank that both finds ways to accommodate and empower our people.

See for yourself how to upgrade your security awareness

Schedule a demo today, and learn how to raise engagement, performance and reduce operational stress with our platform.