Last week, the Exact Market team had the tremendous pleasure of attending one of America’s premier cybersecurity conferences, RSA Conference 2023, at Moscone Center in San Francisco. It was thrilling to join thousands of the world’s foremost cybersecurity authorities and practitioners for a couple of days chock full of engaging and educational presentations and riveting expo floor demos and displays. Below are a handful of the top cybersecurity trends and themes we witnessed throughout the exciting and informative conference.
Security Tool Consolidation
During the Why I’m Optimistic (And You Should Be, Too) keynote, the presenter shared an anecdote about a company that used over 400 security tools simultaneously. While this organization may be an extreme outlier, tool sprawl isn’t uncommon, as 30% of organizations report using over 50 security tools.1 Most companies will still use multiple vendors for the foreseeable future, as it’s improbable that a universal, all-encompassing security platform will capture a vast market share in the next few years. However, businesses can experience improved coverage, simpler management, and reduced operating costs if they consolidate their security tools by working with fewer vendors. If businesses want to consolidate their security technology stack, we heard multiple vendors advise an effective strategy for evaluating consolidation vendors – focus on ones that have high proficiency across multiple industry-recognized cybersecurity categories.
Open Cybersecurity Ecosystem
Dovetailing nicely with tool consolidation, we heard multiple presenters and vendors encouraging the cybersecurity industry to strive toward a more open ecosystem. We heard many calls for establishing industry and vendor standards for security policies and protocols. By promoting and facilitating interoperability between security tools and business applications and systems, the security industry could enable its practitioners to more easily connect policy sets across disparate applications, identify likely enforcement points, and ultimately fortify their organization’s entire IT landscape.
APIs as an Attack Vector
Back in 2021, Gartner predicted that “by 2025, more than 50% of data theft will be due to unsecured APIs.”2 That prediction certainly appears to be coming to fruition, as a recently published report saw a 400% increase in the number of API targeted attacks over the final six months of 2022.3 Therefore it’s no surprise that API security was a prevailing topic of conversation throughout the conference. Due to their continued ubiquity throughout most industries and their rising prominence as a cyberattack vector, APIs will likely be a focus area for security professionals for years to come. On the expo floor, vendors shared best practices for protecting APIs from unauthorized access, including implementing strict authentication and authorization mechanisms, following robust encryption protocols, and conducting regular audits of an organization’s APIs and data exchanges and their current security capabilities.
Next-Generation Security Architecture
A final theme we saw emerge was around increasing efficiency, particularly advising security teams to strive towards achieving more without doing more work. To accomplish this, security teams should ideally flip their focus from spending most of their time reactively managing current systems and instead prioritize driving strategic projects to implement new, more efficient, next-generation security architectures. Many of these next-generation architectures help to automate routine, time-intensive tasks, such as firewall configurations, and align policies across tools and applications. By freeing up limited resources, these architectures enable teams to take a more unified approach to security operations management. Thus, empowering organizations with the time necessary to erect a more proactive security posture, one that regularly conducts threat-hunting exercises and performs penetration testing.
The RSA Conference was a great educational experience. We look forward to seeing these trends percolate throughout the industry in 2023 to create a safer environment for all.
- IBM and Ponemon Institute, Cyber Resilient Organization Study 2021, October 2021
- Gartner, Predicts 2022: APIs Demand Improved Security and Management, December 2021
- Salt Labs, State of API Security Q1 2023, March 2023