Intermedia’s Security Execs Recap Their top RSA 2018 Observations
Another RSA Conference complete! As the biggest security conference out there, RSA collectively draws in 50,000+ attendees every year. While the experience is still fresh on their minds, I sat down with our CTO Jonathan Levine and VP of Security and Privacy, Ryan Barrett to rehash what they saw at the show this year and get their perspectives on what SMBs need to be thinking about right now when it comes to security.
Information is power. And wherever there’s power, there are people looking to steal it. – RSA
Instead of focusing in on all the same vendors that attend RSA every year trying to solve the same problems, this recap digs into some of the newer security evolutions. Check out their top three observations.
- Security awareness training is evolving.
Jonathan: There were lots of training-oriented companies, some that can integrate with existing corporate learning management systems. At Intermedia, we have long believed in understanding our risk by “phishing” our own employees. Cofense, formally known as PhishMe, helps other companies do the same; this year they had a huge presence. The industry has accepted the general point that the way most hackers are getting into companies’ data is through human error. Security awareness training must evolve to truly educate employees and reduce this likelihood.
Ryan: Speaking further to Jonathan’s point about human error, anti-phishing technologies were quite prevalent as well. SMBs shouldn’t be shy of this technology. Simple anti-phishing tools like stamping the word “external” on the subject line of emails can dramatically reduce the success of phishing attacks because it causes employees to take pause and think. Phishing will continue to be a prevalent problem that businesses need to address because it’s cheap for attackers to do and a highly effective path for getting into companies of all sizes.
- Widespread acceptance that there’s a password overload problem.
Ryan: We saw a lot more “no password” vendors this year because people are finally convinced that password overload is a thing that needs addressing. Whether it was password management, single sign-on, or others, their message was the same. ‘Passwords are dead, and our technology helps to solve this issue.” It was interesting to see them all approaching the challenge in different ways.
Jonathan: As security practitioners, we have long trained employees on password management best practices: Use a different password on every website, use a password that’s not in the dictionary, and be sure to change those passwords at some interval. People have started to get the message, but with the sheer number of password-protected websites that they are using, this is becoming unmanageable, so “no password” is very timely.
- The adoption of multi-factor is accelerating.
Jonathan: The other area that we saw a big rise in this year regarding password vulnerability mitigation was with 2-factor authentication (2FA). Customers have gotten the message that 2FA is necessary now, and many vendors have innovative approaches to the second factor: face recognition being one of the coolest. We’ll be seeing more of this in future years, I’m sure.