Attending this year’s RSA Conference: the human element of cyber
By Rebecca James | Date published: 18 February 2020
Titania will be attending the RSA Conference this February (24th-28th) in San Francisco. Set to cover the ‘human element’ of cyber security and how this joins us together, we anticipate that this will be a thought-provoking topic, delving into some of the key problems we face as an industry worldwide. Before the conference begins, we wanted to explore some of these issues and the solutions we believe to be most effective.
Despite all our advances in automation, the ‘human element’ will always be an integral part of any security operation - yet many organisations are experiencing crippling skills shortages within their organisation and according to CSO Online, this problem is simply getting worse. Over half of organisations reported a problematic shortage of cyber security skills between 2018-2019 and despite being a topic of conversation for some time, it’s not an issue which is being resolved effectively (according to the research). To truly address the problem, it will take (fittingly so) the ‘human element’, and commitment from the industry to increase both diversity in the workplace and training opportunities to retain vital talent; top down leadership, with key government organisations leading the way; and also, better partnerships between top-level organisations including the military, government agencies and many more.
If, as an industry, we can produce and nurture a more skilled, knowledgeable cyber security workforce with diversity at the core, it will allow for the development and utilisation of technology solutions that can be relied on to better address vulnerabilities and tackle threats. And if we can then equip these teams with the best possible tools, for example, to automate the daily detection and diagnostics of network vulnerabilities, they will be freed up to invest their time in further improving the security posture of the organisation.
Of course, first these organisations need to be able to trust the tools they are using. When your skilled teams are incredibly time poor, they cannot afford to waste valuable hours investigating false-positives or worse, run the risk of missing false-negatives. After all, alert fatigue is still a very real issue that plagues the cyber security function of any industry. Recent research in this area highlighted that 52% of 100,000 alerts received each month by C-level security executives were false-positives, with 62% being redundant alerts. With many systems requiring a manual response or review of results, this can often exhaust already depleted resources. This is where Titania Nipper continues to come out on top, offering only the most reliable audit results to ensure that users spend their valuable time and expertise prioritising and mitigating the real risks at hand.
So whilst the digital landscape continues to change, and each organisation’s expanding attack surface becomes increasingly complex - we completely agree with the RSA conference organisers – what remains constant is ‘us’, and our ability to evolve. It’s just a case of how quickly. Because in the race for evolution – it comes down to who can evolve quicker, the cyber security experts looking to mitigate risk or the hackers continuously searching for new loopholes and vulnerabilities? As an industry, we’re already making tentative steps towards autonomous mitigation and self-healing systems – the ultimate solution for freeing up skilled resources for more value-add activity. Which means as humans, now more than ever, we need to trust that the tools and the data we are using to make decisions are accurate, reliable and consistent.
We look forward to continuing the conversation around this, which is why Titania’s COO Phil Lewis, CTO Keith Driver and General Manager of North America, Matt Malarkey will be onsite at the event. So if you would like to learn more about how Titania Nipper can support your organisation’s cyber security objectives today – and how our roadmap will support your future security goals - contact us.