During a round brunch table, one of the many informal events organized during the 2024 RSA conference (RSAC), the conversation turned to the most popular trends and themes during this year’s events. There was no disagreement in what people presented sessions or companies at the exhibition show spoke: RSAC 2024 is a question of artificial intelligence (or as a ciso said: “It is not RSAC; it is RSAI”).
The chatter around the AI should not have been a surprise for anyone attended the RSAC in 2023. AI Generative As we know, today he was only a few months old at the time. Everyone wanted to talk about it, but no one was sure of the impact it would have on cybersecurity.
A year later, there are still a lot of questions, but the profession adopted AI in its tools and solutions. It was by far the most popular subject through educational sessions and in demonstrations and presentations through the exhibition. But that was not the only problem that cybersecurity professionals were considering. Here are some of the most popular subjects that the people of RSAC were talking about.
AI is not only a genetive AI
There were more than 100 sessions that treated with AI at the conference. Many participants in the conference were most interested in the generative AI double -edged sword: how to use it as a tool to detect and prevent cyber attacks and how cybercriminals use technology to launch attacks. The role of AI in the disinformation campaigns and the development of Deepfakes has many people worrying about a significant change in the way threat actors use social engineering. This concern only behaves with the concern that training in awareness of security will not be able to follow.
The term “shadow” was mentioned several times, often by cisos who expressed their concern shade it And the behaviors of the shadow clouds begin to repeat themselves in the use of an unauthorized AI. Currently, a large part of the Shadow AI is linked to employees who use tools such as chatgpt for research resources and trusting the information they receive as absolute truths. But as employees become more sophisticated in using AI tools and generative AI is a risk of potential security, CISOs want to see the measures taken to obtain AI policies and approved tools adopted in organizations as soon as possible.
However, one of the problems that cybersecurity experts have quickly underlined is the need to separate the generator from other types of AI. Due to the overwhelming presence of AI throughout the conference, technology has this feeling of novelty, that it is something that has just been introduced in the past year. Many of covered group discussions automatic learning And Great language models And how to rely on the predictive advantages that these technologies bring to cybersecurity tools. The AI is not new, said a ciso; There has been in a form for decades. The hope is that the mid -mealing of this year’s AI is established by RSAC 2025 and that there will be more positive discussions around the construction of better predictive models with AI or more defined use of the tool.
Data governance and AI
A subject that seemed to appear almost as much as AI data governance. Some of the conversations were around the role of AI in data governance, but cybersecurity professionals have spoken of the need to know their data and create policies that will meet the standards of compliance in constant evolution. Data governance has been commonly mentioned with the rules for the disclosure of dry cybersecurity and other government regulations implemented. As a cybersecurity framework pointed out, the fight with data governance comes down to the prejudices of three different areas within a company: engineers who create data; The C-Suite team which uses the data and the CISO that controls the data and the security that surrounds it. There is no agreement on what determines the metadata, and until there is governance which agrees with all the points of bias, the real governance of the data will be difficult, if not impossible, to be carried out – and which affects global security efforts.
The absence of zero confidence
In 2023, Zero Trust was by far the most discussed subject in the RSAC. While everyone wanted to talk about the AI generator last year, it was often focused on architecture and the principles of zero trust. This year, Zero Trust was pushed into the RSAC trash. Oh, he was still there: eight sessions focused on Zero Trust and he was highlighted in more than a few business screens. But he exceeded his initial buzz, what Ciso suggested was not so surprising.
Applying zero trust principles is long and because the White House has been published for a few years Cybersecurity executive decreeMany companies are already good in their zero trust journey. It is perhaps because it is no longer the term “it” buzz or it may be due to the fact that there is no request for more information, but the glow around Zero Trust has officially decreased.
Budgets, or absence
During the brunch round table mentioned earlier, one of the CISOs said they expected to hear many things about security budgets, or, more specifically, the lack of security budgets. Security financing was a subject that was raised frequently, because many security professionals were not afraid to say that they were faced with a delicate balance to manage budget cuts with the increase in costs of cyber-incidents.
IT and security services must do a better work to learn the language of business leaders and to explain how and why cybersecurity is part of the business model and global commercial operations. But if the security budget reductions continue, the dismissals of experienced security personnel and the inability to obtain the tools necessary to follow the latest threats, in particular around IA security models – companies will be affected by cyber attacks, and the costs will be higher than budget cuts.
It is clear from the RSAC of this year that we are just at the forefront of the iceberg with regard to the progress of the AI - and the threshing media that surrounds it does not seem to go nowhere. But what concerns of security, emerging technology or the new word in fashion will be a level of mind for the participants in the RSAC of next year?