It wasn’t long ago that the annual RSA Security Conference was an oasis from mainstream IT. While CIOs were focused on business process automation, the RSA crowd was celebrating technologies like DLP, web security, and key management. Yup, security was an under-funded IT stepchild and the RSA Conference was still centered on bits and bytes.
That was then, this is now and cybersecurity is everywhere – newspapers, magazines, television news, etc. Off the top of my head, here are some of the big cybersecurity news stories from the first two months of 2013:
- The U.S. Department of Homeland Security issues a warning about Java software vulnerabilities and advises users to disable Java browser plug-ins.
- The U.S. Department of Defense announces that it intends to increase the number of cybersecurity specialists employed from 900 to 4900 (1/28).
- Anonymous hacks into a web server at the U.S. Department of Justice to protest the treatment of Aaron Swartz (1/26).
- The New York Times announces a security breach (1/30).
- The Wall Street Journal announces a security breach (1/31).
- U.S. President Barack Obama announces an executive order on cyberspace (2/18).
- Apple Computer announces a security breach (2/19).
- Facebook announces a security breach (2/19).
- Burger King and Jeep have their Twitter pages hacked (2/20).
- Mandiant publishes a report linking units of the Chinese military with cyber espionage (2/20).
- NBC website goes offline after a cyber attack (2/21).
Until recently, information security was the Rodney Dangerfield of IT, it didn’t get no respect. Given recent events however, everyone – CEOs, legislators, military leaders, heads of state, etc. – is paying attention.
The RSA Security Conference presents a timely opportunity as the security industry's coming-out party. Savvy vendors can use this stage as a way to assess the International cybersecurity situation, describe how we can address risks, offer big solutions, and demonstrate real cybersecurity intelligence and skills.
I’m sure that a few vendors will take advantage of this opportunity and leadership. These are important topics and they will address them as such. Alas, the majority of companies that make up the information security industry are stuck in the mindset of past RSA Conferences. Yes, they will acknowledge the shaky cybersecurity landscape but only as it relates to product announcements and sales lead generation.