Cybersecurity issues have gained importance in organizations of all sizes and segments. After all, cybersecurity risks are increasingly associated with business continuity, which makes the protection of the infrastructure a hot topic from the operational through C-level meeting rooms. According to IBM in the 2021 Cost of a Data Breach report, the average cost of a data leak was $ 4.24 million, a record compared to previous years. And with the evolving of malicious techniques, malicious attackers are always one step ahead from cybersecurity professionals, who need to employ efforts to catch up with them. 

In this case, information security teams need to have a full picture of how those malicious agents work to properly ensure the protection of the environment in the organization. This can be done by training, which includes participation in specific cybersecurity events. One of the most recognized events in the cybersecurity market is RSA Conference, which takes place annually in the Silicon Valley, specifically in the city of San Francisco, CA.

The 2022 edition occurred in the Moscone Center between June 6th and 9th, after a break on in-person events because of Covid-19. During this period, more than 45,000 cybersecurity professionals from all around the globe had an exclusive opportunity to gain knowledge and get valuable insights during the sessions offered during RSA Conference.

Those sessions cover a wide range of topics, where attendees are able to learn about the latest and most advanced cybersecurity solutions in the market. We prepared a list of the hottest topics covered during the RSA Conference to help those who couldn’t attend the conference understand the trends in cybersecurity for the upcoming years.

The first topic is Zero Trust. Well, by definition we can define Zero Trust as a set of principles used in designing and implementing and operating an infrastructure. In this aspect, it is important to mention NIST’s Zero-Trust Architecture Guide, which provides guidance on how to implement a Zero Trust-based architecture. President Biden’s 2021 Zero Trust executive order reinforces the commitment of the American administration to ensure the cybersecurity of its agencies. An important message brought in the conference about Zero Trust implementation was: start small, don’t boil the ocean. This means that organizations should not look to achieve the maximum level of Zero Trust. Instead, cybersecurity leaders must start with small steps, and then move forward into Zero Trust.

Another popular (and interesting) topic during the conference was Ransomware. It is possible to find that some widely known ransomware groups have specialized in big game hunting. This means that those groups look for big targets to obtain bigger ransoms. At the same time, recent studies have encountered a 40% increase in successful attacks against SMBs. The sectors most affected by ransomware are consumer goods and the healthcare sector being especially targeted. According to a study conducted by Rapid7, the most commonly leaked data on ransomware is financial (63%), followed by customer/patient data (48%). Ransomware-as-a-Service was also a hot topic during the RSA Conference, especially because this allows malicious actors with no IT knowledge to design their own ransomware campaigns. There were also discussions whether companies affected by ransomware should or not pay the ransom. Cyber insurance is one way companies can mitigate risks related to ransomware

The next hot topic covered during RSA Conference 2022 was software supply chain attacks. According to a study by Argon Security, It grew by more than 300% in 2021 compared to 2020. Another study from Akamai Technologies found that, through the first half of 2022, significant increases were observed in web application and API attacks across the globe, with more than nine billion attack attempts to date. In the last years supply chain attacks have become an efficient way used by hackers to target many organizations from one single entry point. In this aspect, organizations have suppliers all over the world, but at the same time they don’t know those suppliers. In this case, It’s not worth investing in software security if you can’t ensure your supply chain is secure. SolarWinds and Log4j are examples of attacks where attackers explores the supply chain to perform their attacks

The blackout of cybersecurity professionals was also a hot topic during the conference. According to the World Economic Forum (WEF), the world is lacking 3 million cybersecurity professionals. They say that “there is an undersupply of cyber professionals—a gap of more than 3 million worldwide who can provide cyber leadership, test and secure systems, and train people in digital hygiene ».

We have produced an exclusive webinar with the coverage of RSA Conference 2022. You can view it through this link.

senhasegura is a PAM solution with quick and easy deployment process in our environment. Besides this, it is intuitive, which makes it easier to provide training to users and admins. By using senhasegura, your company is able to ensure compliance with the most strict cybersecurity policies, reducing cybersecurity and business risks.