The “Human Element” – It’s What Cyber Security Is All About

For RSA conference (RSAC), in addition to being the global cyber security technological fusion point and center stage of showcases, it is also interesting to observe how its conference main themes have been evolved over the years. From “Connect to Protect” in 2016 to “The Power of Opportunity” in 2017; from “Now Matters” in 2018 to “Better” in 2019 and now in 2020, “The Human Element”.

In my view, this evolution can be explained as: The internet empowers humans to connect, it also empowers humans to protect against threats and malicious attacks during in digital transformation. There has never been a more critical time and yet a better time to enable the security professionals and individuals with effective tools and technologies in defense of this digital world. The foundations to secure the digital world is the people, it is all about humans and the human factors.

The Innovation sandbox winner at 2020 RSAC is a startup called Securiti.ai, it uses suites of AI driven tools and solutions to automate personal and business data privacy compliance and enables enterprises to allow people access their data with proper access privileges that comply with global privacy regulations and thus build trust with customers. This is also a highlight on people centric data securities and privacies.

To put things in a broader perspective, the majority of the security vulnerabilities, breaches, compromises and data losses are somewhat directly or indirectly involve human activities or human errors. According to the report, 95% of all corporate security incidents involve human errors. In another report, nearly half of the businesses face the potential threat of attacks because of activities of their employee activities.

Threats and cyberattacks could come from external sources and with specific targets and purposes such as hackers using tools to steal personal data or business information or organized Advanced Persistent Threat (APT) attacks; On the other hand, these vulnerabilities can also be results of many unintentional activities from employees, IT staffs or other human factors during business operations, misconfigurations of security devices, policies and access controls, weak passwords, authentication holes, programming errors as well as business process and regulation violations etc.

Security technologies have been advancing at rapid paces to detect, prevent and protect threat attacks at network perimeters, corporate intranets, data centers and clouds, technologies have evolved from policy and static signature based legacy techniques often at network perimeter to much more complicated, end to end, behavioral based or data science based machine learnings driven by Artificial Intelligence both at network perimeters and in the cloud. These techniques help to detect previously unseen, mutated malwares or zero-day threat attacks. These advancements help bolster the human capabilities to prevent, detect, hunt and respond possible threat attacks.

On the other aspect, security awareness and measures have also becoming critical in business operations to reduce or eliminate the potential risks due to human errors or policy violations. This includes establish and enforce security checkpoints, security related measurements and security audits in both product development and other business operations. Moving security to the left of the so called DevSecOps pipelines helps to streamline and improve operational efficiencies without compromising security associated with them.

Cyber security is all about the human elements. Human factors are the weakest link in end to end protections against malicious attacks. Technologies are here to empower security professionals and end users with tools to automate and improve effectiveness in threat detections, preventions and responses. At the same time, we need to redouble the efforts to constantly educate and train security professionals and end users to understand the security risks, prompt security awareness and establish proper and complete operational policies and processes in the business environments.

RSAC 2020 has come back to the fundamentals, putting human element as its main conference theme. In the future ideal world where everything is automated, augmented, and secured, we may never have to worry about the threats and attacks around us; however, before that day comes, in today’s realities, the most valuable and effective weapon to defend against the cyber threats will always be the humans!