Skip to main content
close search
site logo

Cybersecurity pros plant seeds of hope at RSA Conference

Optimism floated on the surface during the annual industry gathering. For one keynote on stage, it was the central theme.

Published May 2, 2023
Matt Kapko's headshot
Senior Reporter
Lee Klarich, chief product officer at Palo Alto Networks, on stage at RSA Conference 2023.
Lee Klarich, chief product officer at Palo Alto Networks, gives a keynote on stage at the RSA Conference on April 25, 2023 in San Francisco. Matt Kapko/Cybersecurity Dive

SAN FRANCISCO – Cybersecurity is a tough job, one that most readily admit is getting more difficult amid a barrage of threats and attacks, but this poor outlook is often mixed with a sense of optimism.

A genuine hope that things are getting better was at least floating on the surface in discussions around the periphery of the RSA Conference last week. For one keynote on stage, it was the central theme.

“Breaches have almost become normalized. It’s hard to judge anyone for thinking or feeling this presumption of failure. I get it, and it’s only getting harder,” said Lee Klarich, chief product officer at Palo Alto Networks.

And yet, Klarich refers to himself as an optimist. “I think in cybersecurity that might be somewhat rare. You see, I actually believe security is solvable. I actually believe that this is a winnable battle.”

Technology advancements in the cloud and artificial intelligence, which allow security architectures to collect and use the best possible data to thwart attacks and bolster defense via natively integrated platform capabilities, give Klarich hope.

Hope also, at least in part, is fueled by ambiguity. Most companies that have been breached or hit by a cyberattack are not well known brands. For every attack on a household name brand there are hundreds of others that go largely unreported.

“Humans are bad at judging risk,” John Shier, field CTO of commercial at Sophos, told Cybersecurity Dive. “When you’re listening to the news, if you hear about these big bad things that are happening over there, they can’t possibly happen in my backyard, right? And it’s the same thing with cybersecurity.”

Optimism demands action

It’s not enough for Klarich to be optimistic — others have to believe better days are ahead and change how they behave as well.

“We need to be willing to accept just a little bit of risk for a lot of cybersecurity, but that’s not how things generally work today,” Klarich said.

A glut of security point products anchored to environments, rather than platforms, and a mindset that prioritizes compliance above security are delaying the more protected future Klarich and others aspire to realize.

“We have to start to become much more prescriptive in how to accomplish the outcomes that are needed. It is not enough to provide 100 different options,” Klarich said. “To truly transform cybersecurity, we have to provide the path.”

Klarich, who admittedly takes a higher dose of optimism than most, wasn’t alone in offering a hopeful outlook during the RSA Conference.

John Dwyer, head of research at IBM Security X-Force, told Cybersecurity Dive he’s never felt better about security.

“We’re never going to solve cybersecurity,” Dwyer said, “but I think that there’s more buy-in and investment into understanding how critical it is for every organization and every government.”

IBM Security clients last year got better at detecting backdoors than ever before, Dwyer said, referencing findings released in the latest IBM Security X-Force Threat Intelligence Index.

“We got good news for the first time in the threat index,” Dwyer said. “Every single ransomware attack has a backdoor involved. What we found is that our clients actually got better at detecting the backdoor before it became ransomware.”

This data point doesn’t negate the fact there’s a long way to go, but Dwyer finds hope in improved detection capabilities and the amount of organizations that are approaching security properly for the first time.

“I do feel that there has been a shift over the last five years where people are taking it more seriously,” Dwyer said.

Therein lies the seedling of hope for many in the cybersecurity industry. The professionals that develop, analyze or apply security tools to strengthen defenses are confident they know what needs to be done, and take solace in the fact execution and wherewithal might be the greatest impediments confronting defenders.

“I want to be hopeful because I know that there are ways we can move some of these needles to zero. We can reduce the amount of exploits that are being used. We can reduce the amount of [remote desktop protocol] being abused,” Shier said.

“We can materially impact for the positive,” Shier said. “But there’s got to be a will to do it.”

Filed Under: Strategy

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell