RSAC 2021 Keynote: Cybersecurity for an Inclusive Future

In Cybersecurity

RSAC 2021 Keynote: Cybersecurity for an Inclusive Future - read the full article about Cybersecurity 2021, Cybersecurity and Network security and pen testing from RSA Conference on Qualified.One
RSA Conference
Youtube Blogger

(air whooshing) (music) music) - First of all, I wanna thank RSA for allowing me and Cisco to participate in this years RSA Conference.

I know the last 15 months have been incredibly challenging for all of us.

We all had to deploy the technology that enabled virtually every worker on a global basis to shift to remote work overnight.

They were connecting over multiple networks.

They were connecting from whatever device they could possibly find to get connected from.

And we all know that during this time, the security landscape that we were all dealing with was becoming very complex.

We know that our employees, just by having 30 extra minutes on a mobile device, created 20% more vulnerability than you would have in a normal time.

But we also learned that industries can be transformed.

We were delivering healthcare.

We still are.

Were delivering education.

Were actually transacting government over these technologies, which really means security is incredibly important as we go forward.

And 2/3 of the CIOs in all the organizations that you live in have said that post-pandemic, we will spend more on our security investments going forward, and we know that projects that used to take years are now taking weeks and months because of the sense of urgency that weve all been facing.

And with all this, we know that were now dealing with a very expanded threat surface.

Every individual is carrying an average of four devices, and most of us are carrying even more, and this just creates more opportunity for breaches.

If we think about cyber crime the way we think about the GDP of countries, it would be the third largest economy in the world after the US and China with $6 trillion in global damages.

And we all know the real cost is not being able to run our businesses or the reputational damage that you suffer and the impact on your organizations in the future.

But this team did an incredible job.

All of you did an amazing job over the last 15 to 18 months, securing your organizations, and I wanna thank all of you for your hard work, your dedication to security.

And I think we all know were still just not done.

Because there are so many trends that are happening all around us, that threat surface is only going to continue to expand.

We have great new technologies like 5G and Wi-Fi 6 that are going to enable us to continue to connect more and more things around the world.

We have the continued explosion of public cloud.

We still have private cloud applications.

We have SaaS applications.

We have workers that will work from home forever or in a hybrid model as we go forward.

There is really no perimeter in the enterprise to defend anymore.

Those same workers will be mobile at some point in the future, in coffee shops again, and we have to deal with all that.

And we have to build security practices around what we know is coming in the future.

And we believe that there is a need as we move forward to really look at an end-to-end security architecture.

We think thats foundational to being able to deal with the complexity with all the number of users, all the number of devices, the applications, the data, everything that we see.

And right now there are over 3,500 vendors who are building security solutions for you every day, but we think because of that, its just so complex, and we need to reimagine the security architecture.

We need to take into consideration that home user, permanently.

We need to think about that as a small branch.

We still have our regular branches, we have mobile users, we have these public and private cloud applications, and then we have the emergence of the Edge where both data and applications will be quite prevalent in the future.

And we know that security has to be at the heart of everything.

We believe it.

We build it into our technology, like encrypted traffic analytics built into our ethernet switches, or security built deeply into collaboration with Webex, or even the full stack observability that you get through ThousandEyes and AppDynamics to help you have more insights about whats going on.

But we also know that you cant stop every threat, and you wont stop every threat.

But we need that visibility.

We need to identify these threats.

We need to correlate the information that we have from all these different sources, and then somehow we need to remediate quickly.

And we think that this is whats driving the need for zero trust architectures, for new SASSY architectures, really the move to passwordless and, frankly, continuous authentication.

We have so much information about how a user is navigating in your technology infrastructure.

We need to take data from all of those interactions and continuously authenticate those users as we go forward, and we believe it has to be done through a platform approach where were taking in all of these threats and were actually correlating them and giving you speed and information that you need to actually drive that remediation as fast as possible.

And we have to do this in a way thats simple.

It has to be comprehensive, and it has to be based on intelligence.

And if we get those pieces right, the simplicity will help you detect, correlate, monitor.

You know, 70% of our customers have said platforms like SecureX are helping simplify their day-to-day operations and the correlation of all of the threat information that they have.

It has to be comprehensive.

One piece of information from one security control point is interesting, but its not as valuable as it could be if it was built into a comprehensive architecture.

We need visibility everywhere across the endpoint, those users, those applications, which allows you to set your policies quickly, and secure those control points that are so important in this new world that we all live in, and it has to be based on real-time insights.

It has to be intelligent.

It has to be leveraging great technologies, like AI and machine learning.

And that will allow us to really secure and remediate at a scale that weve never been able to do, yet weve always hoped we could do.

And in order to do this, the technology is so important, and I think that we and others are working hard every day to deliver the technology that youre gonna need to deal with security in the complex environments that were all operating, but we also need the right talent.

70% of the cybersecurity professionals, 70% of all of you, have said that your organization is impacted by the skills shortage right now.

We have 2.8 million cyber professionals in the world right now.

So thats a lot of people.

We also have 4 million unfilled jobs at the same time.

So we have more unfilled opportunities than we have active cyber professionals in the world.

We have to train people.

We have to re-skill people.

We have to continue to develop the existing talent.

We have to make it easier for people to get into cybersecurity.

We have to look at untapped sources like women.

They represent just 24% of the cyber workforce today, while they represent the majority of the new entrance into the workforce.

This is a huge opportunity, and weve seen it at Cisco.

Talos, our great threat intelligence organization has hired physicists, astronomers, nuclear technicians, coffee baristas, grocery workers, translators.

We have to look in unconventional places for people with unconventional backgrounds that have the capacity and the capability to learn and then contribute constructively as we go forward.

We also have the program like Cisco Networking Academy where were taking technology education into high schools, and community colleges, universities, military, into prisons to help educate these people and allow them to participate and have jobs in the technology arena as we move forward.

In our last fiscal year, we had 2.3 million people participated in Cisco Networking Academies on a global basis, and almost 600,000 of them took cybersecurity courses.

Theres so much more that we all can do to actually solve this, and it is an incredibly important imperative for all of us.

It is a collective priority for us to create more skills to continue to fight the fight that we all know is ahead of us.

One of our core responsibilities is to create trust.

The security work that all of you do every day actually leads to your employees feeling better, your customers feeling better.

They all want trust.

They want trust that their data is being protected.

Again, our employees wanna know that as theyre working from home, that theyre working over secure connectivity and that theyre safe.

The networks have to be secure.

As we continue to deliver education and healthcare, we have to ensure that thats secure, and this is the opportunity we have.

We all understand the power of connectivity.

We know that when we connect people in remote villages in India or other emerging countries, or, frankly, remote communities in the United States, or those students in underserved areas that need to learn remotely, when we connect them and give them the right technology, its powerful, but we also have a responsibility to make sure its secure so that we can extend the opportunity of connectivity to everyone and do it in a way that we believe is safe.

At Cisco, our purpose is to power an inclusive future for all, and I believe that as we go into this recovery and continue moving through this recovery, it has to be an inclusive recovery.

It has to be a secure recovery.

People have to feel good about it.

And when we think about our purpose, we do believe that our technology can connect everyone around the world and give them opportunity that theyve never had before, and deliver education, and deliver healthcare.

And we also believe that all of us have a responsibility in our communities to continue to work to actually ensure that it is an inclusive recovery going forward, and we can get there with all of you.

We can get there with the right technology.

We can get there if we take the right approach, and we can get there if we invest in creating more talent like all of you that get up every day and create a sense of security in your organizations.

And we can only go forward and deal with the opportunity in the future and the complexity of the future if we look at security as the foundation.

It really is the most critical piece.

And as we do that, it allows us to do so much more.

It allows us to truly go out and live in a world where we create inclusive opportunity for everyone, and it allows us to really move forward post-pandemic with a real secure, inclusive recovery.

And I wanna thank all of you for everything you do every day to actually make that happen, and I hope you enjoy the rest of RSA.

Thank you very much.

RSA Conference: RSAC 2021 Keynote: Cybersecurity for an Inclusive Future - Cybersecurity