RSA 2024 explored AI's impact on security, featuring sessions on AI governance, LLMs, cloud security, and CISO roles. Here are just a few of the expert insights shared.

There’s one quote from the 2024 RSA conference that I can’t stop thinking about, even though it was originally uttered by Kobe Bryant. Here’s the quote.

Regardless of whether your environment is on-premises, in the cloud or hybrid, new data makes it clear that users are the top cybersecurity concern, and we cover what you can do about it. According to Netwrix’s 2024 Hybrid Security Trends Report, 79% of organizations experience one or more security incidents in the last 12 months. This is a 16% increase from the previous year, demonstrating that attacks are not subsiding one bit and that they are increasingly successful.

When you create an account, you may be prompted to set up a security question for authentication. Security questions add a layer of security alongside your login credentials. Following best practices for security questions involves using different questions for different accounts, avoiding self-written questions, using multiple security questions and updating security questions and answers regularly.

Despite growing security investments in prevention, detection and response to threats, users are still making uninformed mistakes and causing breaches. One of the basic tenets of KnowBe4 is that your users provide the organization with an opportunity to have a material (and hopefully positive) impact on a cyber attack. They are the ones clicking malicious links, opening unknown attachments, providing company credentials on impersonated websites and falling for social engineering scams of all kinds.

With the recent announcement of OpenAI’s ChatGPT desktop application for macOS, users gain access to LLM workflows outside of their browser. ChatGPT’s broad adoption by employees across industries, and around the world, has put employers, compliance, and security teams into high gear as they seek to balance the gains made in productivity with the potential risks of how these tools are being used.

Whereas traditional hacking exploits weaknesses in software or hardware, social engineering exploits weaknesses in the human psyche. By preying on people’s habits, fears, or complacency, attackers can gain access to almost any system, no matter how sensitive or well-protected. The ubiquity of personal mobile devices in the workplace has only exacerbated the threat.

In today’s modern business environment, nearly every organization partners with at least one third-party vendor or external service provider. Third-party service providers (web-hosting platforms, software-as-a-service companies, and other businesses that provide technology or services as part of a contract) allow organizations to focus on their primary business processes while reducing operational costs.

In a typical security operations center (SOC), the threat detection and response teams have one key objective: identify and stop the bad guys. To do so, they invest in the best tools, recruit the best team members, and work tirelessly to stay ahead of any potential security incidents that might be on the horizon.

FedRAMP, the Federal Risk and Authorization Management Program, is a way for cloud service providers to undergo auditing, scrutiny, and testing to validate their security. This security encompasses primarily information security but also user authorization and authentication, physical security, and more.