SAN FRANCISCO -- RSA Security president Rohit Ghai said little about his company's sale from Dell Technologies during his opening keynote at RSA Conference 2020.
In his Monday morning keynote, titled "Reality Check: The Story of Cybersecurity," Ghai spoke briefly about Symphony Technology Group's (STG) acquisition of RSA, which was announced last week. Ghai said, "We're excited about our future with them."
Dell sold RSA to the private equity firm, along with Ontario Teachers' Pension Plan Board and AlpInvest Partners, for $2.075 billion. The sale of RSA was widely expected after Dell acquired storage giant EMC -- the previous owner of RSA -- in 2016.
"While this does represent a change, what will never change is our commitment to our customers and partners and how seriously we take our privilege to bring the industry together at this conference, like we have for the last three decades," Ghai said.
However, Ghai didn't shed any light on RSA's future plans or STG's vision for the company.
Eric Parizo, a senior analyst at Omdia (formerly Ovum), said he wasn't surprised Ghai didn't talk much about the STG acquisition. "He addressed it to the extent he could and on what was appropriate for the opening keynote. His goal is to set a tone for the event and highlight the overall themes of the industry," Parizo said. "On those points, he did well."
Ghai spoke about the "human element" of cybersecurity and why that requires more focus from both vendors and enterprises in 2020. "We're lost control of the narrative," he said. "And the mainstream media now owns the story and is still depicting it as a technical conflict."
But at its core, Ghai argued, cybersecurity is a human problem that's plagued common problems such as disorganization, lack of communication and burnout. While threat actors have done a good job of technical collaboration to create cyber threats, he said, "there are more script kiddies than technically savvy hackers."
But these less-skilled threat actors use social engineering techniques to prey upon human targets and exploit cracks in security programs. "Their advantage is not that they have the best tech or the best techies," Ghai said. "Their advantage is that they are more organized."
Ghai urged the audience to do three things to change the story – "reclaim our narrative, reorganize our defense and rethink our culture."
First and foremost, he said, the security community should change its approach with the media. "The media has been telling our story based on what we've been telling them, or not telling them. No wonder we are depicted in the media as losers because all we ever share with them is losses," he said.
Instead, security professionals need to better communicate the wins and put aside fears about divulging too much about their security postures. Ghai also urged audience members to talk about adversary losses, too.
Rohit GhaiPresident, RSA Security
"We don't have to win for the attacker to lose," he said, citing the recent ransomware attack on Atlanta's city government. "The city made a courageous call to not pay the ransom to adversary. Now while this may not work every time, when we deny the attackers' financial gain, they lose."
While the response and recovery effort cost the city millions of dollars, he said, Atlanta responded by building a new business continuity plan as part of their risk management program, which will help prevent future attacks.
Changing the narrative around security will help organizations with addressing the security workforce shortage and improving their culture because, as Ghai said, "no one wants to join a losing team."