RSA’s Amit Yoran Calls for Change of Perspective to Fight Cybercrime at RSAC APJ 2016

Posted on by Jennifer Lawinski

When it comes to creating your cybersecurity strategy, sometimes what you need is a change in perspective. 

Amit YoranThat was the theme of RSA President Amit Yoran's keynote address at RSA Conference Asia Pacific and Japan 2016 in Singapore on Wednesday. 

“Let me give you an example of how powerful perspective can be and how it can shape our actions and outcomes,” Yoran told the crowd of cybersecurity professionals.

He recounted the story of Olympic gold medalist Dick Fosbury, whose “Fosbury Flop” transformed the sport of high jumping in 1968. That year, thick mats replaced the sand pits where jumpers landed before. Fosbury realized that if he jumped head-first, rather than feet first, as the former setup required, he could jump higher—without getting hurt.

“A new piece of technology, the mats, gave athletes the opportunity to think differently, but they had to make the choice to do so. And no one did…except Dick,” Yoran said. 

“He won, because he was the first person to take advantage of a new landscape and change his technique. And subsequently athletes have continued to hone his style. But Dick was first. He acted smarter than his competitors. And that’s something that all of us need to do.”

Because the reality of today’s cybersecurity landscape is riddled with threats, Yoran said. According to Gartner, $75 billion was spent on cybersecurity in 2015, with the amount allocated to rapid detection and response growing dramatically in the next few years. RSA research shows that 70 percent of organizations the APJ region reported they were successfully breached in the past 12 months.

Security incidents have grown by 66 percent, year over year, and 90 percent of APJ companies are not satisfied with how quickly they can detect and investigate attacks, he said.

“The definition of insanity is continuing to do the same things over and over again, and hoping for different results. In other words, if we want to change our results, we need to change our perspectives and act differently,” Yoran said.

Because our adversaries? They are evolving. And in order to meet that threat and head it off, cybersecurity will need to evolve.

“Based on a number of separate research studies, between 75 percent and 85 percent of CSO’s are reevaluating their security strategies over the next 12 to 18 months. Why? Because more and more, cybersecurity is moving into the boardroom. Executives and boards are asking more questions than ever before. With all the money spent, they want to know the business impact should a breach happen. And this is just as true in governments and public sector,” Yoran said.

In order to have insight into cybersecurity, we’ll have to leverage new levels of visibility that can provide certainty into what’s happening in our environments—not just good guesses. That will come through new analytics and detection methodologies, giving improved visibility into networks.

“We need to unite the details of security with the language of business,” Yoran said. And that will come from business-driven security. The cybersecurity strategy of tomorrow will require leveraging data and analytics, making correlations and connections from that data and using that to see the big picture security landscape.

“With the right visibility, advanced analytics holds great promise for our future,“ he said. 

“Don’t be afraid to make a shift in your perspective and change your point of view. Stop relying solely on technologies trying to prevent attacks. It’s time to look at things from a different angle. It’s time to create a cybersecurity program that links breaches and threats with how they impact your business or government entity. It’s time to form a better strategy that’s driven by the organization’s business needs,” he said.

“It’s time to gain a different perspective.”

Jennifer Lawinski

Director of Social Media & Community, Arculus


Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community