RSA Conference 2023: News And Analysis

The RSA Conference returns to San Francisco this week, with tens of thousands descending on the Moscone Center to discuss — and debate — the latest developments and new trends in the world of cybersecurity. Many vendors and partners focused on the security industry will be present, of course, and that means lots of news. CRN will be on hand to interview top executives and channel partners, scope out the newest product offerings and find out what’s on the minds of cybersecurity experts. RSAC 2023 is expected to bring a special focus on AI, as the first major security industry conference to take place since the debut of OpenAI’s ChatGPT and the resulting rush — by both defenders and attackers — to tap into generative AI.

Keep an eye on this page for all of CRN’s news coverage, interviews and product roundups out of RSA Conference 2023.

Here’s What 15 Top CEOs And Cybersecurity Experts Told Us At RSAC 2023CRN sat down with leading executives and security experts from companies including Palo Alto Networks, CrowdStrike, SentinelOne and Rapid7 during RSA Conference 2023. They asked each the same question. Here’s what they had to say.

RSAC 2023: 10 Coolest Cybersecurity Startup CompaniesHiddenLayer, Concentric AI and Mondoo were among the coolest cybersecurity startup companies at RSAC 2023.

RSAC 2023 Sees Big Moves From SentinelOne, CrowdStrike, Google Cloud, AccentureWhile RSA Conference 2023 featured announcements from many in the cybersecurity space, four companies had multiple new offerings to showcase at the massive industry event.

Optiv Launches ‘Data-Driven’ Program For Cybersecurity PartnershipsThe security solutions and services provider powerhouse is aiming to ‘break from convention’ with its new program for working other companies such as security vendors, CEO Kevin Lynch tells CRN.

5 Big Statements From Cybersecurity Leaders At RSAC 2023Top executives from Palo Alto Networks, CrowdStrike, Cisco, Microsoft and Trellix spoke out about current cyberthreats, generative AI and the cybersecurity talent shortage during keynotes at RSA Conference 2023.

10 Hot Generative AI Products And Companies At RSAC 2023Generative AI has been a major theme at RSA Conference 2023, both as a topic of discussion and in many of the show’s biggest product launches.

20 Hottest Cybersecurity Products At RSAC 2023At RSA Conference 2023 this week, vendors are showcasing new products in categories including XDR, email security, vulnerability management and application security.

10 Cool New Cybersecurity Tools Announced At RSAC 2023Top vendors including SentinelOne, Google Cloud and Cisco unveiled new products Monday to kick off RSA Conference 2023.

Google Cloud Debuts Security-Focused Generative AI PlatformThe new Security AI Workbench is a set of generative AI tools that leverage a new security-specific large language model from Google.

Accenture Doubles Down On Google Cloud Security With New Managed ServiceThe managed XDR service will leverage brand-new generative AI capabilities from Google Cloud, along with Chronicle Security Operations and Mandiant threat intelligence, the IT consulting giant told CRN.

SentinelOne Unveils Generative AI-Powered Threat Hunting ToolThe new offering is the ‘first-of-its-kind’ in cybersecurity and will allow security teams to use generative AI to improve their productivity and uncover more threats, according to SentinelOne.

The Non-Interest Fund for RSA Holders

The National Pension Commission (PenCom) introduced the Non-Interest Fund, also known as Fund VI, in September 2021 by issuing the Non-Interest Operational Framework. The Framework has the objective of, amongst others expanding coverage of the Contributory Pension Scheme (CPS) and promoting financial inclusion. 

Fund VI is one of the Funds Types allowed under the Multi-Fund Investment Structure approved by PenCom. The Multi-Fund structure, or the Life-Cycle Investment Structure, seeks to align contributors’ risk appetite with their investment horizon at each life cycle stage. The Multi-Fund Investment Structure segregates the RSA Funds into 6 Fund types (Funds l to Vl). Three Funds (Fund I, Fund II, Fund III) are for active contributors, while Fund IV is for retired contributors. Fund V serve the needs of the Micro Pension Plan participants, and finally, Fund VI, which is the Non-Interest Fund and is available to both active and retired contributors. 

The Non-Interest Fund VI

The Non-Interest Fund VI is a fund type whose assets are invested in ethical and non-interest-bearing instruments in line with Non-interest Principles approved by the Financial Regulation Advisory Council of Experts (FRACE). The Non-Interest Fund VI seeks to attract employees with reservations about investments in interest-bearing instruments, thereby promoting financial inclusion within the Nigerian financial system. In addition, the overarching objectives of pension fund investments of safety and maintenance of fair returns on investments apply to Fund VI. 

Fund VI assets shall not be invested in the production or trading of alcohol, pornography, weaponry, gambling/betting, speculation, interest-earning ventures, and other ventures of similar nature, contrary to non-interest finance principles and as may be determined by FRACE from time to time.

How to Transfer Pension Savings to the Non-Interest Fund VI

It is important to note that membership in Fund VI can only be at the instance of the RSA holder. Accordingly, RSA holders in Funds I, II, and III and retirees in Fund IV can transfer their RSA contributions to the Non-Interest Fund by making a formal request to their Pension Fund Administrator (PFA) in line with section 7.6 of the Investment Regulation, which deals with transfers between fund types. The RSA holder is not required to pay any fee. Therefore, eligible RSA holders are only required to visit their respective PFAs to request the transfer of their pension savings from their existing Fund to the Non-Interest Fund by completing and signing a consent form issued by their PFA. The presence of the RSA holder is necessary for authentication. After that, the PFA will move the pension savings to the Non-Interest Fund and notify the RSA holder.

In a significant move aimed at ensuring compliance with Islamic Finance principles in the investment of Non-Interest Pension Fund (Fund VI) assets, the National Pension Commission (PenCom) recently issued the Revised Framework for the Establishment of the Pension Industry Non-Interest Advisory Committee (PINAC). 

PINAC is expected to assist in institutionalising monitoring mechanisms for effective compliance of Non-Interest Fund investments with ethical principles. The primary objectives of the Revised Framework for the Establishment of PINAC are to set out rules, regulations, and procedures for the establishment of PINAC, define the roles, scope of duties, and responsibilities of PINAC, outline the functions related to Shari’ah review and audit processes of Fund VI assets, strengthen the capacity of the pension industry to adhere to Islamic Finance principles in the investment of Fund VI assets, and defining the relationship and working arrangement between the Pension Fund Operators Association of Nigeria (PenOp) and PINAC.

The creation of the Non-Interest Fund will complement other financial sector regulators’ efforts to promote the issuance of structured products that comply with the applicable principles of non-interest finance to provide viable investment outlets for pension funds. 

For more information on the Non-Interest Fund pension, contributors and retirees should not hesitate to enquire from their PFAs and also refer to the Operational Framework For Non-Interest Fund on the Commission’s website www.pencom.gov.ng.

RSA Survey Reveals Identity Security Knowledge Gaps And AI's Role In Improving Protection

Identity is a crucial component of effective security. A new report from RSA highlights some ... [+] concerning gaps in the knowledge of self-identified identity professionals, and shares insight on the future of identity security.

RSA recently conducted its inaugural ID IQ Quiz, aiming to assess the knowledge and awareness of cybersecurity and identity and access management (IAM) professionals. The “2023 RSA ID IQ Report” from RSA shares the survey's results and sheds light on various aspects of identity security, including the prevalent knowledge gaps and the role of artificial intelligence (AI) in enhancing protection.

A press release from RSA announcing the report highlights some of the key findings from the survey:

I have reviewed the report myself, and I spent some time with RSA CEO Rohit Ghai to dive into the insights and talk about some of the things that seem concerning or promising from the survey results.

With a sample size of over 2,350 respondents from more than 90 countries, the survey provides a comprehensive look at identity security around the world. Rohit Ghai, CEO of RSA, noted, “We got much more than expected participation around a global set of audience that actually engaged with the survey. That was very, very promising to us. That means identity is a top of mind issue globally.”

The report identifies substantial gaps in respondents' knowledge concerning vital identity vulnerabilities, best practices for securing identity, and strategies for developing stronger identity security. Alarmingly, 63% of the participants could not accurately identify the identity components necessary to move organizations towards a zero-trust approach.

Similarly, 64% of respondents failed to select the best practice technologies for reducing phishing attacks effectively. The survey found that many self-described IAM specialists have a concerning lack of understanding of identity security. Nearly two-thirds could not accurately select the best practices to reduce phishing, and more than 40% underestimated the frequency that users recycle old passwords.

These knowledge gaps provide cybercriminals with opportunities to exploit organizations. Users' lack of comprehensive understanding regarding identity's cybersecurity role and risks makes them susceptible

Jim Taylor, the Chief Product Officer of RSA, emphasized that the increasing number of users, devices, entitlements, and environments is overwhelming IAM specialists, making it challenging for them to keep up with evolving threats. To stay secure and compliant, organizations must invest in unified identity solutions and integrate AI to help their personnel cope with the rapid pace of change.

By incorporating AI capabilities, organizations can better detect suspicious access attempts, identify irregularities in access entitlements, and recognize vulnerabilities on mobile devices. The survey revealed that a significant 91% of respondents believe in AI's potential to improve identity security, highlighting the widespread recognition of AI's benefits in enhancing protection.

It seems undeniable that AI will play a significant role in virtually every aspect of technology and security, but that doesn’t mean that AI alone is the solution. Rohit and I discussed the power and importance of AI combined with human insight and experience. AI is invaluable for processing the sheer volume and complexity of identity requests, and augments identity professionals to enable better identity security.

The report indicates that respondents trust technological innovations for their security and privacy. Nearly two-thirds (64%) of the participants place more trust in technical tools like computers or password managers than in their partner, closest friend, or financial advisor when it comes to safeguarding their information.

Furthermore, respondents exhibited strong confidence in AI's capabilities to enhance identity security. This reflects the growing acceptance of AI as a potent tool in the fight against cyber threats.

According to the report, unmanaged devices pose a significant risk of identity compromise. An overwhelming 72% of all respondents believed that people frequently use personal devices to access professional resources. Additionally, 97% of cybersecurity experts noted that users tend to open more emails on their phones than on desktops, making it more difficult to scrutinize potentially malicious content. The use of personal devices to access professional resources and the lack of similar security capabilities in unmanaged devices create a perfect storm of risks.

The RSA press release points out, “These responses align with Zimperium’s 2023 Global Mobile Threat Report, which found that the average user is 6-10 times more likely to fall for an SMS phishing attack than an email-based attachment.”

The survey revealed that nearly three-quarters of all respondents either didn't know or significantly undervalued the cost of a password reset, with almost half of self-described IAM experts unaware of the true cost. As password resets can cost upwards of $70 each, they contribute significantly to IT help desk expenses. The lack of accurate pricing awareness could lead to uncontrollable costs, highlighting the importance of employing a unified identity solution for authentication and access.

Moreover, inadequate identity governance and administration have a detrimental effect on organizational productivity. Nearly one-third (30%) of all respondents reported being prevented from accessing the systems needed for their work at least once a week. Such hindrances can hamper efficiency and hinder progress.

Rohit and I talked about the changing dynamics of identity security. “I think there is another very important issue there, which is that these identity professionals have thought of their jobs differently in the past,” he explained. “They thought of their jobs as enabling access.”

Rohit emphasized that the motives have shifted. The goal was initially to avoid helpdesk calls and ensure users had easy access to resources—but that is a very different objective and only a very small facet of what should define an identity professional today. That is more of a network admin or IT perspective, but it doesn’t address the security needs for identity today.

“I think that needs to change in the new world that is coming. Identity people need to be security people first, and network and access and the other skills that are important I believe will need to take a sort of secondary role going forward,” shared Rohit.

The 2023 RSA ID IQ Report paints a vivid picture of the current state of identity security knowledge, highlighting significant gaps that cybercriminals can exploit. The survey underscores the need for organizations to invest in unified identity solutions and integrate AI to enhance their security measures effectively. By addressing these vulnerabilities and embracing advanced technologies, businesses can fortify their defenses against identity breaches and protect sensitive information in an increasingly digital world.