After two long years of waiting and anticipation, the cybersecurity community finally made a return to the RSA Conference in San Francisco, CA from June 6-9. While the turnout was smaller this time around compared to previous years, it was still great to have a semblance of normalcy, see our clients, colleagues, and friends in person again, and discuss the wide range of trends, topics, and challenges we’re seeing on a daily basis. Here’s a handful of the top takeaways and storylines that came out of this year’s conference:

1. Embracing transformation in a rapidly changing threat landscape

“Transform” was this year’s theme at RSA. Not only is there transformation happening in the modern workplace as well as the rapidly-evolving threat landscape, but also in the industry as a whole. Thinking about what’s happened since the last RSA in February 2020 – a global pandemic that opened up the floodgates for cybercrime, SolarWinds, the Colonial Pipeline attack, the Kaseya ransomware attack, an escalating war in Eastern Europe – there have been transformations we could have never predicted or even thought possible. This led many at RSA to proclaim that the way we do security needs to transform.

2. Ransomware is still Public Enemy #1

Much of this year’s conference revolved around the continued rise and threat of ransomware attacks. The speed at which attackers move and operate these days is quicker than organizations can prepare for or defend against. That being said, one of the interesting points that came out of these discussions was the fact that crackdowns on ransomware groups make a significant difference in the fight against ransomware. As a result of these crackdowns, there are far fewer ransomware groups still wreaking havoc, with two – Conti and LockBit – making up over 50% of ransomware attacks in Q1 2022.

3. Extended Detection and Response (XDR), Zero Trust (ZT), & Cyber Asset Management (CAM) steal the show

A lot of the conversations at RSA revolved around the idea of “consolidation.” CISOs and analysts alike talked about consolidating tools and reducing the number of vendors and solutions they rely on to achieve business outcomes and ultimately be more secure.

While there were predictions that we will see more and more acquisitions in the second half of 2022, there were also talks of how solutions and approaches like XDR and ZT can help organizations consolidate as both are able to seamlessly integrate with existing tools and environments. Plus, we even saw many organizations introduce new products and solutions that offer benefits to each. By consolidating, organizations can also achieve better CAM by having a more streamlined inventory of assets as well as closing security solution coverage gaps.

4. Addressing the skills gap and workforce shortage

To help protect against ransomware and other attacks, organizations need more skilled IT and cybersecurity professionals. However, they are becoming increasingly hard to find. There are currently an estimated 2.7 million unfilled cybersecurity positions. Having skilled professionals on your team to face today’s advanced threat landscape can make all the difference.

The question becomes, “How do we find and keep skilled professionals in this digital-first world?” This was one of the main questions coming from CISOs during the conference. One suggestion that came out of these discussions relates to addressing the burnout felt by teams: organizations must have the empathy and right tooling in place to support everyone at all times.

5. Collaboration is key

There is no doubt that both private and public organizations bring their own useful set of tools and information to the table. This is exactly why Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), called upon public and private organizations to join forces and work together in order to better defend themselves against today’s advanced threats.

In order to get to a comfortable place where these organizations can collaborate, there needs to be established trust because, at the end of the day, we all share a common enemy. The challenge, however, is changing the culture within these organizations and agencies in order to get to a level of trust that both sides agree upon.

These five takeaways were only a part of the overall conversation that took place at RSA. With such a long pause in between conferences, there was certainly a lot on everyone’s mind going into this year’s show, not to mention the ongoing COVID-19 concerns that forced many to stay home altogether.

That being said, it was a great opportunity to learn from some of the brightest minds in this field about the current state of this industry as well as what’s to come down the road for the rest of 2022 and beyond. Our team looks forward to following the development of several of these storylines over the next couple of months leading into Black Hat, while also continuing to gather unique perspectives from our clients.

For help standing out in the crowded security market and driving additional awareness, visit https://www.merrittgrp.com/industries/security/ or contact Michelle Schafer, Senior Vice President and Partner, at schafer@merrittgrp.com.