In case you didn't know, the world of cybersecurity is about to have a Super Bowl. More than 40,000 people from more than 130 countries will gather in San Francisco the week of May 6 for the 33rd Annual RSA Conference on Cybersecurity. This is his 16th year as RSA conference president, and this year's event has a sense of tension and urgency that I have never seen before. To understand why, my team analyzed thousands of speaker submissions to the conference from cyberspace advocates around the world. Three of his themes stood out: artificial intelligence, information manipulation, and career burnout.
New AI technologies bring new risks
As the impact of AI in business and society grows (nearly 1 in 5 speakers focused on AI this year), every industry is exploring ways to harness the power of AI-powered systems. doing. At the same time, security experts are discovering new risks. One such risk is that these systems may somehow leak company or user data. Another concern is accuracy. Systems that utilize large-scale language models (LLMs) are probabilistic, so you can ask the same question multiple times and get slightly to meaningfully different answers each time. That might be fine for creating short stories, but what if your new AI-powered customer service chatbot occasionally provides customers with wildly inaccurate or fictitious information?
Cybersecurity attempts to address risk by: compensation control: Technologies and processes to contain or reduce these risks. The challenge is that many of these AI technologies are new and appropriate compensation controls are currently being built to manage the new risks. Additionally, there are concerns about AI regulation. Several countries have recently released guidance or issued regulations regarding AI. Prominent examples include the European Union AI Act and the US White House Executive Order on the Safe, Secure and Trustworthy Development and Use of Artificial Intelligence. Future regulatory adjustments, such as restrictions that prohibit these AI systems from making inferences about a customer's emotional state, could lead to the demise of AI-powered customer support chatbots.
Information manipulation crisis
Until a few years ago, building deepfakes required both technical acumen and intent. All you need now is intention. From a societal perspective, cybersecurity experts are concerned that the upcoming US presidential election could spawn a wave of deepfakes that could sway public opinion. From a business perspective, deepfakes enhance cybercriminals' ability to commit fraud. In a recent example, a treasurer at a large multinational company in Hong Kong was on a video conference call with several colleagues, during which he requested that the company wire $25 million to her as part of a deal. It was done. Unfortunately, these trusted colleagues were actually deepfakes, synthetic versions of real employees controlled by fraudsters.
Information manipulation concerns go far beyond doctored video or audio. One recent insidious example is in the software world, where malicious actors were able to embed a backdoor into a very commonly used application called her XZ Utils. Had this software embed not been discovered by software developers at Microsoft, tens of thousands of businesses could have been compromised.
Burnout is on the rise again
In addition to AI and data manipulation challenges, the cybersecurity community is experiencing a rash of high-profile ransomware attacks, such as the one that shut down the MGM Resort late last year. Looking back at his more than 10,000 speakers submitted over the past five years, the topic of “burnout” has spiked twice for him. The first was in 2021, when the coronavirus surged and cyberworkers had to quickly adapt to having a fully remote workforce. The burnout topic then receded to normal levels in 2022 and 2023, but spiked again in 2024. It's not just the recent wave of attacks weighing on cybersecurity professionals. There is growing concern that chief information security officers (CISOs) may be held personally liable for corporate breaches. Two cases in particular have raised the possibility of such liability, putting new pressure on companies to quickly report details of their breaches.
The power of community
Walk through your day and think about all the touchpoints you have with technology. Your car is a computer and your bank is an app on your phone. Technology is everywhere. That means hackers are everywhere too. I've spent my entire career in cybersecurity, from writing early books on how to find vulnerabilities in software, to teaching computer security at Columbia University, to working as Symantec's CTO. What most people don't appreciate about cybersecurity professionals is that we are part of a mission-driven community. Attackers often operate in near isolation. Cyber professionals will work with you. The elite of the global cybersecurity community is about to gather at her RSA conference, but this is more than just a gathering. It's a community call.
Dr. Hugh Thompson, teeth Chairman of the RSA conference executive committee.
Further must-read commentary:
The opinions expressed in Fortune.com commentary articles are solely those of the author and do not necessarily reflect the author's opinions or beliefs. luck.
