The cybersecurity industry is at a crossroads, and investors face serious challenges. For that reason, timing was ripe for a well-attended RSA Conference 2023 at San Francisco’s Moscone Center, where theCUBE analysts reported live on keynote breakdowns, major announcements and hallway talk. 

The narrative from security vendors has been that organizations don’t spend enough money on cyber defense, according to theCUBE industry analyst Dave Vellante. But is that true?

“The conventional wisdom is it will help; or at least it can’t hurt,” according to Vellante in a recent Breaking Analysis. “But as we and others have pointed out over the years, a crowded market and mega venture capital funding have created more tools, more complexity and more billionaires. But are we safer?”

To hear more about the latest trends in the market, Vellante and fellow analyst John Furrier talked with cybersecurity experts and industry executives during SiliconANGLE Media’s livestreaming studio theCUBE’s coverage of the event. 

Among other subjects, they discussed the current trends in cybersecurity, the role of artificial intelligence and the ongoing fight against misinformation. (* Disclosure below.) 

Here are three key insights you may have missed:

1. The industry is ripe for disruption.

This past January, security company Armis Inc. reported that organizations were underprepared to handle cyber warfare, and Splunk Inc. revealed security leaders see more cyberattacks and outages.

Though such developments remain causes for concern, evidence has yet to emerge revealing the challenge’s extent, according to Furrier. However, the industry is “ripe for disruption.”

“If you don’t change your ability to play the game, you will lose, because the bad guys are getting better, faster, smarter, cheaper,” he said during a keynote analysis segment at RSAC.

Amazon.com Inc., along with hyperscalers and supercloud players, have pattern recognition data and have observational space, Furrier added.

“They can look at things and do honeypots, do all kinds of test devices put out there for hackers. They can start to see their moves,” he said. “This becomes a game of cat and mouse at a level that only large-scale cloud could handle.” 

The question, then, becomes similar to what Vellante posed in his Breaking Analysis. Are we better at security than we were 10 years ago? The answer seems to be yes. But is that because of cloud or because on-premises software is better?

“The industry is just way more sophisticated. Here’s the problem. The API economy that the cloud brought about created so many seams and so much more complexity,” Vellante said. “You have more tools, more complexity, less skills, and as a result, we’re no more safe. In fact, I would argue we’re less safe because there’s just more seams and we have more to lose now.”

Here’s the complete Day 2 Keynote analysis segment with Vellante and Furrier:

2. Data protection is emerging as the first line of defense.

Cyberattacks and extortion continue to be a huge problem for organizations and are projected to amount to about $10.5 trillion annually by 2025, according to McKinsey & Co. In light of those attacks, data protection and recovery is becoming the first line of defense, according to Wendi Whitmore (pictured), senior vice president of Unit 42 at Palo Alto Networks Inc.

“Organizations are allocating budget to do that. Before, that was seen more as a disaster recovery type of last-case-needed situation,” Whitmore told theCUBE during RSAC. “Now, that’s just a fundamental integrated part of mini-business practices, which is good news.”

There have been other changes in the attackers’ playbook as well. It used to be that users would need to pay a ransom to get their data back. Today, increasingly, it’s also about hackers not releasing it to the public.

About a year ago at this time, attackers were doing what Whitmore called a “quadruple extortion” — in a ransomware attack, looking to get payment for encrypting the data and returning it unencrypted when it’s stolen, not extorting it for distributed denial-of-service attacks, and then giving that same data to the most sensitive clients.

“What we’ve seen now is that they’ve, by and large, stopped doing that first part, which is the encryption piece. So, there are certainly still organizations who are victims of mass encryption, but attackers are seeing that takes a lot of time and effort,” Whitmore said.

Given that it’s now possible to get decrypters faster, that’s starting to lead to less return-on-investment on encryption, according to Whitmore. 

“It also takes a lot of time and a lot of energy for them to decrypt it, to make sure it works, to have the customer service elements,” she said. “There’s a lot of activity there in interaction, that if they simply steal the information and then extort you on the backend, much simpler business model.”

Of course, all of this is made more critical as companies transition to a hybrid multicloud environment and as the attack surface gets “larger and larger,” Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco Systems Inc., told theCUBE during RSAC. AI is increasingly playing a significant role in the cybersecurity space, according to Patel.

“The future possibilities are very exciting, but you have to keep in mind the downsides. And that’s why responsible AI frameworks are going to be pretty important as well,” he said.

Here’s theCUBE’s complete video interview with Wendi Whitmore:

3. The big players in AI and cybersecurity are yet to be determined.

It’s still unclear how foundation models, such as those being developed by OpenAI, will be deployed by defenders, or by attackers for that matter. Some say they’re already “fired up” for what the technology could enable. That’s because it can break through one of the big barriers to the adoption of enterprise technology, which is getting novice users up to speed two or three times more quickly, according to Jeremy Burton, chief executive officer of Observe Inc.

“We’ve got to a point where when we’re releasing code, maybe you have an LLM ops team that’s part of engineering, because if we have technically accurate information, we can train a model with that and then we can let GPT write the beautiful English that is understandable by everyone. And to me, that has been the huge challenge in enterprise tech so far,” he told Furrier and Vellante.

There’s a potential for a “gold rush” in the sector while big players emerge, according to John Chambers, chief executive officer of JC2 Ventures.

“If somebody could get AI and cybersecurity together uniquely, that gets exciting. But every company’s going to be an AI company. Every company’s going to be digital,” he told theCUBE during RSAC. “That means tech is here to stay and the future looks very good. The question is, can the U.S. lead in this or not?”

So what are some positive steps the United States could take to ensure that it is leading the conversation regarding these developments?

“There’s no entitlement. You have to earn the position. And Silicon Valley doesn’t have that, nor does the U.S. You have to earn it. We need a higher sense of urgency. However, we control our destiny more than anyone else,” Chambers said, noting the potential of unicorns emerging in the space.

Some major players are already making moves around how they feel generative AI could be used in cybersecurity. Last week, Google LLC announced a large language model fine-tuned for cybersecurity operations.

“We’ve trained the large language model on all of the Mandiant threat intel data and the Google threat intel data so you can create an ‘industry-first security LLM’ but ensconce it in an enterprise-grade platform that we’re calling the Security AI Workbench,” said Sunil Potti, vice president and general manager at Google, told theCUBE. “A customer could start-prompt engineering a security use case on this platform while keeping their data as their data.”

Still, given the conversation taking place around ransomware, cyberattacks and cyberwarfare at the RSA Conference, Chambers noted the urgency of this discussion.

“You have to have the capability to say, if the U.S. is going to lead in defense, we better lead in AI and cybersecurity as we move forward,” he said.

Here’s theCUBE’s complete video interview with John Chambers:

To watch more of theCUBE’s coverage of the RSA Conference 2023, here’s our complete event video playlist:

(* Disclosure: TheCUBE is a paid media partner for the RSA Conference. Sponsors of theCUBE’s event coverage do not have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE