RSAC 2024: Increasing Cybersecurity Burnout a Prominent Issue

RSA CONFERENCE — Cybersecurity burnout was among numerous top industry issues addressed during this week’s RSAC 2024.

Wednesday capped off nearly a week of vendors unveiling their latest offerings and threat research, much focusing on AI. High points during RSAC 2024 include keynotes focused on the importance of community, and challenges associated with AI and generative AI. Also, big announcements dominated, such as the launch of LevelBlue, formerly AT&T Cybersecurity, and Google Cloud and Cisco’s latest AI innovations.

Britta Glade, RSAC’s vice president of content and curation, said cybersecurity burnout is an ongoing issue in the industry as evidenced from RSAC speakers and content.

RSAC's Britta Glade

“There's always been work-related burnout and stress … this is what we go through, but to have a spike similar to COVID-19, which of course COVID-19 turned all of our worlds inside out, I think from the human standpoint, the difficulty does seem to be manifesting itself in the burnout,” she said. “And that's definitely a red-flag warning for all of us as individual practitioners, but also as a community. What can we do for each other? We had specific sessions focused on burnout, focused on mental health. We need to exercise some caution and help each other, and build this community because it is a challenging time.”

XM Cyber at RSAC 2024

Also during RSAC 2024, XM Cyber released the findings of its third annual research report, “Navigating the Paths of Risk: The State of Exposure Management.” Produced in collaboration with the Cyentia Institute, the report examines the cyber exposure landscape based on data gathered from over 40 million exposures that present high-impact risks to millions of critical business entities.

Sharon Malaver, vice president of marketing, was on hand to discuss the findings and said the number of exposures being discovered monthly is increasing. Organizations typically have about 15,000 exposures across their environments that attackers could exploit. That's up from 11,000 last year. However, traditional CVE-based vulnerabilities account for less than 1% of those and just 11% of all exposures to critical assets.

XM Cyber's Sharon Malaver

“We found that 80% of exposures are actually related to misconfigurations and credentials,” she said. “That's what was very surprising. Another thing that we found that was super interesting was the fact that we have so many exposures in the environment, organizations are often struggling with understanding what needs fixing right now, what's putting their environment at risk. One of the things that the survey found was that 75% of exposures found actually lead to dead ends, meaning that if an attacker is in the environment and they're moving laterally, 75% of those exposures won't allow them to actually move on toward critical assets. So it's all about finding those focused exposures that can create high-impact breaches, what is actually leading to critical assets that we need to focus on and remediate. I think today the industry is wasting a lot of time on fixing the wrong things. It's all about focusing on the right things, filtering out the ones that are irrelevant and can't really cause so much harm in order to be able to focus on, let's say, the 25% that can actually put critical assets at extreme risk.”

Scroll through our slideshow for more from RSAC 2024.