Art Coviello, executive chairman of RSA, EMC’s security division, closed his keynote at the company’s conference with the famous Nietzche quote, “What doesn’t kill you makes you stronger”.
Given the tempestuous events of this year, Coviello knows what he is talking about. It is to the company leaders’ credit that an event that could have killed another company was dealt with quite deftly. Immediate action averted a disaster when the security specialist became a security casualty.
It is customary for Coviello to open the conference with a speech that looks back at the past year of cyber-crime to set the scene for the numerous seminars and teach-ins that typifies the RSA Conference. This year he adjusted the traditional format to embrace a look at what thought processes should be engaged when establishing a security policy.
In this year’s attack on the SecurID network, his company found that its traditional defence barriers which had rigidly resisted past attacks became outdated overnight as it fell foul of new thinking spreading across hackerdom.
The core message that RSA was bringing to Londonwas summed up by Coviello when he said, “Organisations are defending themselves with the information security equivalent of the Maginot Line – as their adversaries go around them. But, we can recover if we adapt and become more agile.”
It is important to step back and take a look at the cyber-crime landscape. No longer are we victims of mischievous or curious hackers testing the perimeters for weak spots. Gone are the days of the reverse engineering attack or the hurling of random data at the castle walls in fuzzing attacks launched in trebuchet-like volleys at random points. Today’s attackers come from many different tribes with a range of agendas but they are united in the old practice of finding the weakest point. Now, though, they are finding new spins on social (network) engineering and phishing, or known-vulnerability exploits.
This year saw the rise of the hacktivist, a politically-motivated attacker whose aim is to block Websites or to embarrass an organisation by stealing and revealing secrets from behind the firewall.
We have also seen a different kind of political attack as national governments attack one another in cyber-space with stealth weapons of awesome power – weapons that trickle down into the underworld of inter-company espionage.
“A criminal group can buy a botnet kit for drive-bys, a spamming kit for spam runs, bulletproof hosting from an underground service provider, unattributable domain registration … and on and on. For them it’s about speed and volume. They will find your weakest link,” warned Coviello.
Where Coviello became a little less clear in his message was in his differentiation between cyber criminals and nation state attacks. He described this difference with the following words: “They want to remain inside your network monitoring incident response efforts to gauge defender responses altering their behaviour accordingly until they get what they want.”
Back on beam, he added: “The implication of the risks from all of these attackers is that IT organisations are in a constant state of persistent, dynamic, intelligent threat. The security dogmas of the past are no longer adequate. Many security technologies are past their freshness date – offering diminished value. So all of us, as security professionals, need to change the way we think.”
Coviello divided the new requirements into three elements.
First, the system must be risk-based but at a much more granular level than in the past. Risk is a function of vulnerability, probability, and materiality of consequence – so, if you have information that has material value, it is probable that you will be attacked.
The way to find these weak points is to look at it from the hacker’s viewpoint. What may seem unimportant to you can be something that is missed. A PR firm in theUS saw its share price tumble when a disgruntled ex-employee hacked in and changed the figures in a financial report press release that was then widely circulated. Who would have thought that a press release would be a target?
The next area for attention, he said, is the agility of the security structure. Current measures often lack the situational awareness, visibility and agility needed to detect and thwart sophisticated attacks. The new thinking is to apply predictive analytics based on an understanding of normal states, user behaviours, and transaction patterns to spot those events that indicate an unexpected change – no matter how small.
Third, the system must have contextual capabilities. The success of prioritising actions and decision-making relies on access to the best information available. This goes beyond reliance on security event management gleaned from logs data.
“Organisations must adopt a ‘Big Data’ view of information security in which their security teams have real-time access to the entirety of information relevant to the detection of security problems. To operate as a system all kinds of data from controls and monitoring devices must be aggregated and leveraged.” Coviello advised.
Coviello closed his keynote with the Nietzche quote adding: “The questions for this audience are: Will we act on what we’ve learned? Will we commit the resources to be quicker and more agile? Do we have the will, politically and unselfishly, to create the ecosystem we need? We cannot escape history. We will be remembered in spite of ourselves. We have a common goal: to be remembered for leaving a firm foundation for our successors to build on.”
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…