Home Business IT Security Is there too much awareness of security threats?

Is there too much awareness of security threats? Featured

The head of security company RSA suggests there is too much awareness of security threats and too little understanding.

Speaking to journalists at the EMC World conference, RSA executive chairman Art Coviello said customers were "angry and confused" about the security situation, and suggested this has come about because the level of understanding of the issues does not match the level of awareness.

The situation is not helped by some parts of the security industry, he suggested: "I've been hearing 'cyber Pearl Harbor' since 2001."

Mr Coviello said the traditional perimeter model of security is obsolete. A large part of the problem is that the attack surface has broadened and continues to grow, thanks to the ever-expanding amount of digital content (he sees "a treasure trove of opportunities for attackers"), growth in the number of applications, a rapid increase in the number of connected devices once IPv6 is widely adopted and the 'Internet of Things' becomes a reality, and the widespread use of social networking making life easy for attackers using social engineering.

While he believes it is highly unlikely that anyone could launch a destructive attack on the Internet (he pointed out that even Stuxnet needed some manual intervention to reach its targets), a 'merely' disruptive attack on the financial services industry or other infrastructure would have "far reaching implications."

The new security model needs to be risk-based, dynamic and contextual, Mr Coviello said. It is no longer realistic to aim at making systems impenetrable, instead the goal should be to identify a breach and react quickly to prevent loss.

This means identifying any anomalies in human behaviour or flows of data, which requires collecting, mining and analysing massive amounts of data. Earlier in the week he referred to spotting "the faint signal that an attack is underway."

While this can be done to some extent within an organisation, the shortage of skilled security personnel means it is likely to be offered as a cloud service, which also ties in with the idea of large-scale information sharing (a "neighbourhood watch system") so that it is not necessary for every organisation to discover suspect patterns for themselves.

While there is room for improvement as organisations advance their security maturity, Mr Coviello warned "we haven't solved the problem of crime in the physical world, and we're not going to do it tin the virtual world."

Disclosure: The writer attended EMC World as the guest of the company.

Photo credit: EMC.


Does your remote support strategy keep you and your CEO awake at night?

Today’s remote support solutions offer much more than just remote control for PCs. Their functional footprint is expanding to include support for more devices and richer analytics for trend analysis and supervisor dashboards.

It is imperative that service executives acquaint themselves with the new features and capabilities being introduced by leading remote support platforms and find ways to leverage the capabilities beyond technical support.

Field services, education services, professional services, and managed services are all increasing adoption of these tools to boost productivity and avoid on-site visits.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

To find out all you need to know about using remote support to improve your bottom line, download this FREE Whitepaper.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.