Home Business IT Security Is there too much awareness of security threats?

Is there too much awareness of security threats? Featured

The head of security company RSA suggests there is too much awareness of security threats and too little understanding.

Speaking to journalists at the EMC World conference, RSA executive chairman Art Coviello said customers were "angry and confused" about the security situation, and suggested this has come about because the level of understanding of the issues does not match the level of awareness.

The situation is not helped by some parts of the security industry, he suggested: "I've been hearing 'cyber Pearl Harbor' since 2001."

Mr Coviello said the traditional perimeter model of security is obsolete. A large part of the problem is that the attack surface has broadened and continues to grow, thanks to the ever-expanding amount of digital content (he sees "a treasure trove of opportunities for attackers"), growth in the number of applications, a rapid increase in the number of connected devices once IPv6 is widely adopted and the 'Internet of Things' becomes a reality, and the widespread use of social networking making life easy for attackers using social engineering.

While he believes it is highly unlikely that anyone could launch a destructive attack on the Internet (he pointed out that even Stuxnet needed some manual intervention to reach its targets), a 'merely' disruptive attack on the financial services industry or other infrastructure would have "far reaching implications."

The new security model needs to be risk-based, dynamic and contextual, Mr Coviello said. It is no longer realistic to aim at making systems impenetrable, instead the goal should be to identify a breach and react quickly to prevent loss.

This means identifying any anomalies in human behaviour or flows of data, which requires collecting, mining and analysing massive amounts of data. Earlier in the week he referred to spotting "the faint signal that an attack is underway."

While this can be done to some extent within an organisation, the shortage of skilled security personnel means it is likely to be offered as a cloud service, which also ties in with the idea of large-scale information sharing (a "neighbourhood watch system") so that it is not necessary for every organisation to discover suspect patterns for themselves.

While there is room for improvement as organisations advance their security maturity, Mr Coviello warned "we haven't solved the problem of crime in the physical world, and we're not going to do it tin the virtual world."

Disclosure: The writer attended EMC World as the guest of the company.

Photo credit: EMC.

WEBINAR 26/27th May

Thinking of deploying Business Intelligence (BI)? So are your competitors.

And the most important, fundamental, tool for delivering your BI information to your users? Dashboards.

THIS IS ONE NOT TO MISS SO REGISTER NOW

DON'T MISS OUT - REGISTER NOW!

FREE WHITEPAPER - RISKS OF MOVING DATABASES TO VMWARE

VMware changed the rules about the server resources required to keep a database responding

It's now more difficult for DBAs to see interaction between the database and server resources

This whitepaper highlights the key differences between performance management between physical and virtual servers, and maps out the five most common trouble spots when moving production databases to VMware

1. Innacurate metrics
2. Dynamic resource allocation
3. No control over Host Resources
4. Limited DBA visibility
5. Mutual ignorance

Don't move your database to VMware before learning about these potential risks, download this FREE Whitepaper now!

DOWNLOAD!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.

Connect