Home Business IT Security Is there too much awareness of security threats?

Is there too much awareness of security threats? Featured

Subscribe now and get the news that matters to your industry.

* Your Email Address:
* First Name:
* Last Name:
Job Function:
Australian State:
Email marketing by Interspire
weebly statistics

The head of security company RSA suggests there is too much awareness of security threats and too little understanding.

Speaking to journalists at the EMC World conference, RSA executive chairman Art Coviello said customers were "angry and confused" about the security situation, and suggested this has come about because the level of understanding of the issues does not match the level of awareness.

The situation is not helped by some parts of the security industry, he suggested: "I've been hearing 'cyber Pearl Harbor' since 2001."

Mr Coviello said the traditional perimeter model of security is obsolete. A large part of the problem is that the attack surface has broadened and continues to grow, thanks to the ever-expanding amount of digital content (he sees "a treasure trove of opportunities for attackers"), growth in the number of applications, a rapid increase in the number of connected devices once IPv6 is widely adopted and the 'Internet of Things' becomes a reality, and the widespread use of social networking making life easy for attackers using social engineering.

While he believes it is highly unlikely that anyone could launch a destructive attack on the Internet (he pointed out that even Stuxnet needed some manual intervention to reach its targets), a 'merely' disruptive attack on the financial services industry or other infrastructure would have "far reaching implications."

The new security model needs to be risk-based, dynamic and contextual, Mr Coviello said. It is no longer realistic to aim at making systems impenetrable, instead the goal should be to identify a breach and react quickly to prevent loss.

This means identifying any anomalies in human behaviour or flows of data, which requires collecting, mining and analysing massive amounts of data. Earlier in the week he referred to spotting "the faint signal that an attack is underway."

While this can be done to some extent within an organisation, the shortage of skilled security personnel means it is likely to be offered as a cloud service, which also ties in with the idea of large-scale information sharing (a "neighbourhood watch system") so that it is not necessary for every organisation to discover suspect patterns for themselves.

While there is room for improvement as organisations advance their security maturity, Mr Coviello warned "we haven't solved the problem of crime in the physical world, and we're not going to do it tin the virtual world."

Disclosure: The writer attended EMC World as the guest of the company.

Photo credit: EMC.


Don't let traffic bottlenecks slow your network or business-critical apps to a grinding halt. With SolarWinds Bandwidth Analyzer Pack (BAP) you can gain unified network availability, performance, bandwidth, and traffic monitoring together in a single pane of glass.

With SolarWinds BAP, you'll be able to:

• Detect, diagnose, and resolve network performance issues

• Track response time, availability, and uptime of routers, switches, and other SNMP-enabled devices

• Monitor and analyze network bandwidth performance and traffic patterns.

• Identify bandwidth hogs and see which applications are using the most bandwidth

• Graphically display performance metrics in real time via dynamic interactive maps

Download FREE 30 Day Trial!



Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.