Home Business IT Security Is there too much awareness of security threats?

The head of security company RSA suggests there is too much awareness of security threats and too little understanding.

Speaking to journalists at the EMC World conference, RSA executive chairman Art Coviello said customers were "angry and confused" about the security situation, and suggested this has come about because the level of understanding of the issues does not match the level of awareness.

The situation is not helped by some parts of the security industry, he suggested: "I've been hearing 'cyber Pearl Harbor' since 2001."

Mr Coviello said the traditional perimeter model of security is obsolete. A large part of the problem is that the attack surface has broadened and continues to grow, thanks to the ever-expanding amount of digital content (he sees "a treasure trove of opportunities for attackers"), growth in the number of applications, a rapid increase in the number of connected devices once IPv6 is widely adopted and the 'Internet of Things' becomes a reality, and the widespread use of social networking making life easy for attackers using social engineering.

While he believes it is highly unlikely that anyone could launch a destructive attack on the Internet (he pointed out that even Stuxnet needed some manual intervention to reach its targets), a 'merely' disruptive attack on the financial services industry or other infrastructure would have "far reaching implications."

The new security model needs to be risk-based, dynamic and contextual, Mr Coviello said. It is no longer realistic to aim at making systems impenetrable, instead the goal should be to identify a breach and react quickly to prevent loss.

This means identifying any anomalies in human behaviour or flows of data, which requires collecting, mining and analysing massive amounts of data. Earlier in the week he referred to spotting "the faint signal that an attack is underway."

While this can be done to some extent within an organisation, the shortage of skilled security personnel means it is likely to be offered as a cloud service, which also ties in with the idea of large-scale information sharing (a "neighbourhood watch system") so that it is not necessary for every organisation to discover suspect patterns for themselves.

While there is room for improvement as organisations advance their security maturity, Mr Coviello warned "we haven't solved the problem of crime in the physical world, and we're not going to do it tin the virtual world."

Disclosure: The writer attended EMC World as the guest of the company.

Photo credit: EMC.


Download an in-depth guide to managing a healthy, motivated and energetic workforce without breaking the bank.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.






Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities