Home Business IT Security Is there too much awareness of security threats?

Is there too much awareness of security threats?

The head of security company RSA suggests there is too much awareness of security threats and too little understanding.

Speaking to journalists at the EMC World conference, RSA executive chairman Art Coviello said customers were "angry and confused" about the security situation, and suggested this has come about because the level of understanding of the issues does not match the level of awareness.

The situation is not helped by some parts of the security industry, he suggested: "I've been hearing 'cyber Pearl Harbor' since 2001."

Mr Coviello said the traditional perimeter model of security is obsolete. A large part of the problem is that the attack surface has broadened and continues to grow, thanks to the ever-expanding amount of digital content (he sees "a treasure trove of opportunities for attackers"), growth in the number of applications, a rapid increase in the number of connected devices once IPv6 is widely adopted and the 'Internet of Things' becomes a reality, and the widespread use of social networking making life easy for attackers using social engineering.

While he believes it is highly unlikely that anyone could launch a destructive attack on the Internet (he pointed out that even Stuxnet needed some manual intervention to reach its targets), a 'merely' disruptive attack on the financial services industry or other infrastructure would have "far reaching implications."

The new security model needs to be risk-based, dynamic and contextual, Mr Coviello said. It is no longer realistic to aim at making systems impenetrable, instead the goal should be to identify a breach and react quickly to prevent loss.

This means identifying any anomalies in human behaviour or flows of data, which requires collecting, mining and analysing massive amounts of data. Earlier in the week he referred to spotting "the faint signal that an attack is underway."

While this can be done to some extent within an organisation, the shortage of skilled security personnel means it is likely to be offered as a cloud service, which also ties in with the idea of large-scale information sharing (a "neighbourhood watch system") so that it is not necessary for every organisation to discover suspect patterns for themselves.

While there is room for improvement as organisations advance their security maturity, Mr Coviello warned "we haven't solved the problem of crime in the physical world, and we're not going to do it tin the virtual world."

Disclosure: The writer attended EMC World as the guest of the company.

Photo credit: EMC.


Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.