Tag Archives: RSA

LulzSec: A Drop in the Ocean of Cybercrime.

The LulzSec ring leader, 28 year old Hector Xavier Monsegur has been working closely with the FBI since he was secretly arrested last June. The type of deal he struck with the FBI has not been specified however it is assumed it will have reduced his jail sentence from 124 years.

The list of arrests on Tuesday included one in the United States, two in the UK and two in Ireland.

With the huge amount of hype and press coverage following the worst year of cyber attacks in corporate history, it is no surprise that 20,000 people showed up to the RSA conference last week in San Francisco.

Talks were to highlight the current cyber security crisis and review proposed legislation. During the presentations Robery Mueller, FBI director predicted that cyber threats were set to surpass terrorism as the country’s top threat.

Gregory Roll who went to the conference for advice on security procedures for his large corporate finance employer had this to say: “It’s a constant battle, and we’re losing.”

There appeared to be an overall negative vibe at the convention as people who tipped up for advice came away feeling more nervous, as they heard various CEOs tell their data breach horror stories.

Such stories included that told by James Bidzos, CEO of core internet infrastructure company Verisign, which lost data to hackers in 2010. In addition the CEO of Symantec, Enrique Salem told the audience how the company had recently had their 2006 source code stolen.

Art Coviello, Executive Chairman of RSA said he hoped that something positive could come out of his company’s misfortune through breaches being taken more seriously.

“People have definitely talked more seriously after our breach.”

Expert praises security potential of cloud computing

Art Coviello, the head of RSA, told the audience at a security conference in the US that the ongoing adoption of cloud-based solutions was giving vendors and businesses a chance to create a more secure environment for data storage and protection.

Speaking at the 2010 EMC World conference in Boston, Mr Coviello said that building cloud platforms from the ground up meant that professionals could integrate security measures into the foundations of the new systems, resulting in a more stable, trusted environment and a reduction in the likelihood of data loss or theft.

Mr Coviello sees the rise of cloud computing as a chance for firms to go back and start from the very beginning, by which he means that proper data protection needs to be considered and included in the core functions of any cloud-based system. He believes this to be something of a once in a generation opportunity that should not be missed.

There is still some apprehension surrounding cloud solutions, with even the vendors questioning whether they can offer adequate security and build confidence in the client base. Mr Coviello gave the example of a recent report which found that over 50 per cent of IT managers are still mistrusting of the security offered by cloud computing.

Experts are attempting to push for the creation of a platform which will have multiple layers of security to be harnessed by businesses from day one of its adoption. The intention is to make the monitoring of each system as simple as possible, whilst the protective layers are there to make it difficult to attack or misuse data.

The EMC’s Pat Gellsinger concurred with Mr Coviello, adding that a significant security benefit of cloud computing was its ability to implement protective measures in a granular form.

Both Mr Coviello and Mr Gellsinger offer warnings as well as positive messages in relation to the cloud, with the general assumption that cyber criminals will pounce on any cloud system which is not adequately protected. Cloud security is seen as a somewhat black and white environment, guaranteeing either complete protection or a data loss nightmare.

Survey warns of improperly protected intellectual property

Businesses are taking data loss prevention more seriously, but many are failing to keep other information safe from prying eyes, according to a study conducted for Microsoft and RSA.

Resources are being allocated to enhance data security for personal information, but Forrester Consulting has said that the same strict policies for data security are not being uniformly applied, leaving business secrets and corporate information at risk.

305 IT managers were questioned in a recent survey with 90 per cent indicating that they were in full compliance with data protection regulations. However, it was revealed that the majority are concerned with the safety of private information they store on behalf of customers and clients, with little attention paid to information generated and relevant internally.

RSA’s Sam Curry said that protecting the personal information of consumers, including payment card, medical and residential data, was of paramount concern for most businesses. Mr Curry is aiming to raise awareness relating to the protection of intellectual property which is significant to individual businesses.

Mr Curry pointed out that leaking intellectual property can seriously damage the long term performance of any business, as it can give competitors the edge and reduce market share. He said that the complexity of current hacking techniques is allowing data thieves to break into large corporations and harvest this kind of information with relative ease.

Respondents to the survey said that they were focusing efforts on preventing the accidental loss of data by tightening policies relating to portable storage. The survey’s author says that greater attention needs to be paid to third party firms and individuals that are known and trusted, as well as current and former employees who might have access to trade secrets.

The problem of data theft by former employees is said to be far more expensive than accidental loss, as they are able to access and steal significantly more information rather than that which can be stored on a USB memory stick.

Microsoft’s John Chirapurath added that inter-business partnerships were making leaks and thefts by employees an even greater risk for firms to consider.

Phishing attacks remain high post-Christmas

IT security firm RSA has released new figures suggesting that criminals are heightening their efforts to target unsuspecting consumers in order to steal their personal data, with a 21 per cent rise in the number of phishing websites hijacking established brands to gain misplaced trust.

RSA said that in December 2009 a fifth more brand-based phishing sites appeared than in the previous month and in total 275 brands were mimicked by malicious hackers in the run up to Christmas, which is a new record within the industry.

Despite this news, it appears that in general the number of phishing attacks are actually growing at a slower rate than in the past, with a 3 per cent increase in the total number between November and December 2009 being far lower than the 17 per cent growth that was predicted for the year in whole.

The Global Online Consumer Security Survey that RSA commissions every year has shown that general awareness as to the dangers of phishing sites is increasing, with over 75 per cent of average internet users being wise to the most common tactics employed. This is up from around 33 per cent three years ago.

The UK is second in volume when the total number of phishing attacks are calculated, with the largest number of attacks being in the USA.

Phishing sites always rise dramatically in numbers during December as shoppers are targeted, but according to a recent report by Network Box the number is not abating as it usually does at the start of a new year. In excess of 50 per cent of the malicious emails posted over the last month were revealed to have contained links to phishing websites, indicating that the criminal fraternity is remaining persistent in its attempts to steal identities and harvest sensitive information from consumer’s computers.

Security analyst Simon Heron said that the UK’s emergence from the recession was causing more phishing sites to open their doors, as many people continue to look for bargain-basement deals on the internet with more interest in a low price than in the safety of their personal information.

Data Breaches – Can you trust your employees?

With data breaches becoming almost daily headline news, businesses are spending both time and money on ensuring that people who shouldn’t be accessing their data can’t. However what about the situation where an employee of the company, who should / needs to access the data, decided that they are going to steal this data to sell on for profit or malicious intent?

In most cases when a data breach can be pinned down to an employee, their intensions were not malicious; they were simply unaware that what they were doing, or the way in which they were doing it left the company in a venerable state. However the number of cases where the employee did know exactly what they were doing is on the increase, with 19% of incidents believed to be intentional according to a recent survey carried out by RSA. 52% of incidents are believed to be accidental, but RSA’s Chris Young says “Unintentional risk gets overlooked, yet it’s the most serious threat to business”.

The current staff are the least of company’s worries, with disgruntled former employees posing a far bigger security threat. A shocking 53% of ex-employees have admitted to stealing company data with the intent of causing harm to the company. These threats can cause the business loss of revenue, reduce their competitive advantage and result in bad P.R. to the organisation which is often extremely difficult for them to recover from.

Are there ways to prevent both accidental and intentional data breaches?

Accidental, most definitely, increasing the user knowledge and understanding of data security can help to prevent these issues. I.T. training and increased I.T. understanding can also help employees to realise why data breaches are so threatening to the company.

Intentional data breaches are a little bit harder to prevent, especially if the employee needs to access the data in order to do their job. Steps can be taken to increase permission controls across the company’s network, to ensure that data can only be accessed by the people that should be viewing it.

The issue of insider risk is one that is not going to go away easily, the closer to the I.T. department the threat is, the more damage can be caused. A lot of trust is placed in an I.T. department and questions have been asked that with no accreditation body controlling the I.T. sector such as in engineering , accountancy or healthcare, can or should companies afford to put so much faith in one department?

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal