Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The RSA Conference Europe has opened with executive chairman Art Coviello quoting Nietzsche's epigram, "what does not kill you makes you stronger".
Coviello said the attack earlier this year was just the tip of the iceberg in an escalating threat environment. He said there needs to be a realisation that attackers have different motives and "current security technologies are not effective or not enough".
Also speaking was Tom Heiser, president of RSA, who called on the security industry to come together and share information.
He claimed reports on the RSA attack were not accurate and confirmed one RSA customer lost information as a result of the breach.
“Customers were told quickly and we identified the attack while it was in progress with an immediate move to mediate it. There were two groups involved and they were known to the authorities, but are now known to have worked together.
“They knew what to look for and where to go. They impacted people and process more than information and the malware was very fresh; we believe it was written a few hours before and it used very sophisticated technologies to complete the exfiltration with no evidence left behind that they were there.”
He said the motive was to gain access to defence-related IT, and RSA was not the final target. To customers who felt that they were inconvenienced, he said: "We truly apologise."
“People are our most viable asset and the quality of staff helped us as we moved the valuable people up. The security of our customers was first in our minds so we did not want to share information that could create a new type of attack.”
Heiser concluded by pointing out five actions to take in the event of an attack: "Reconsider your risk; rethink your security profile; deploy security and network analysis; tighten access control; and educate, educate, educate."
“We cannot blame each other for what happened, we need to come together. Our advocates are doing this and together we can ensure that our customers are the ones they can trust,” he said.
This article originally appeared at scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.