Speaking of Security – The RSA Blog and Podcast

Gone are the days when it was thought that size of the company matters to the cybercriminals. The latest PwC Information Security Breaches Survey 2013 shows that there has been a significant rise in the number of small businesses that were attacked by an unauthorized outsider in the last year – up by 22%. Interestingly large organizations only went up by 5%. The cybercriminal has moved on to stealing intellectual property or corporate secrets as that’s where the real money is and small companies become easy targets as many do not have the resources or budgets to fully protect their information.

It’s time to understand the differences between corporate secrets and custodial data.

• 

The UK government has identified cyber security as a key area of focus and new investment and in 2011 announced a budget of £650 million to shore up defenses in the UK. So after two years, let’s examine how it’s been spent.

• 

Following on from my recent blog ‘Re-enforcing our doors in 2013’ solving all of the issues of disruptive innovations isn’t going to be possible in a year but we must take some strides towards making some of the changes. The four members of the disruptive family are Cloud computing, social media, big data and Mobile.
Let’s take Social Media this week and examine some competencies organizations must start to build.

• 

It’s no surprise that Mobile is one of the four competencies which will need to be addressed in 2013. I addressed the mobile competencies in some detail sin one of my blogs last year so for the sake of completeness I will revisit to ensure my recommendations are still valid.

• 

Art Coviello at RSA often refers to the skills gap in the number of Cyber security professionals in his keynotes. A UK National Audit Office report out today quotes it could take “up to 20 years to address the skills gap.” The truth is the number of IT and cyber security professionals in the UK has not increased in line with the growth of the internet and the NAO warns that the UK faced a current and future cyber security skills gap, with “the current pipeline of graduates and practitioners” unable to meet demand.

• 

Last week Mandiant produced their report entitled ‘Mandiant APT1 report’ that was widely covered by global media and essentially exposed a ring in China allegedly responsible for APT attacks. To many, this in itself is startling news and there have been many stories pointing the finger at hackers in China. However, on reading the report [...]

• 

When it comes to defending our networks we have to be right 100% of the time but a cybercriminal has to be right just once. We must shift this balance if we are ever going to be in a position to truly protect and defend our networks. In fact, defence is probably no longer appropriate [...]

• 

Following on from my last blog ‘Re-enforcing our doors in 2013’ solving all of the issues of disruptive innovations isn’t going to be possible in a year but we must take some strides towards making some of the changes. The four members of the disruptive family are Cloud Computing, Social Media, Big Data and Mobile. Let’s take Cloud Computing this week and examine some competencies organizations must start to build.

• 

The European Cybercrime Centre officially opened its doors this month based at the European Police Office in the Netherlands. According to a BBC report cybercrime in europe is estimated to cost €1.5 billion. The EC3′s focus is on illegal online activities carried out by organized crime groups — especially attacks targeting e-banking and other online financial activities, online child sexual exploitation and crimes that affect the critical infrastructure and information systems in the European Union.

• 

In my last blog I talked about the key technologies breaking down our doors in 2013. The four key areas were Cloud Computing, Social Media, Big Data and Mobile Devices. None of these should have come as a surprise to anyone in the industry today. These are all topics that are discussed and debated around tables of security teams in most enterprises. So, what can we do today to ensure we are prepared for these challenges and how do we start reinforcing our doors so that we allow these new technologies but have greater control and visibility and provide transparency for the user?

•