Speaking of Security – The RSA Blog and Podcast

Continuing on my recent blogs on BYOD, I thought I would share some interesting statistics from this year’s PwC Information Security Breaches Survey. 75% of large businesses allow staff to use smart phones and tablets to connect to their systems yet only 39% ensure that data on these smart phones is encrypted. Mobile devices are often lost or stolen with any data on them exposed. In the wrong hands these devices can potentially open up a door into corporate assets.

• 

Initially there was outrage from a number of prominent groups about the proposed changes and now it seems ENISA (European Network and Information Security Agency) have voiced their concerns as well, and in a recent assessment published by ENISA the knives are out. It also seems that one of the biggest problems identified is to do with Big Data. So, here’s a question – If we take the proposed ‘right to be forgotten’ and add ‘Big Data’ to the mix what do we get? Big confusion!

• 

Great deals abound online for holiday shoppers during the hottest time of year where e-commerce merchants are looking to cash in on what is projected to be a US$1.25 billion spending spree just on Cyber Monday alone. Where the money goes, so do cybercriminals who are also looking to make illicit gains of their own using clever ruses such as phishing emails and web pages that promote discounts and offers that are too good to be true when in reality they are harvesting credit card numbers, stealing identities and anything else that can be turned into cash. Rueben Rodriguez from RSA’s Identity Data & Protection group joins the Speaking of Security podcast to talk about what consumers and online merchants need to look out for to avoid getting fooled by cybercriminals this holiday shopping season.

• 

The security industry has been following a set pattern of evolution when it comes to cyber security maturity. Since organizations face a much more dangerous threat landscape they need to be actively evolving their historical security defenses to integrate into a formal security and business risk framework.

• 

Angel Grant, a member of RSA’s Identity and Data Protection product marketing team and an oft-quoted expert in the media on cybercrime against consumers and online banking, returns to the Speaking of Security podcast to talk about online fraud trends in healthcare, highlighting what information hackers are after and what they’ve been observed doing with it.

• 

Last week, I was invited to join a debate online and write a rebuttal to an article written by Richard Steinnon, chief research analyst at IT-Harvest. As with all small industries, I know Richard from a long time ago – sharing a few pints at the Flying Saucer in Fort Worth while on an engagement when we were both at PricewaterhouseCoopers. Ahhh…the good old days. Richard’s article focused on why risk management approaches fail in IT. I took the stance why risk management can succeed in IT. And now we have a debate.

• 

Introduction In the first installment of this blog series we discussed several principle ideas and concepts necessary for security analysts as they seek to master an understanding of indicators of compromise (IOC).  We discussed how IOCs relate to observables and how observables tie or relate to measurable events or stateful properties on a host.  We [...]

• 

By Will Gragido, Senior Manager, RSA FirstWatch Team On July 21, 2012 the RSA FirstWatch team blogged about a new campaign we had identified and discovered – a new campaign that we believed met the criteria for advanced persistent threats (APT) and subversive multi-vector threats (SMT). We conducted intensive, in-depth reconnaissance that saw us collect [...]

• 

“I know you, You think it’s weird but it’s not. You’re all looking at it all upside down” From “Password” by Ben Folds & Nick Hornby Visa Europe recently announced that they are slowly doing away with their Verified by Visa (VbV) passwords for 3DSecure.  What they didn’t announce is that this shift is being [...]

• 

In a recent blog on I discussed the many lessons that can be learned from the traditional neighborhood watch schemes which were first introduced in the UK in 1982 with one objective – to reduce crime. Cyber experts have long talked about having ‘trust communities’ to share information and learn from each other.

•