Posts

5 Lessons Learned from RSA

A couple of weeks ago, the RSA Security conference took place in San Francisco, CA.  The increasing sophistication of hackers and visibility of data breaches (including one on the conference’s namesake company last year) makes this an exciting time to be in the security business.. While this show is for corporate IT and security professionals, there are some things that consumers can take away from all of this.

Social networking sites are prime targets for cybercriminals: Hackers are aware of the large numbers of people using sites like Facebook, Twitter, YouTube, and are using this to their advantage by putting offers out there to try and get you to click on malicious links. Security companies are using it to get the word out on protection. Security companies are using social media to help educate consumers – take the time to read their advice. McAfee pulls together lots of great content and advice and has over 575k on Facebook.

Hackers are targeting intellectual property: For a decade now credit card numbers, Social Security numbers and everything needed to take over accounts or open news ones has been a target. Criminals still want all that, and they also want proprietary data that will help their nation or company get an edge.

Advanced Persistent Threats (APTs) will be a bigger topic: You’ve heard the term “it’s not a matter of IF, but WHEN” and this applies to APTs. APTs are ongoing threats where the intent to persistently and effectively target a specific entity and can take criminals days to decades to achieve their goal.

Multiple layers of protection: For the enterprise, this is protection at all points, but this also applies to consumers. It used to be that all you needed was a firewall, then you needed antivirus, now you need anti-spam, anti-phishing, anti-spyware and for heavens sake make sure your wireless is protected too.  This is just the beginning! Expect more layers to come.

Protect the data and the device: It used to be all you had to be concerned about was protecting your PC. Now you have to be equally proactive in protecting your Mac, tablet and mobile phone. You still need antivirus and all the different layers of protection mentioned in the point above, but you also need to be aware of what stuff you have all your devices that can expose your personal information and identity.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Spotlight on RSA: Latest Security Threats

2012’s RSA Conference kicks off February 27th. Executive Chairman, RSA, Security Division of EMC Arthur Coviello, Jr. will present a program focused on the fact that in the past 18 months, organizations throughout the world have been under attack by nation-states, “hacktivists,” and cyber criminals.

PBS NewsHour Senior Correspondent Jeffrey Brown will address “hacktivism”—the use of computers and computer networks to protest or promote a political agenda or ideology—which Brown will argue has reached a tipping point, requiring an adjustment in our approach toward enterprise security.

And Stuart McClure, Chief Technology Officer at McAfee, will discuss the rapid evolution of the threat environment, and how what was once considered theoretical has become reality.

No one is immune, whether you are a soccer mom, small business, major corporation, the federal government, or the president of Syria, whose email account (password: “12345”) was hacked by a collective known as Anonymous, who were able to access hundreds of private email messages. Anyone who attracts the attention of a criminal hacker is a target.

“Hacktivists” are activists who use computer hacking as a weapon against anyone they deem oppressive. There may be hundreds of thousands of hackers operating based on this justification for their hacking, with little to no oversight or guidelines beyond their individual impulses determining their next victim. In some cases, hackers are motivated simply by petty dislike or disagreement.

Protecting your networks starts with a few basics, including:

  • Total, “all-access” protection, including antivirus, anti-phishing, and anti-spyware
  • Full disk encryption
  • Firewall security appliances
  • WPA2 wireless security
  • Up-to-date operating system and software critical security patches

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures