RSA: 10 lessons learned about security

gallery

The RSA Conference in Europe is one of the highlights of the security calendar, where professionals come to hear the latest about the world of information security.

This year's show was one of the biggest yet, and IT PRO was there to find out what the hot topics of the conference were. Here are 10 things we learned from the show.

1 - You can make serious money out of cybercrime

Fraudsters are constantly finding new ways to make money out of both businesses and consumers. The traditional ways to collect financial data are still there, with phishing attacks and banking trojans, but new ways of making money such as bogus chip and PIN readers is becoming more of a problem.

The criminal underground, or ‘dark cloud’ as RSA head of technologies Uri Rivner called it, was now an organised criminal operation where the people in charge of creating the technical threats and the people who collect the money from victim’s accounts never have to meet.

2 - Phishing is going web 2.0

Phishing is still a massive problem and there seems so end in sight.

RSA quoted statistics that showed its anti-fraud command centre shuts down 10,000 phishing attacks every month, with 100 analysts working in shifts doing this manually.

Businesses like financial services, internet portals and healthcare in addition to the public sector are being targeted by such tactics. The trend is now to target computer users with web 2.0 techniques like fake real-time chat channels on banking sites where a pretend ‘fraud department’ wants to chat with you.

3 - Criminals are collecting little bits of information about you

It’s possible to find out a lot about an individual, just by a little investigation on social networks such as Twitter, Facebook and LinkedIn.

Herbert Thompson, a chief security strategist at People Security, demonstrated how information from simple Twitter messages and job seeking LinkedIn behaviour could be correlated together by attackers.

Thompson described how open source tools could build a visual map of an individual’s relationships and how they were connected to people over time. He said we needed to make sure that employees were aware of what such gateway data could do and not put themselves - or their companies - in jeopardy.

4 - Security companies need to share their threat data

Conferences like Infosecurity and the RSA Conference are full of competing security vendors, but there was a feeling that it was about time that the companies got together and shared their threat data with each other - even if anonymously.

Although such companies are business rivals, there was general agreement that the threat landscape had changed so much that security companies had a responsibility to share their data on the newest malware threats.

5 - Attacks using web 2.0 are going to increase

Over time, cyber criminals have worked out that attacks against the user are a particularly good way for them to breach networks and collect data.

Kaspersky Lab senior researcher Stefan Tanase said that because web 2.0 was all about collaboration and user-generated content, this had created new attack vectors where sites like Facebook, Twitter and YouTube were vulnerable.

Email to a friend

Print this page