In-depth

Q&A: Symantec’s CISO on the source code hack

We chat with Symantec's CISO to talk about what happened during and after the source code leak saga earlier this year.

Security firms haven't had an easy year. As RSA chairman Art Coviello said earlier this week at RSA 2012, vendors have been "going through hell."

Suppliers, certificate authorities and other tech companies have been battered by hackers. Symantec, the world's biggest security firm, has not escaped the attention of cyber criminals.

pcAnywhere customers know that more than anyone. They were told to disable their remote access software after hackers started taunting Symantec about the pcAnywhere source code they had acquired in 2006.

We caught up with Symantec's chief information security officer Patricia Titus, who only started four months ago, to talk about the situation and the aftermath.

Earlier this week, Art Coviello said the security industry had a horrible year. Have you seen any spikes in attacks on yourself?

Yes. It has been so targeted. I was talking to the CISO of Sony today and we were saying it goes in waves. You get that bullseye painted on you and then it is constantly hitting the front door and looking for any little area to exploit.

Did you have any spike in activity after the pcAnywhere revelations?

Yeah we did. We saw for about a two to three week period afterward there was a spike.

What happens is the media brings it up and everybody in town, all the little script kiddies and everybody who has nothing to do with their time says hey, let's go and get Symantec.' So the probes start and you're getting constant port scanning.

Coviello has also talked about de-investing in old, traditional technologies. Do you think it is dangerous that people might take this as a hint to ditch firewalls?

It's all still part of that defence in depth strategy. It's not a sexy term anymore, it used to be a great term, defence in depth.

You know what is critical to your organisation and if you don't you probably aren't in the right job.

But the bottom line is we still need those perimeters around the right data types. The problem has been people seeing the network as flat, the data all the same and you can't keep up with the investment.

There is a methodical approach to categorising your data and applying the security controls commensurate with the data level. So instead of treating all your data like it is mission critical, and having firewalls and IDS sensors and PKI and cameras and guns and badges - the whole nine yards - you can start to say this is low assurance data.

I would argue that you know what is critical to your organisation and if you don't you probably aren't in the right job. What's important to Symantec? What's the keys to our kingdom? Intellectual property.

If I were to target one system I would look at my IP depositories. I am looking at our IP. In fact, we're going back and looking at all previous events that took place.

Has that been inspired by the pcAnywhere source code leak?

It would have been inspired anyway just based on the categorisation exercise that we're going to go through in the company.

We've already started to look at our applications because we've merged with a lot of companies. We've acquired a lot of applications, a lot of databases, structured and unstructured data. We need to figure out who owns it.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
CVS Health data breach leaves a billion records exposed
data protection

CVS Health data breach leaves a billion records exposed

16 Jun 2021
Millions of Volkswagen customers affected by data breach
data breaches

Millions of Volkswagen customers affected by data breach

14 Jun 2021
Researchers send “unhackable” quantum data over 370-mile optical fiber
data protection

Researchers send “unhackable” quantum data over 370-mile optical fiber

11 Jun 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021