In-depth

RSA: 10 lessons learned about security

IT professionals from around the globe flocked to London to the RSA conference to hear what's happening in computer security.

top ten

The RSA Conference in Europe is one of the highlights of the security calendar, where professionals come to hear the latest about the world of information security.

This year's show was one of the biggest yet, and IT PRO was there to find out what the hot topics of the conference were. Here are 10 things we learned from the show.

Advertisement - Article continues below

1 - You can make serious money out of cybercrime

Fraudsters are constantly finding new ways to make money out of both businesses and consumers. The traditional ways to collect financial data are still there, with phishing attacks and banking trojans, but new ways of making money such as bogus chip and PIN readers is becoming more of a problem.

The criminal underground, or dark cloud' as RSA head of technologies Uri Rivner called it, was now an organised criminal operation where the people in charge of creating the technical threats and the people who collect the money from victim's accounts never have to meet.

2 - Phishing is going web 2.0

Phishing is still a massive problem and there seems so end in sight.

RSA quoted statistics that showed its anti-fraud command centre shuts down 10,000 phishing attacks every month, with 100 analysts working in shifts doing this manually.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Businesses like financial services, internet portals and healthcare in addition to the public sector are being targeted by such tactics. The trend is now to target computer users with web 2.0 techniques like fake real-time chat channels on banking sites where a pretend fraud department' wants to chat with you.

3 - Criminals are collecting little bits of information about you

It's possible to find out a lot about an individual, just by a little investigation on social networks such as Twitter, Facebook and LinkedIn.

Herbert Thompson, a chief security strategist at People Security, demonstrated how information from simple Twitter messages and job seeking LinkedIn behaviour could be correlated together by attackers.

Thompson described how open source tools could build a visual map of an individual's relationships and how they were connected to people over time. He said we needed to make sure that employees were aware of what such gateway data could do and not put themselves - or their companies - in jeopardy.

Advertisement - Article continues below

4 - Security companies need to share their threat data

Conferences like Infosecurity and the RSA Conference are full of competing security vendors, but there was a feeling that it was about time that the companies got together and shared their threat data with each other - even if anonymously.

Although such companies are business rivals, there was general agreement that the threat landscape had changed so much that security companies had a responsibility to share their data on the newest malware threats.

5 - Attacks using web 2.0 are going to increase

Over time, cyber criminals have worked out that attacks against the user are a particularly good way for them to breach networks and collect data.

Kaspersky Lab senior researcher Stefan Tanase said that because web 2.0 was all about collaboration and user-generated content, this had created new attack vectors where sites like Facebook, Twitter and YouTube were vulnerable.

Advertisement
Advertisement

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft’s patent design reveals a mobile device with a third screen

6 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020