RSA: 10 lessons learned about security

IT professionals from around the globe flocked to London to the RSA conference to hear what's happening in computer security.

top ten

The RSA Conference in Europe is one of the highlights of the security calendar, where professionals come to hear the latest about the world of information security.

This year's show was one of the biggest yet, and IT PRO was there to find out what the hot topics of the conference were. Here are 10 things we learned from the show.

Advertisement - Article continues below

1 - You can make serious money out of cybercrime

Fraudsters are constantly finding new ways to make money out of both businesses and consumers. The traditional ways to collect financial data are still there, with phishing attacks and banking trojans, but new ways of making money such as bogus chip and PIN readers is becoming more of a problem.

The criminal underground, or dark cloud' as RSA head of technologies Uri Rivner called it, was now an organised criminal operation where the people in charge of creating the technical threats and the people who collect the money from victim's accounts never have to meet.

2 - Phishing is going web 2.0

Phishing is still a massive problem and there seems so end in sight.

RSA quoted statistics that showed its anti-fraud command centre shuts down 10,000 phishing attacks every month, with 100 analysts working in shifts doing this manually.

Advertisement - Article continues below
Advertisement - Article continues below

Businesses like financial services, internet portals and healthcare in addition to the public sector are being targeted by such tactics. The trend is now to target computer users with web 2.0 techniques like fake real-time chat channels on banking sites where a pretend fraud department' wants to chat with you.

3 - Criminals are collecting little bits of information about you

It's possible to find out a lot about an individual, just by a little investigation on social networks such as Twitter, Facebook and LinkedIn.

Herbert Thompson, a chief security strategist at People Security, demonstrated how information from simple Twitter messages and job seeking LinkedIn behaviour could be correlated together by attackers.

Thompson described how open source tools could build a visual map of an individual's relationships and how they were connected to people over time. He said we needed to make sure that employees were aware of what such gateway data could do and not put themselves - or their companies - in jeopardy.

Advertisement - Article continues below

4 - Security companies need to share their threat data

Conferences like Infosecurity and the RSA Conference are full of competing security vendors, but there was a feeling that it was about time that the companies got together and shared their threat data with each other - even if anonymously.

Although such companies are business rivals, there was general agreement that the threat landscape had changed so much that security companies had a responsibility to share their data on the newest malware threats.

5 - Attacks using web 2.0 are going to increase

Over time, cyber criminals have worked out that attacks against the user are a particularly good way for them to breach networks and collect data.

Kaspersky Lab senior researcher Stefan Tanase said that because web 2.0 was all about collaboration and user-generated content, this had created new attack vectors where sites like Facebook, Twitter and YouTube were vulnerable.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now

Most Popular


How to find RAM speed, size and type

24 Jun 2020
Policy & legislation

UK gov buys "wrong" satellites in £500m blunder

29 Jun 2020

The top 12 password-cracking techniques used by hackers

12 Jun 2020