Flaws in IT security are "a mindset problem" claims RSA

IT security experts say "It's time to realise that things are different"

IT security flaws are part of a larger "mindset problem", Rob Gould, RSA's VP EMEA, has claimed, and this must change in order for the industry to adapt.

His remarks were made at RSA's security summit in London, an opportunity for IT professionals to meet and discuss the trends in information security, as well as the threats facing modern businesses.

Among the key themes of the summit was the need to change the way that businesses think about IT security. Rob Gould, RSA's VP EMEA, told the audience "let's stop pretending that we've got this security thing down cold, because we haven't".

He cited a PWC report that showed a 48 per cent increase in security incidents during 2014, with a total of almost 43 million reported cyberattacks. He also noted that breaches which caused damage in excess of $20 million had doubled in volume.

He attributed this rapid growth in part to the pace of technological advancement, particularly ASCI Red, a $46 million dollar Intel supercomputer. Fully-operational by 1997, it reached a peak processing speed of 1.3 teraflops. Twenty years later, the widely-available PlayStation 3 runs at around 1.8 teraflops.

Chief Trust Officer Dave Martin also highlighted the exponential growth of technology, including the fact that "more people have access to mobile and the internet than have access to clean water".

Because of this explosion in technological penetration, he says, "our attack surface has grown from those early few hosts to a few hundred thousand hosts, to nearly a billion."

Despite these evolutions, Gould claims that IT staff are still relying on the same processes, tools and procedures to combat threats. He says: "It's time to realise that things are different," and that "the maps we're working on do not fit the terrain we're trying to navigate".

In order to adapt to these fundamental changes in the nature of IT, Gould urges the professional community to readjust its expectations. "It's a mindset problem Let's stop believing that advanced protections work," he said. "Even advanced protections fail".

According to Dave Martin, it's also important not to "focus on trying to solve yesterday's problem". Whereas maintaining a firm and secured boundary to your network used to be a paramount concern, Martin believes that "the perimeter has come and gone".

Instead, he says, the focus needs to be on setting up defences "around the mobile devices around all that data that's everywhere".

In order to do that, however, network visibility is key: "You need to think about creative ways to get visibility to the activity, to the traffic, to the applications and not just rely on the traditional ways we've done it".

One of the proactive methods mentioned was the use of analytics to increase internal network visibility, such as revoking unnecessary access credentials after noting that an employee hadn't been interacting with the company's network services or checking their internal emails.

Another major message of the summit's keynote was the prioritisation of security. Gould emphasised the need to "assign your limited resources to the things that are most important", with Martin saying businesses need to examine "what are our most effective control point? Who is most at risk?... What's the most important data?"

RSA believes that this level of risk assessment-based protection is a fundamental aspect of IT security. Martin drove the point home, saying "everything's not created equal. You need to be able to monitor and respond and control things to different levels depending on how important it is."

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021
Mimecast admits hackers accessed users’ Microsoft accounts
Security

Mimecast admits hackers accessed users’ Microsoft accounts

13 Jan 2021
What is public key infrastructure (PKI)?
Security

What is public key infrastructure (PKI)?

12 Jan 2021

Most Popular

How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
The fate of Parler exposes the reality of deregulated social media
Policy & legislation

The fate of Parler exposes the reality of deregulated social media

14 Jan 2021
Should IT departments to call time on WhatsApp?
communications

Should IT departments to call time on WhatsApp?

15 Jan 2021