Cyber criminals and nation states share information and collaborate far better than legitimate businesses and security professionals do.
This was the message from RSA president, Tom Heiser, speaking at RSA Conference 2012, in London, yesterday.
He added that criminals and nation states are already developing their own intelligence-based attack models, sharing them with each other, and selling this information to other cyber criminal groups.
Heiser stressed that today's attacks are increasingly sophisticated and targeted, and in order to protect themselves, organisations must move to an intelligence-based security model.
Perimeter defences are not good enough. They are inflexible, and do not adequately secure a business, especially when bearing in mind that many attacks are now a form of 'custom malware', designed specifically to infiltrate a particular organisation.
"We are crazy if we don't act and change. Traditional security is not working anymore. If all constituencies had a better understanding of the issues, and a will to act, it would solve all of these problems."
He also stressed that businesses need to find a balance between protecting themselves and protecting privacy, as well-meaning legislation surrounding privacy is becoming a huge obstacle to companies defending themselves against cyber attacks.
He said these policies prevent security practitioners from making adequate changes to their security strategies to protect their data, as often the very tools that would act as a defence infringe on the privacy of the company's employees.
"When companies and government try to implement policies that would protecect the end-user's information, cries of 'Big Brother' are heard far and wide."
This 'Catch 22' situation is exacerbated, as these companies are then penalised when a breach occurs.
He said there is also a big gap between perception and reality, as many organisations do not want their breaches exposed, and in addition, many businesses are unaware that a breach has even taken place.
"An intelligence-based approach is the only way forward," he said. "Know the risks, know your enemy. Share information and collaborate."
Share
