Share

Related Stories

  • RSA breach tops list of 2011's most significant cybercrimes
    The RSA data breach tops the list of most significant cybercrime developments of the year, according to security monitoring and threat intelligence firm Vigilant.
  • RSA hack could have been prevented with Windows 7, says researcher
    A feature that comes standard with Windows 7 would have prevented the hack of RSA, which compromised the SecureID tokens used by some of the biggest names in the US defense industry, wrote Qualys researcher Rodrigo Branco.
  • RSA questions whether cybersecurity awareness month is working
    October is designated as cybersecurity awareness month but, according to this month's fraud report from RSA, you'd be hard pressed to say that the message on IT security is getting across, as the firm has just thwarted its 500,000th phishing attack against one of its client's systems.
  • RSA hackers may have hit several hundred firms, says security researcher
    The widely publicized data breach revealed by RSA back in March may not have been the only one to hit a major company, a leading security researcher has said.
  • RSA: Life After Breach
    With the RSA security breach still fresh in the minds of information security practitioners across the world, you’d be forgiven for assuming that the heyday for token-based ID is long gone. Stephen Pritchard investigates the advantages and disadvantages of token-based ID and finds out why, for now at least, it’s here to stay
  • EMC spends $66 million to clean up RSA SecureID mess
    The March data breach affecting RSA’s SecureID two-factor authentication product has cost parent company EMC $66 million so far, the company admitted during its second-quarter 2011 earnings call.
  • Comment: RSA SecurID Breach – Where Do We Go From Here?
    Philip Lieberman, CEO and president of Lieberman Software, gives us his opinion on the origins of the recent RSA Security data breach, laying much of the blame on lack of investment and lax management. He outlines some of the lessons we should learn from this disaster and a way forward for the wary.

Top 5 Stories

News

RSA 2012: Coviello's mea culpa

28 February 2012

Looking none the worse for wear from the huge RSA data breach last year, Chairman Arthur Coviello Jr. said he and his team felt the breach “personally” and have struggled to regain the company's reputation in the security community.

The annual RSA Conference kicked off with a rousing opening that included a “documentary” about the cryptologist to French King Louis XIV and a gospel choir singing the Rolling Stones’ You Can’t Always Get What You Want” using information security-related lyrics.

Coviello then came onto the stage dressed for the occasion, wearing a sharp suit and a snappy grey tie. But his message was far from snappy and upbeat. He warned that the world is “at serious risk of failing” at the entire information security enterprise, noting that his company’s breach kicked off a year between RSA conferences in which there were “never so many high profile attacks.”

The RSA chairman admitted that the information security community, including RSA, has failed to recognize the magnitude of the cybersecurity threats and has been slow "to recognize the potency of the emerging threat landscape and our inability to ban together….We need to understand that an attack on one of us is an attack on all of us.”

Coviello said that the security industry has to stop working on new controls for failed security models. “We need to recognize once and for all that perimeter-based defenses and signature-based technologies” are no longer adequate.

“Our networks will be penetrated. We should not be surprised by this….Human nature being what it is, people will still make mistakes. Inevitably, attackers will pounce on those mistakes and exploit them”, he said.

The RSA chief stressed that the security industry has to shift its focus from defense to offense. He called on the community to develop capabilities to sift through mountains of intelligence “lightning fast” and create “predictive and preemptive counter intelligence to spot the faint signals that might be all that is visible in a sophisticated, stealthy attack.”
 

This article is featured in:
Data Loss  •  Industry News  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×