The annual RSA security conference is on this week and apparently speaker after speaker has been saying that they have been hacked. And it was relentless, not only are they being attacked the main culprit is not the noisy hactivist group Anonymous, no the relentless attacks are coming from a nation state. A lot of people point at china here and who can blame them since the attacks come from IP addresses in China, we know that others are operating in China. North Korea runs hacking sites from within the nation and Russian hackers work there as well but it’s hard to imagine that they operate there without the knowledge and a nod from the Chinese.
Now some security types have tried to put the blame on users, “blurring of personal and professional online activities” which I disagree with. The blame for the attacks lies in two places, the nations that are making the cyber attacks and the companies not engaging their employees as part of their security instead of thinking of them as part of the problem.
Some of the attacks highlighted in the conference were the RSA SecurID security key hack, the attacks on different security certificate companies, VeriSign and governments. The FBI suggest that cyber attacks will become a bigger threat than terrorism.
One of the recurring themes has been that security companies which have been unable to protect themselves are still trying to sell the products that didn’t work for them to everyone else.
The conference closed with a few pieces of good news, that the problem is now out in the open and that with more people aware maybe they will switch to systems that are less vulnerable and engage their employees as part of the solution.
- Why the hackers are winning: Bleak prospects for security, experts say (theglobeandmail.com)
- Don’t underestimate cyber terrorism threat, security experts say (powersthatbeat.wordpress.com)
- Hackers Will Replace Terrorists as Top Threat, Says FBI (mashable.com)