If there were only one security thought you could have run through the minds of employees to help, it would be this: remember, attackers and competitors may be your audience. If employees looked at their behaviour online under that lens, and if you demonstrate to them how these information breadcrumbs are gathered up by attackers, I think they would naturally behave differently.
Despite a variety of anti-malware technologies, targeted custom malware attacks are causing a lot of financial damage on a global level. What type of shift do we need to counter such a unique and fast-changing threat?
Signature-based analysis of malware is necessary but not sufficient. We need to get earlier in the malware life-cycle. We need to study malware delivery networks, how they are run, and anticipate where the malware might be coming from. We also need to harden the workforce.
Most targeted attacks are successful not because of the technical brilliance of the attacker. Typically attackers get a foothold into the enterprise because an employee made a bad choice. Maybe they installed an executable, or browser plug-in. Maybe they were deceived into emailing out some sensitive information. We need to fundamentally rethink our approach to security and factor in the vulnerabilities created by well-meaning insiders that make bad choices.
What events and technological advances in the field of information security have shaped this year's program for RSA Conference Europe?
After reviewing all the session submissions this year to RSA Conference Europe, a few key themes emerged. The first is mobile security. There is significant operational concern about how to implement an effective mobile security strategy in the enterprise. At this year's conference you will see sessions on mobile security that range from mobile malware to BYOD management to creating a long-term mobile security strategy.
A second big topic was analytics. How do we get smarter about analyzing the massive volume of logs that we have internally? Can we anticipate an attack by mining threat information externally? You'll see quite a few sessions at this year's conference focused on this area. Outside of these topics, we have sessions this year that really span the breadth of our field: privacy, securing the human, APTs, forensics, GRC, authentication and more.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.