Global Information Security Execs Urge – “Assume You Are Compromised”
FOR IMMEDIATE RELEASE
Global Information Security Execs Urge – “Assume You Are
Compromised”
EMC’s Security Division Releases Latest SBIC Report Focused on New
Security Mindset to Defend against Advanced Persistent Threats
BEDFORD, Mass.– August 2, 2011 – RSA, The Security Division of EMC
(NYSE:EMC), released a new report that takes an in-depth look at the
seismic shift in the cyber threat landscape, as enterprises are
increasingly targeted for corporate espionage and sabotage. The report
(http://www.rsa.com/innovation/docs/SBIC_RPT_0711.pdf), the latest in a
series from the Security for Business Innovation Council (SBIC), asserts
that for most organizations, it’s a matter of when, not if, they will
be targeted by advanced threats (http://www.rsa.com/node.aspx?id=3853).
In an environment where the focus shifts from the impossible task of
preventing intrusion to the crucial task of preventing damage, the
report includes instructive guidance from 16 global security leaders for
confronting this new class of threat.
To view the multimedia format of this release visit:
http://www.rsa.com/go/press/RSATheSecurityDivisionofEMCNewsRelease_8211.html
The SBIC is a group of the industry’s top security leaders from
Global 1000 enterprises that discuss top-of-mind security concerns and
how the application of information security
(http://www.rsa.com/node.aspx?id=3193) can address those concerns and
enable business innovation. The recent string of sophisticated cyber
attacks (http://www.rsa.com/node.aspx?id=3178)– affecting pillars of
industry and government – provides the backdrop for the latest report:
When Advanced Persistent Threats Go Mainstream: Building
Information-Security Strategies to Combat Escalating Threats. Within
this landscape, the report reveals that APTs – a menace once confined
to the defense industrial base and government agencies – are now
targeting a broad range of private sector organizations to nab valuable
intellectual property, trade secrets, corporate plans, access to
operations and other proprietary data.
“It is a very intelligent, well-armed, and effective foe that is
fantastic at what they do,” said Roland Cloutier, Vice President,
Chief Security Officer, Automatic Data Processing, Inc. and member of
the SBIC. “It’s going to take a new approach in most enterprises to
combat it.”
Fundamental Change in Quality of Cyber Attacks
The term APT originated to describe cyber espionage in which a
nation-state gains access to a network to, over long periods of time,
extract national security data. Today the term APT has broadened as
attackers expand their target lists and nation-states are no longer the
only groups deploying these sophisticated techniques. Rather than gain
entry through the network perimeter, today’s ambitious attackers
prefer to target human vulnerabilities, exploiting end users through
social engineering techniques and spear phishing.
“Cyber criminals have aggressively shifted their targets and
tactics,” said Art Coviello, Executive Chairman, RSA, The Security
Division of EMC. “In the never-ending war for control of the network,
the battle must be fought on many different fronts. All organizations
are part of the greater ecosystem of information exchange and it is
everyone’s responsibility to build and protect that exchange.”
Top Security Officers Urge, “Assume You Are Compromised”
This latest report from the SBIC urges organizations to adopt a new
security mindset, shifting the concept of success from preventing
infiltration to detecting attacks and mitigating damage as quickly as
possible. With this in mind, the Council offers seven defensive measures
against escalating APT threats:
1. Up-level intelligence gathering and analysis – Make intelligence
the cornerstone of your strategy.
2. Activate smart monitoring– Know what to look for and set up your
security and network monitoring to lo
ok for it.
3. Reclaim access control– Rein-in privileged user access.
4. Get serious about effective user training– Train your user
population to recognize social engineering and compel them to take
individual responsibility for organizational security.
5. Manage expectations of executive leadership– Ensure the C-level
realizes the nature of combating APTs is fighting a digital arms race.
6. Rearchitect IT– Move from flat to segregated networks so it’s
harder for attackers to roam the network and find the crown jewels.
7. Participate in intelligence exchange– Leverage knowledge from
other organizations by sharing threat intelligence.
About the Security for Business Innovation Council
The Security for Business Innovation Council
(http://www.rsa.com/node.aspx?id=3151) is a group of highly successful
Global 1000 security executives who are committed to sharing their own
insights to help move information security forward at organizations
worldwide. Council members include:
* Marene N. Allison, Worldwide Vice President of Information Security,
Johnson & Johnson
* Anish Bhimani, Chief Information Risk Officer, JPMorgan Chase
* William Boni, Vice President and Chief Information Security Officer,
Corporate Information Security, T-Mobile USA
* Roland Cloutier, Vice President, Chief Security Officer, Automatic
Data Processing, Inc.
* Dave Cullinane, Chief Information Security Officer and Vice
President, Global Fraud, Risk & Security, eBay
* Dr. Martijn Dekker, Senior Vice President, Chief Information Security
Officer, ABN Amro
* Professor Paul Dorey, Founder and Director, CSO Confidential and
Former Chief Information Security Officer, BP
* Renee Guttmann, Chief Information Security Officer, The Coca Cola
Company
* David Kent, Vice President, Global Risk and Business Resources,
Genzyme
* Petri Kuivala, Chief Information Security Officer, Nokia
* Dave Martin, Chief Security Officer, EMC Corporation
* Timothy McKnight, Vice President and Chief Information Security
Officer, Northrop Grumman
* Felix Mohan, Chief Security Officer, Airtel
* Ralph Salomon, Vice President, IT Security & Risk Office, Global IT,
SAP AG
* Vishal Salvi, Chief Information Security Officer and Senior Vice
President, HDFC Bank Limited
* Denise Wood, Chief Information Security Officer and Corporate Vice
President, FedEx Corporation
This report also includes perspective from special contributor Mischel
Kwon – former Director, US Computer Emergency Readiness Team (CERT)
and President of Mischel Kwon & Associates – who is widely recognized
for her experience and expertise in dealing with APTs.
The report released today is the eighth in the series. RSA expects to
publish more original Council reports over the coming months. Those
interested in learning more about the Security for Business Innovation
Council reports can visit the RSA Thought Leadership website at
http://www.RSA.com/securityforinnovation/ to view and download all of
the studies.
About RSA
RSA, The Security Division of EMC, is the premier provider of security,
risk and compliance management solutions for business acceleration. RSA
helps the world’s leading organizations succeed by solving their most
complex and sensitive security challenges. These challenges include
managing organizational risk, safeguarding mobile access and
collaboration, proving compliance, and securing virtual and cloud
environments.
Combining business-critical controls in identity assurance, encryption
& key management, SIEM, Data Loss Prevention and Fraud Protection with
industry leading eGRC capabilities and robust consulting services, RSA
brings visibility and trust to millions of user identities, the
transactions that they perform and the data that is generated. For more
information, please visit www.RSA.com and www.EMC.com.
About EMC
EMC Corporation is a global leader in enabling businesses and service
providers to transform their operations and deliver IT as a service.
Fundamental to this transformati
on is cloud computing. Through
innovative products and services, EMC accelerates the journey to cloud
computing, helping IT departments to store, manage, protect and analyze
their most valuable asset – information – in a more agile, trusted
and cost-efficient way. Additional information about EMC can be found at
www.EMC.com.
EMC Canada (www.EMC2.ca), headquartered in Toronto with nine offices
from coast to coast, is a wholly owned subsidiary of EMC Corporation.
- 30 -
For more information contact:
Mike Martin/Michelle Chang
StrategicAmpersand
416-961-5595
mike@stratamp.com
michelle@stratamp.com
RSA and EMC are either registered trademarks or trademarks of EMC
Corporation in the United States and/or other countries. All other
company and product names may be trademarks of their respective owners.
If you do not wish to receive news releases from EMC Canada please
reply to this e-mail with "remove" in the subject header.