RSA 2012: Forget about hacktivists, say security experts

IT security

RSA 2012: Forget about hacktivists, say security experts

Warwick Ashford

Businesses should forget about hacktivists and concentrate on getting the security basics right, a panel of IT security practitioners told attendees of RSA Conference 2012 in San Francisco.

"Adherence to sound basic security principles is what it should be about, not about who may or may not be carrying out the attacks," said David Litchfield, chief security architect at Accuvant.

All the hype around hacktivist groups such asAnonymous is tantamount to FUD (fear, uncertainly and doubt) that is used to beat businesses with, he said.

What is more important to highlight, according to Litchfield, is that simple attacks are still winning because organisations are failing to address them through sound security practices.

These include user training and awareness, said Johnathan Tal, chief executive of Tal Global. Social engineering is a common attack method, whether by hacktivists or criminals, he said.

The same is true of so-called advanced persistent threats, as shown by the March 2011 attack on RSA, which used social engineering to lure staff into clicking on e-mails that unleashed the malware used to access the internal network, said Uri Rivner, head of new technologies, ID protection at RSA.

"Even where perimeter protections are pretty decent, attackers are using social engineering methods to tunnel through those defences," he said.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy