IT security

RSA 2012: Forget about hacktivists, say security experts

Warwick Ashford

Businesses should forget about hacktivists and concentrate on getting the security basics right, a panel of IT security practitioners told attendees of RSA Conference 2012 in San Francisco.

"Adherence to sound basic security principles is what it should be about, not about who may or may not be carrying out the attacks," said David Litchfield, chief security architect at Accuvant.

All the hype around hacktivist groups such asAnonymous is tantamount to FUD (fear, uncertainly and doubt) that is used to beat businesses with, he said.

What is more important to highlight, according to Litchfield, is that simple attacks are still winning because organisations are failing to address them through sound security practices.

These include user training and awareness, said Johnathan Tal, chief executive of Tal Global. Social engineering is a common attack method, whether by hacktivists or criminals, he said.

The same is true of so-called advanced persistent threats, as shown by the March 2011 attack on RSA, which used social engineering to lure staff into clicking on e-mails that unleashed the malware used to access the internal network, said Uri Rivner, head of new technologies, ID protection at RSA.

"Even where perimeter protections are pretty decent, attackers are using social engineering methods to tunnel through those defences," he said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy