Business is facing a new challenge in securing data in the wake of revelations by whistleblower Edward Snowden,...
says Norbert Pohlmann, chairman of IT security organisation TeleTrust.
“We now know that the US National Security Agency has made the whole security system weak by building in weaknesses that criminals can use,” he told the ISSE 2013 security conference in Brussels.
Pohlmann said that, in light of Snowden's revelations, businesses need to find new ways to secure backdoors in hardware and software, and protect data.
The forced collaboration with online email and other services also means that businesses will have to reassess how appropriate these services are for business purposes.
Even the grim economics of the cyber threat world have been laid bare, showing that big IT suppliers are unable to compete with intelligence agencies in paying for the top threat capabilities.
“Intelligence agencies are able to pay more than suppliers for this information, which they use for their own purposes and do not share with business to help improve their defences,” said Pohlmann.
This raises the question about whether the ends justify the means, he said.
The challenge facing every organisation now, said Pohlmann, is working out which suppliers, evaluations and certifications can be trusted, and what constitutes evidence for trust.
In the post Snowden era, he said, business is faced with the challenge of deciding what to do, knowing that most of today's security technology is unable to stop the determined attacker.
“In evaluating the IT security situation, we can see a change for the worse since Snowden,” he said.
The focus now, said Pohlmann, should be on finding ways of stopping the misuse of IT vulnerabilities and detecting backdoors and other weaknesses in products and services.
Read more on Prism
- Security Think Tank: Prism unlikely to change much
- Security Think Tank: Prism fallout could be worse than security risks
- Security Think Tank: Prism is dangerous for everyone
- Security Think Tank: Prism – Sitting duck or elaborate honeypot?
- NSA surveillance whistleblower reveals identity
- US repeatedly hacked China, claims NSA whistleblower
- FBI spies on internet users
- UK links to US internet surveillance remain unclear
- Technology companies call for more transparency over data requests
- Compliance: The Edward Snowden, NSA program controversy continues