Observations from the RSA Conference on the State of Cybersecurity
According to RSA and ISACA’s State of Cybersecurity: 2015 Findings and Implications Survey, the most common attack vector, at 68%, is phishing attacks. Taken a step further, the most common goal of the cybercriminal, when phishing known privileged users, is to attain credentials. Another alarming survey result is that 82% of organizations expect to be attacked in 2015.
The survey was conducted jointly by ISACA and RSA and results were delivered at a session yesterday by Robert E. Stroud, International President of ISACA (also VP Strategy and Innovation at CA Technologies), and Fahmida Y Rashid, Editor-in-chief, RSA Conference. The survey was sent to selected ISACA certification holders and RSA Conference constituents. Due to the nature of the survey, the targeted population consisted of individuals who have cybersecurity job responsibilities. More than 1,500 individuals participated and 649 completed the entire survey.
Additional results that stood out include that 23% of these sophisticated respondents do not know whether they had any corporate assets hijacked for botnet use or if they had any user credentials stolen in 2014. In the session, Mr. Stroud emphasized that the nature of attacks has changed over the last few years. Attacks are now conducted by organized cybercriminals with clear intent. To his point, it’s not teenagers attempting to place ping pong balls on your website. Cybercriminals’ primary motivations for attacks, as indicated by the survey are financial gain 34%, disruption of service 25%, and IP theft 20%.
In this environment in which security professionals overwhelmingly expect their organizations to be attacked using phished credentials, doesn’t it increasingly make sense to protect/restrict access to only applications and services truly required by privileged, third-party and executive users? As Kurt Glazemakers, Senior Vice President of Product Strategy at Cryptzone, said, “Starting with the premise of unlimited access, and then locking down an exploding number of applications on a case-by-case basis, no longer works. Sony, eBay and others have paid a heavy price when compromised credentials subsequently allowed access to valuable applications and data.”
You’ll want to consider speaking with Cryptzone about AppGate Secure Access at RSA (April 20-24, Moscone Center, San Francisco) at booth #S224 South Expo. By making the entire infrastructure invisible, and then delivering access when the user and device are authenticated—only for that specific session—Cryptzone is providing true agile security, desperately needed in today’s environment.