Tag: RSA

23 Apr 2015

RSA 2015 Roundup

RSA’s annual security conference, San Francisco

Here are a few of the notable trends at this year’s conference:

1. Focus on Cybersecurity

From RSA Conference general manager Linda Gray: “This year, the spotlight has been on cybersecurity more than ever. From massive breaches to the announcement of President Obama’s new cybersecurity initiatives, the information security industry certainly has a lot to talk about. Over the course of the conference, we’ll be challenging the status quo of thoughts and procedures, and we will come up with new ways to secure our digital future.” Cybersecurity concerns have continued to grow, and it’s definitely the topic on everyone’s minds at RSA this year.

2. How much should threat intelligence cost?

New York Times Bits reports “grumblings that such intelligence [reports] should be offered for free.” Companies that provide intelligence about the hackers behind cyberattacks typically charge for their service. But some would argue that cybersecurity is in everyone’s best interest and this information should be as openly accessible as possible.

3. Phishing awareness training is working … but hackers are adapting

We’ve talked about the threat phishing attacks pose to your company in previous blogs, and recommended employee awareness. A report released at RSA indicates that this kind of training has proven effective, but has been primarily targeted at executives and upper management. Hackers have retargeted their efforts towards lower level employees, which can be just as dangerous to your business.

04 Mar 2014

RSA Conference 2014

This year’s RSA conference was another success, attracting 28,500 attendees and hosting 604 industry speakers. Despite the built up resentment toward the company regarding its relationship with the NSA, the conference went smoothly carrying out informative sessions, key-notes, and seminars. However, the conference was not without its controversy. As expected, there were instances of protests against the event by technology professionals affiliated with the hacker conference DEF CON, the organization Code Pink, as well as the TrustyCon conference. One instance involved the banning of RSA attendees from a local restaurant during peak hours of the conference.

Besides these expected protests, the event carried on as planned with exceptional keynotes, addressing the timely issues of the RSA/NSA scandal as well as the fight for ethical data security. Specifically, Bruce Scheiner, cryptography specialist and CTO of Co3 Systems presented his keynote on “NSA: Surveillance; What we know and what to do about it”. He described that the NSA was focused on large scale data collection and that society must get used to living in “the golden age of surveillance.” He concluded that encryption does work and is the answer if implemented properly. Everyone should find encryption solutions to protect their data including cell phone data, metadata and third party data.

Many of the keynotes highlighted the balancing act that governments are challenged with involving respecting privacy and protecting citizens from cybercrime. Industry experts provided different reasoning and solutions to this escalating issue. We may not have total control over the vulnerabilities of the internet or the surveillance practices of our government however, we do have control over the tools we use to secure our own information. Strong and reliable encryption is essential in the effort to make cyber security a priority.

14 Jan 2014

RSA Boycott and Encryption in 2014

A number of well-known speakers have withdrawn from the 2014 RSA Security Conference being held in San Francisco this February to protest the company’s relationship with the NSA. Reuters reported that RSA received $10 million to make the NSA’s flawed Dual Elliptic Curve random number generator the default algorithm in their own BSAFE security software. This number generator has been criticized for creating a “back door” that would allow the NSA’s data collection activities.

The list of absentees at this point includes:  Alex Fowler, Mozilla’s privacy chief, Adam Langely and Chris Palmer, Google security researchers; Marcia Hofmann, special counsel at the Electronic Frontier Foundation; Mikko Hypponen, chief research officer at Finnish security firm F-Secure; and Christopher Soghoian, a senior policy analyst at the American Civil Liberties Union, according to Computerworld.

This boycott is just one of the ripple effects of the Snowden revelations regarding the NSA’s activities. Another, is a strong focus on encryption in both the enterprise and consumer space. It is obvious that the prediction of 2014 being the year of encryption has come true. Yahoo has already announced that they will be implementing encryption for all their email communication by the end of the first quarter in 2014, while  Microsoft is further validating the importance of encryption by promising that they “will have ‘best-in-class industry cryptography’ in place for services including Outlook.com, Office 365 and SkyDrive by the end of the year,” according to BBC News.  The BBC News article; “2014: The Year of Encryption”  quotes Ramon Krikke, a Gartner  analyst, saying that “companies are certainly going to have to take encryption more seriously thanks to the Snowden revelations” and not only use it for compliance, but for security in order to protect their business against the significant threat of data breaches.

Government surveillance programs have caused high profile companies from Silicon Valley to look at  storing sensitive customer information outside the US. The Toronto Star has suggested that Canada is poised to become an ideal data safe-haven.

President Obama is set to announce his plans to reform the National Security Agency in a speech on  January 17, but companies  should do their own diligence  and  in light of the engineered backdoor fiasco, they should ask themselves if their solutions can be cracked and whether the technology deployed is using the weakened algorithm.

Our customers are safe. None of the Echoworx email encryption solutions has used the deliberately flawed algorithm.