Techno Files: RSA Security Conference–“you are not safe”

By Oz Litvac
The Guardsman

In terms of information security there is still a lot to learn. Nothing can keep your personal information safe from catching the eye of a hacker or landing in the hands of an identity thief.

“Technology is moving so rapidly that from a security perspective it is difficult to keep up,” said the director of the United States Federal Bureau of Investigation, Robert S. Mueller III in his March 1 keynote address at the 2012 RSA Conference in San Francisco, a yearly gathering of cryptographers and information security specialists.

“It is no longer a question of if, but when and how often,” he said. “There‘s only two types of companies, those that have been hacked, and those that will be, and even they’re converging into one category and that is companies that have been hacked, and will be again.”

Even City College has found itself vulnerable to hacks against its own computer system.

Internet threat management solution companies are plentiful. They offer a variety of services and products. Judging from the hundreds of vendors promoting their products at the RSA Conference, it is still uncertain what works best or whether anything works at all.

For every new product or service, there is a new creative form of attack on networks.

“The ministry of France was brought down, two years ago with a single pdf document,” said Nir Zuk, founder and chief technology officer at Palo Alto Networks, in a speech promoting his company’s firewall services.

There are many different companies offering solutions to fight malware and viruses which potentially threaten your data security — from Kaspersky and Sophos to McAfee and Microsoft and everything in between.

“2011 was a year with huge security breach issues,” said moderator Dr. Frederick Scholl in a lecture on security trends at the 2012 RSA Conference.

The necessity for a supply of solutions to counter hacker attacks like botnets — a collection of hijacked computers running malicious software — and other sophisticated system-infiltrating coding and software is essential.

Companies are constantly paying to temporarily patch up security breaches within their systems. Since there is no way of knowing how fast the “bad guys” will adapt to those “quick fixes,” the development of new fixes is usually not up to speed.

It is no surprise that when the question is asked as to what can be done to protect an institution, such as City College, from data theft, there is no clear and concise answer from any direction.

When Kaspersky’s press/analyst, Christen Gentile, was asked how common it is that information is compromised on such scale her response was, “It happens all the time.”

In terms of what can be done in the matter, no one can say for sure. All we can do as individuals and institutions is to keep buying the products and services, even though we know that they will help only temporarily.

“They exploit routine vulnerabilities, they move quickly, make their money and disappear,” said FBI director Mueller. “There is no company that is immune, from the Fortune 500 to the mom & pop business,” he added.

Many say the next war will be a cyber-war. Is City College caught in the crossfire of a small battle in what will soon be a global war? That may very well be the case. With new terminology like “drive-by download” and “zombie computers” there is no telling what the future has in store in terms of software protection.