SAN FRANCISCO – The workplace has changed a lot in the past few years with workers given the ability to bring their personal electronic devices into work to do their jobs, but it’s presenting security issues that managers have to address. A conference going on here this week is trying to address those and other security issues.
About 20,000 people are in town to attend the RSA Conference 2013 at the Moscone Center to talk about how to protect consumers, businesses and government agencies from cybercrime and, in some cases, cyberterrorism, some of that being state-sponsored. Executives of RSA also commented on efforts of the Obama administration to protect cyberspace.
One of the issues in the cyber security field involves individual workers like you who use your personal smartphones, laptops or tablet computers at work. The challenge of the “bring your own device” (BYOD) phenomenon is that IT managers don’t have the control they think they need to make sure that corporate-owned data on your devices is secure.
“If you look at it from an IT professional’s perspective, they are often being asked to control, manage and secure something that they don’t own,” said Manjor Nair, general manager of the Identity and Data Protection business unit at RSA, the computer security company that is hosting the RSA Conference 2013.
RSA took the opportunity at this year’s conference to introduce Authentication Manager 8, a technology that runs on your company’s network and makes sure that when you try to access the network, the company confirms you belong there.
Despite a lot of attention to network security, such as a recent breach at organizations ranging from Apple to the New York Times and what are called a distributed denial of service (DDoS) attacks on major U.S. banks, the average person is poorly protected on many corporate networks, said Nair.
He cited industry statistics that as many as 80 percent of enterprise employees are using just a username and password to log on to corporate, which can be easily thwarted. Only 20 percent use what’s called “two-factor” or “multi-factor” authentication, he said.
Using just a password is inadequate, Nair said, because 32 percent of all cybercrime is on systems protected only by passwords and that 82 percent of stolen records were protected by only passwords.
Authentication Manager 8.0 analyzes multiple risk factors to verify a user’s identity and provides them access to the network. The technology works behind the scenes so workers avoid the hassle of entering other data and taking other steps to log on.
Security has become more top of mind of late as attacks move from simple intrusion to disruption to actual destruction of infortmation, explained Art Coviello, executive chairman of RSA, who gave a keynote address at the conference this morning. Intrusion is just a cyber criminal gaining unauthorized access to a network, disruption is when the attacker prevents legitimate users from accessing a network, like in a DDoS attack on your bank, and a destructive attack is one where harm is done to digital or physical resources.
In his State of the Union address Feb. 12, President Barack Obama warned of the possibility of such destructive attacks: “We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems.”
Secretary of Defense Leon Panetta also recently argued strenuously for increased attention to cyber security as a national security imperative. And Obama signed an executive order Feb. 12 outlining policies to combat cyberattacks on government agencies and U.S. companies. In a news conference Monday afternoon at the conference, RSA’s Coviello said the administration has come forward with important proposals to prevent cyber-espionage and other attacks, but lamented that Congress has been slow to act. For instance, while the House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA), it failed to pass in the Senate. The executive order is intended to accomplish some of what the legislation would have done.
“I guess better late than never is how I would categorize it,” said Coviello. “I’m pleased with the executive order but in and of itself it doesn’t do everything that needs to be done.”