(File photo) Arthur Coviello, Jr., EVP, EMC Corporation, and executive chairman, RSA
Giving a call to the security industry to unite against the cyber criminals, Arthur Coviello, Jr., EVP, EMC Corporation, and executive chairman, RSA, the security division of EMC, said that they (the IT security industry) are not going to take it anymore.
"An attack on one of us is an attack on all of us," he said, emphasizing the need for the security industry to unite to present a strong opposition to the emerging threat landscape in the cyber world.
"The era of siloed line up of point products is over," he said in his keynote address, Sustaining trust in a hyperconnected world, at the Mascone Centre in San Francisco on Tuesday (28 Feb). His opening speech kicked off The RSA Conference 2012 here today.
"We must ensure that the balance of control lies in the hands of the security practitioners," he said, referring to the position of control currently being enjoyed by the faceless and nameless cyber attackers, hackers, and data thieves. "We are in a race with our adversaries. Right now, they are winning."
"We must fight back with creativity and new thinking," he said.
Today's security models are outdated
"Today's security models are just too inadequate," he said. Hackers and cyber criminals are taking advantage of gaps in security and our inability to band together, he added.
Citing a research finding, Coviello said that 79 percent of online breaches take weeks to discover. This is very slow compared to the rate at which cyber criminals are able to use or monetize the stolen data. They cash out the stolen data within days or hours of an attack.
In the changing circumstances, the RSA chief said that security companies will have to shun failed models and governments and companies will have to learn to secure what they can't control.
He said that the security breach that RSA experienced last year has imbued the company with a sense of urgency and they are trying to their best to win the trust of their customers. "We have to learn from our own mistakes," he said.
Need for intelligence-driven security
"Educating IT users is important but people will make mistakes," he said, underlining the need for a new security management paradigm.
The security industry will have to be able to spot the faint signals in the cyber space, he said.
Coviello advocated a new approach to handling IT security -multi-source intelligence-driven security.
This new approach will be built on three pillars-risk-based security; agility (that is, the system should not lack situational awareness), and contextual capabilities.
Sign up for CIO Asia eNewsletters.