QOTD - Cyber Spies Are Winning

Business leaders are waking up to the new reality that cyber adversaries, from hacktivists to nation-state adversaries, can gain almost unlimited access to their networks. Corporate boards are now demanding answers from befuddled Chief Information Security Officer who frequently only have their compliance lists instead of real solutions to counter the threat.

The reality is we have all collectively been too complacent in the face of a determined adversary for too long. We have let our technology stagnate for a decade using reactive defenses developed in the 2oth century against a 21st century threat that produces over 70,000 new attacks every day. All the while there is a constant, methodical, silent, systemic hoovering of our nation’s secrets and our corporations’ intellectual property, eroding our ability to compete against emerging economies. The intellectual wealth of our nation is being stolen out from underneath us, hastening the flattening of the world faster than even Thomas Friedman predicted. For the nation that invented the Internet and built billion dollar businesses like Google and Facebook, it’s time to re-invent security for the digital economy.
-- Anup Ghosh,founder and CEO of Invincea

Src: Cyber Spies Are Winning: Time To Reinvent Online Security - Forbes

QOTD on A New Security Reality

Containment is the new prevention.

For years, security defenses have focused on keeping cybercrime and malware out. Organizations on the leading edge will implement outbound inspection and will focus on adapting prevention technologies to be more about containment, severing communications, and data loss mitigation after an initial infection.
-- Websense Security Labs Blog

Src: 2012 Cyber Security Predictions from the Websense Security Labs - Security Labs

QOTD on Social Engineering

The most advanced criminals are going to ride the waves of personal devices, personal social media use, and personal web activities of employees to create more advanced, social engineering attacks to get in. Many of the business and government attacks in the coming year won’t necessarily be about how complex the code is, but how well they can convincingly lure unsuspecting victims to click.
-- Dan Hubbard, Websense CTO

QOTD - RSA's Schwartz on Cyber Security

The human is the new security perimeter. You can spend a fortune on technologies, but attackers will send one email to one of your employees and you'll be done.
You're only one click away from compromise.
-- Eddie Schwartz, CSO at RSA

Src: Cyber attacks: resistance is futile | Sydney Morning Herald

QOTD on Compromise

You should just assume every device someone has is compromised and adjust for that.
-- Chip Tsantes, principal at Ernst & Young

CSrc: Cyber Attacks Increasingly Focused at Individual Users: Ernst & Young - Insurance & Technology

QOTD - FBI on Cyber Espionage

This is definitely the golden age of cyber espionage. Foreign states are stealing data left and right from private-sector companies, nonprofit organizations and government agencies.
-- Steven Chabinsky, deputy assistant director of the FBI’s cyber division

Src: U.S. cyber espionage report names China and Russia as main culprits - The Washington Post

QOTD on Data Leaks

Everybody has data leakage; it's just a matter of when you find it.
-- Chip Tsantes, principal at Ernst & Young

Src: Cyber Attacks More Frequent and Harder to Detect - Bank Systems & Technology

QOTD - Spafford on Infosec Training

The approach that’s currently been taken is sort of the equivalent of telling employees, ‘when you come to work, don’t open any square blue boxes.’ But then someone sends in square red boxes, and they all get taken.

Src: Could more policies help curb cyber attacks on federal agencies? -- Federal Computer Week

QOTD - E&Y on the human perimeter

The human being is now the perimeter, not the systems.