QOTD - Art Coviello RSA 2012 Keynote - Adversaries


New breeds of cybercriminals, hacktivists and rogue nation states have become as adept at exploiting the vulnerabilities of our digital world as our customers have become at exploiting its value.  With increased speed, agility and cunning, attackers are taking advantage of gaps in security resulting from the openness of today’s hyper-connected infrastructures, and our own slow response to recognize the potency of the emerging threat landscape and our inability to band together.  Our adversaries are better coordinated, have developed better intelligence, and easily outflank our traditional perimeter defenses.
-- Art Coviello, Executive Vice President of EMC and Executive Chairman of RSA

Note: emphasis is mine.

Src: RSA Conference Keynote from Art Coviello, “Sustaining Trust in a Hyperconnected World” (San Francisco, February 28, 2012)

QOTD - Geer on Whether Laws Can Keep Up with Technology


You typically don't need a rule to prevent you from doing something that is impossible...
But we are, these days, making impossible things possible rather faster than the legislatures can keep up.
-- Dr. Dan Geer, CISO of In-Q-Tel

Src: Risky Business Podcast # 227 (around minute 31)

QOTD - VZ DBIR on Intelligent Attackers


Attackers are only as intelligent and adaptive as WE FORCE THEM TO BE. Clearly—as a community—we’re not exactly forcing them to bring their A-game.
Src: Verizon 2012 Data Breach Incident Report (PDF), covering incidents of 2011

QOTD - NSA Chief on Cyber Espionage

[...] cyberspace is becoming more dangerous.
[...] now the more sophisticated cyber criminals are shifting away from botnets and such “visible” means of making money and toward stealthier, targeted thefts of sensitive data they can sell.
[...]
State-sponsored industrial espionage and theft of intellectual capital now occurs with stunning rapacity and brazenness, and some of that activity links back to foreign intelligence services. Companies and government agencies around the world are thus being looted of their intellectual property by national intelligence actors...
-- Gen. Keith Alexander, Director of the NSA & Commander of the US Cyber Command

Src: CYBERCOM Posture Statement for 27Mar12 SASC Hearing FINAL v 1 as of 21 March 2012.doc

QOTD - Geer on the Rate of Change


The rate at which we are turning the impossible into the possible is accelerating and will continue to do so because technologic change is now in a positive feedback loop.
-- Dr. Dan Geer, CISO of In-Q-Tel

Src: Cybersecurity and National Policy | National Security Journal | Harvard Law School

QOTD - Bryan Sartin on the DBIR

This is a study of security failures and the lessons that can be learned from them.
-- Bryan Sartin, VP of the Verizon RISK (Research Investigations Solutions Knowledge) Team 

Src: financialservices.house.gov/UploadedFiles/091411sartin.pdf (PDF)

QOTD on Being a Target

Small companies are targeted now because there's high return at fairly little effort. If you're a company with a hot piece of technology … I'd consider it a certainty you'd be a target.
-- Grady Summers, Vice President at Mandiant

Src: Five Ways You Can Avoid IP Theft | Entrepreneur.com

QOTD on Hacker Targets

Hackers may target any IT operation for any reason.
Many hackers, of course, are in it for the money. (This includes some Anonymous hackers.) They will aim for customer account numbers or other data of direct monetary value. But many hackers, including some of the most sophisticated, are in it for a mixture of more indirect motives. These include notoriety, the sheer thrill of the chase, and increasingly, a vague but militant political agenda.
-- Rick Robinson, freelance writer

Note: emphasis is mine.

Editorial: leave it to a professional writer to come up with one of the best summaries of hacker targets and motives.

Src: Anonymous Hackers' FBI Revenge Hits Spanish Security Firm | Inbfoboom