RSA: Nation states and criminals working together to commit cybercrime

Coviello warns of 'chilling' discovery and expands on new combat strategy

In a Q&A with press at the RSA European conference today, RSA executive chairman Art Coviello revealed how criminals and nation states are working together to launch cyber attacks.

"What we found in our Antifraud Centre was that criminals that were using malware became so pervasive [a phenomenon], that criminals themselves were having a big data problem. They have so much data that they don't know how to monetise [cybercrime]," he stated.

This means that criminals have a common goal with nation states looking to use stolen resources and data for cyber espionage – allowing the two to strike a deal that benefits them both.

"The chilling things that are going on are that the nation states are buying criminal information and they are also selling sophisticated APT attacks to the criminals," he said.

New strategy

Coviello's keynote today at the RSA's European conference touched on a new intelligence-based strategy that focuses on predictive analytics and information sharing.

At the Q&A, Coviello and RSA president Tom Heiser tackled the topic in greater depth.

The new strategy based on big data analytics seeks to assess risk in an agile and contextual way, and is not just for RSA as an organisation, Coviello stated, but for industry as a whole.

"If you look at the way security infrastructure has been built over the years, they never really started with risk management but with a problem on the network. Thereafter a layer of controls developed: identity, infrastructure and data controls. All of these tended to be siloed but even worse they were developed on the perimeter so over time a lot of these controls have lost effectiveness," he said.

RSA: Nation states and criminals working together to commit cybercrime

Coviello warns of 'chilling' discovery and expands on new combat strategy

Coviello said that five years ago organisations were not getting any leverage from these controls or by using log data.

"There are still a large amount of companies that haven't adapted to security information and event management (SIEM) products, which is a big problem," he added. "There are also so many openings to the perimeter and with the increase of consumerisation, meaning that the end user is connected to the cloud as opposed to the enterprise, there becomes more of a requirement of monitoring to find out if someone is in your network because it is easier to penetrate a network that does not exist."

The RSA chief emphasised that it was not a strategy that would mean an enterprise would stop a breach from happening but it would reduce the time the criminal has to cause serious damage.

"It's to shrink the dwell time so that before an attacker can infiltrate the enterprise, the organisation can render the attack harmless," he said.

Privacy

Coviello also took a swipe at privacy advocates for blocking the implementation of the appropriate security technologies to prevent cybercrime.

He acknowledged that policy making was not within RSA's remit but that the firm wants to work with privacy advocates to achieve better security outcomes.

"Many people may not trust the business or the government but it is better than criminals who want to steal that information. To blindly suggest that we can't alter privacy laws to better protect ourselves is wrong. What I'm advocating is that we educate the privacy advocates and vice versa to get to a [compromised conclusion]," Coviello said.

To illustrate the approach he was advocating, he used the example of the airline industry.

"In many airports there are full body scanners that are anonymous and over in an instant without any data being kept – that is the kind of technical ability we need in the industry," he said.