After the revelation of Operation Aurora, the term began to take on a different meaning. "In essence," IBM's X-Force report says, "APT became associated with any targeted, sophisticated or complex attack regardless of the attacker, motive, origin or method of operation."
"The trend here is the level of fines that the regulators are putting out there," says Tony Wicks, AML and fraud-detection expert. "$7 million does not sound that great, but for the size of an institution like Pacific National, it is substantial."
Known as the Citizen Patrol Unit, the group of some 30 civilian volunteers has been tasked with monitoring pay-at-the pump terminals throughout one community, looking for signs of tampered terminals or the installation of illegal skimming devices.
Phishy HTML pages get past spam filters, and users of RSA's SecurID two-factor authentication products come up with new ways to monitor threats and take preventive steps in the aftermath of a hacker attack against RSA.
This kind of problem happens to everybody, says Marcus Ranum, CSO of Tenable Network Security, in response to the widely publicized breach at RSA. And maybe hes right. Perhaps this kind of problem does happen to everyone. But should it?
RSA executives haven't been commenting publicly since the security solutions vendor revealed last week it had been victimized by a sophisticated cyberattack aimed at its SecurID two-factor authentication product. But weeks before the hack, I spoke with RSA Chief Technology Officer Bret Hartman about advanced...
DHS Deputy Undersecretary Philip Reitinger often appears as the administration's cybersecurity point man. Is not having a top White House official tout its infosec agenda behind a perception that the administration isn't leading on cybersecurity?
The Department of Homeland Security is working with RSA in investigating what the IT security vendor characterized as an extremely sophisticated attacked aimed at its SecurID two-factor authentication products.
"Persistent" is the operative word about the advanced persistent threat that has struck RSA and its SecurID products. "If the bad guys out there want to get to someone ... they can," says David Navetta of the Information Law Group.
The announcement by RSA that it had been a victim of an advanced persistent threat shook the global information security industry. Stephen Northcutt of SANS Institute and David Navetta of the Information Law Group offer insight on what happened, what it means and how to respond.
"This is not a record of success; whatever we are doing is not working," says James Lewis of the Center for Strategic and International Studies. "As a nation, despite all the talk, we are still not serious about cybersecurity."
"Almost everyone has a firewall and is using it; it's just not necessarily a relevant defense against the way people are actually being attacked," says Josh Corman, research director of enterprise security at security consultancy The 451 Group.