RSA: Attack was done by two groups with one definitely from a nation state
RSA: Attack was done by two groups with one definitely from a nation state

RSA executive chairman Art Coviello said that if 2011 was the year of the attack, then 2012 will be the year of resiliency and adaptation within the industry.

In an open letter, Coviello said the company's experiences of this year "have indeed made us stronger and smarter".

“Our society has made unimaginable progress over the past 20 years through advances in information technology. It's our responsibility to sustain this advancement through a trusted digital world,” he said.

He added that never in his career has he known CEOs and corporate boards to be as interested in security as they are now; and he cited one common theme: persistent, advanced and intelligent threats.

He said: “If there is a silver lining to this rising threat, it is that the furor around the attacks in 2011 has reached a crescendo; it's no longer about awareness, it's about action. I believe that 2012 will be a year of action in which we'll focus on key areas of improvement and innovation.”

He predicated that in the era of advanced threats, greater situational awareness will be essential to effectively detect, deter and to defend against cyber attacks, and said the industry needs better frameworks for communicating threat information and strengthening the security of all parties.

“In my conversations over the past months, people were united in their call for private and public sectors to work on establishing a common framework to share information dynamically and at line speed. Today's attackers are better at sharing real-time intelligence than their targets, and fixing this should be a top priority in 2012,” he said.

Coviello also encouraged businesses to move from "conventional frameworks of unco-ordinated static point products to more advanced security systems that are risk-based and capable of meeting the challenges of dynamic threat environments".

Learning to live in a state of compromise, organisations will shift their security budgets away from traditional prevention technologies to detection technologies designed to limit exposure and mitigate damage from threats,” he said.