The RSA security conference just wrapped up in San Francisco and Avivah Litan, vice president and distinguished analyst at Gartner, provided her key takeaways from the event on her Gartner blog.
The biggest buzz at the conference was around who will be or already is the next Target? Which retailer got hacked this time? And what solutions can prevent this madness?
“Information sharing is not easy in retail payments. I have colleagues who would like to share specific information on the behavior of malware attacking retailers but are shut down by lawyers for retailers, POS software vendors, insurance companies and more,” said Ms. Litan. “This makes no sense to me when information sharing that provides safe harbor for those who disclose and confidentiality for the victims is exactly what is needed to help stop future attacks.”
Ms. Litan’s key takeaways from the conference and around this issue:
There is a lack of information sharing in the retail payment card industry.
The legal issues are thorny and complex.
There is progress being made on structuring threat intelligence information so that information that is shared can be read by machines as well as humans.
“I’m not optimistic that the situation will substantially change in the near future so until then, the only ones who win are the criminals,” said Ms. Litan.
Ms. Litan’s full blog post can be read at http://blogs.gartner.com/avivah-litan/2014/03/04/reflections-on-rsa-and-the-need-for-retailer-information-sharing/.
More analysis on cyber-attacks, malware, data leakage and top security trends will be provided at the Gartner Security & Risk Managment Summit taking place June 23-26 in National Harbor, Maryland. More information can be found at www.gartner.com/us/itsecurity. Members of the media can register for this event by contacting firstname.lastname@example.org.
Analysis on these trends will also be provided at the Gartner Identity & Access Management Summit taking place March 17-18 in London, U.K. Details on the event are http://www.gartner.com/technology/summits/emea/identity-access/. Members of the media can register to attend the event by contacting email@example.com.