Get the latest tech news How to check Is Temu legit? How to delete trackers
TECH
Fortinet

Computer security has failed, says keynote at giant security gathering

Elizabeth Weise
USA TODAY
Amit Yoran president of computer and network security company RSA.

SAN FRANCISCO – Computer security has failed to protect us, the head of RSA Security said at the start of the world's biggest computer security conference Tuesday.

Amit Yoran took on the position of president at Bedford, Mass.-based RSA seven months ago.

At the company's signature computer security conference in San Francisco, he told the audience, "we are losing this contest. The adversaries are out-maneuvering the industry, out-gunning the industry, and winning by every measure."

In a sitdown with USA TODAY after his keynote address, Yoran expanded on his statement.

"What we've been doing for decades isn't getting the job done," he said.

The defense-based strategy that's been in place isn't working any more. Higher walls aren't keeping the hackers out, he said. Despite the fact that organizations and businesses have spent millions on security, they're continually under attack.

Even as the world is becoming completely reliant on computers in every part of our lives, we're still in the Dark Ages when it comes to security, he said.

Out on the showroom floor, among some of the more-than 28,000 attendees, computer security officers said Yoran was stating the obvious. But they were glad he'd said it.

"I've been doing this for 20 years and there's no silver bullet, it's just hard work," said Jakub Mamos, an information risk manager with Servus Credit Union in Edmonton, Canada.

There definitely needs to be a mindset shift, says Bryan Watson, a consulting security engineer with Fortinet, a Sunnyvale, Calif.-based computer security company.

"There are a lot of very senior people at companies that don't understand security at the basic level my 16-year-old daughter does," Watson said.

Even something so simple as logging into a public computer at a conference to get email should give people pause.

"You've got to think, 'Now I should go change my password because there might have been a password skimmer on that machine,'" said Watson.

Not that passwords are really strong enough to do much on their own. Having a network smart enough to know who's doing what and whether they should be can "make the difference between successful response and unmitigated disaster," Yoran said.

"All hope is not lost," said Antonio Brasil, a security professional with Zollner Electronics in Milpitas, Calif.

But figuring out how build real security "is up to the people in this room," he said.

Featured Weekly Ad