RSA, the security arm of storage corporation EMC, today claimed that not one of its customers has been the victim of a successful cyber attack in the past 19 months.
Speaking at RSA Conference Europe 2012, RSA president Tom Heiser said that the firm had learned a lot from the successful breach of its own security back in March 2011, and had passed on this knowledge to its customers.
"I'm proud to say that since then, there has been no evidence of any successful attacks but this does not mean we rest," he said.
Heiser went on to make several further recommendations for improving security:
- Adopt a risk-based approach to security;
- Rethink detection strategies and deploy continuous monitoring;
- Tighten access controls to combat the risks of consumerisation and BYOD;
- Invest in advanced analytics tools to "find the unknown";
- Avoid squandering security professionals' skills on other tasks;
- Educate and re-educate staff on cyber security to stop complacency.
RSA chief Art Coviello had earlier outlined how enterprises still displayed "four levels of security maturity".
The first level includes enterprises that just want the problem to go away, and are generally uninformed, he said. The second level includes those enterprises that are just attempting to be compliant and check tick boxes such as that of security certification ISO27001.
"What they don't understand is that a good governance model would create compliance as a by-product of doing the right thing in the first place," Coviello said.
The third level comprises organisations that focus on "IT risk", while the most most mature security strategies are designed to minimise "business risk" by enabling business models to adjust to new security challenges.