In a Q&A with press at the RSA European conference today, RSA executive chairman Art Coviello revealed how criminals and nation states are working together to launch cyber attacks.
"What we found in our Antifraud Centre was that criminals that were using malware became so pervasive [a phenomenon], that criminals themselves were having a big data problem. They have so much data that they don't know how to monetise [cybercrime]," he stated.
This means that criminals have a common goal with nation states looking to use stolen resources and data for cyber espionage – allowing the two to strike a deal that benefits them both.
"The chilling things that are going on are that the nation states are buying criminal information and they are also selling sophisticated APT attacks to the criminals," he said.
Coviello's keynote today at the RSA's European conference touched on a new intelligence-based strategy that focuses on predictive analytics and information sharing.
At the Q&A, Coviello and RSA president Tom Heiser tackled the topic in greater depth.
The new strategy based on big data analytics seeks to assess risk in an agile and contextual way, and is not just for RSA as an organisation, Coviello stated, but for industry as a whole.
"If you look at the way security infrastructure has been built over the years, they never really started with risk management but with a problem on the network. Thereafter a layer of controls developed: identity, infrastructure and data controls. All of these tended to be siloed but even worse they were developed on the perimeter so over time a lot of these controls have lost effectiveness," he said.