Hackers winning security war – executives

Reuters: Technology security professionals seeking wisdom from industry leaders in San Francisco this week saw more of the dark side than they had expected: a procession of CEO speakers whose companies have been hacked.

 “It’s pretty discouraging,” said Gregory Roll, who came for advice and to consider buying security software for his employer, a large bank which he declined to name because he was not authorized to speak on its behalf. “It’s a constant battle, and we’re losing.”

The annual RSA Conference, which draws to a close on Friday, brought a record crowd of more than 20,000 as Congress weighs new legislation aimed at better protecting U.S. companies from cyber attacks by spies, criminals and activists.

If the bills suggest that hackers are so far having their way with all manner of companies, the procession of speakers brought it home in a personal way.

The opening presentation by Art Coviello, executive chairman of conference sponsor and recent hacking victim RSA, set the tone with the Rolling Stones song “You Can’t Always Get What You Want.”

RSA, owned by data storage maker EMC Corp, is the largest provider of password-generating tokens used by government agencies, banks and others to authenticate employees or customers who log on away from the office.

Not long after last year’s RSA conference, the company said an email with a poisoned attachment had been opened by an employee.

That gave hackers access to the corporate network and they emerged with information about how RSA calculates the numbers displayed on SecurID tokens, which was in turn used in an attack on Lockheed Martin that the defence contractor said it foiled.