The National Security Agency — and by extension, some foreign intelligence agencies and perhaps even criminal syndicates — can silently intercept encrypted communications and access off-the-shelf products that were thought to be secure.

In the wake of those NSA Bullrun program revelations — courtesy of documents leaked by whistleblower Edward Snowden — businesses are now asking: How should we react?

Here are five related recommendations from information security and cryptography experts:

Don’t Blame NSA For Poor State Of Business Security

Start by looking inwards. “This is a great time to focus on ourselves,” said encryption expert Ivan Ristic, director of engineering at Qualys, via email. “First of all, the mess with security is almost all ours. Yes, the NSA helped a bit by subverting security in any way it could, but it couldn’t have done it without us focusing on time to market, performance and profit, rather than on security.”

SOURCE: informationweek.com

Information Security Buzz