Cyber-Threats Outpace Security Measures

Oct 2, 2007 4:19 PM

           

Despite the increase in government compliance requirements and the proliferation of security tools, companies continue to underestimate the threat from phishing, data loss and other cyber vulnerabilities, says McAfee CEO David DeWalt.

In a keynote address at the InformationWeek 500 conference in Tucson, and reported in Information Week, DeWalt said, "It's amazing how low the awareness is of cyber-security threats," among both government officials and corporate executives. "As the world has flattened, we've seen a significant amount of emerging threats from increasingly sophisticated groups attacking organizations around the world."

Citing recent highly publicized corporate data breaches that have beset major companies like Ameritrade, Citigroup and Bank of America, DeWalt says that cyber-crime has become a $105 billion business that now surpasses the value of the illegal drug trade worldwide.

Internet stock trading company TD Ameritrade Holding says that one of its databases had been hacked by a thief who obtained personal information on some of its customers. An attorney launching a class-action lawsuit against Ameritrade claimed the online brokerage knew that someone had compromised its database as early as one year ago. An Ameritrade spokeswoman told InformationWeek that all of the company's 6.3 million accounts opened before July 18 of this year were exposed.

Worldwide data losses now represent $40 billion in losses to affected companies and individuals each year, DeWalt says. But law enforcement's ability to find, prosecute, and punish criminals in cyberspace has not kept up: "If you rob a [convenience store] you'll get a much harsher punishment than if you stole millions online," DeWal says. "The cross-border sophistication in tracking and arresting cyber-criminals is just not there."

Looking ahead to new forms of threat detection and enterprise data security, DeWalt outlined five major trends that will reshape the security industry and transform how companies secure their corporate and customer information in the next few years.

The first is industry consolidation, as the large number of small vendors become acquired or give way to larger companies. "The security market will go through the same transition that other industries have," DeWalt says.

Second, the increase in cyber-threats has fueled a rapid growth in compliance requirements as the federal government tries to mandate higher levels of security and protection of sensitive consumer and patient data. "There's a lot of legislation around industries forcing them to comply with various standards for customer protection," DeWalt says.

The third important trend is the movement of security protection from the perimeter of corporate networks toward the data layer itself: "Traditional security has always been concentrated on the perimeter, on endpoint devices, particularly with firewalls," DeWalt says.

Fourth, companies are facing new challenges as server virtualization spreads across many industries and many types of industries. "Virtualization is an amazing juggernaut in terms of security risk," DeWalt says, listing non-compliant virtual machines, VM-aware threats that can subvert countermeasures, the propagation of infected virtualization images and "hyperjacking," or the potential for a single breach to offer simultaneouos access to many machines across a virtualized environment as some of the emerging risks.

Finally, the emergence of new platforms and devices presents cyber-criminals with new targets for hacks and phishing scams. Mobile devices such as smartphones and voice-over-IP systems are inherent more vulnerable than traditional clients and telephony services.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

SUBSCRIBE

Select an Issue April 1, 2008 March 1, 2008 February 1, 2008 January 1, 2008 December 1, 2007 November 1, 2007 October 1, 2007 September 1, 2007 August 1, 2007 July 1, 2007 June 1, 2007 IP Security Supplement May 1, 2007 April 1, 2007 March 1, 2007 February 1, 2007 January 1, 2007 School Security December 1, 2006 November 1, 2006 October 1, 2006 September 1, 2006 August 1, 2006 July 1, 2006 June 1, 2006 May 1, 2006 April 1, 2006 March 1, 2006 February 1, 2006 January 1, 2006 December 1, 2005 November 1, 2005 October 1, 2005 September 1, 2005 August 1, 2005 July 1, 2005 June 1, 2005 May 1, 2005 April 1, 2005 March 1, 2005 February 1, 2005 January 1, 2005 December 1, 2004 November 1, 2004 October 1, 2004 September 1, 2004 August 1, 2004 July 1, 2004 July 1, 2004 June 1, 2004 May 1, 2004 April 1, 2004 March 1, 2004 February 1, 2004 January 1, 2004 December 1, 2003 November 1, 2003 October 1, 2003 September 1, 2003 August 1, 2003 July 1, 2003 June 1, 2003 May 1, 2003 April 1, 2003 March 1, 2003 February 1, 2003 January 1, 2003 December 1, 2002 November 1, 2002 October 1, 2002 September 1, 2002 August 1, 2002 July 1, 2002 June 1, 2002 May 1, 2002 April 1, 2002 March 1, 2002 February 1, 2002 January 1, 2002 December 1, 2001 November 1, 2001 October 1, 2001 September 1, 2001 August 1, 2001 July 1, 2001 June 1, 2001 May 1, 2001 April 1, 2001 March 1, 2001 February 1, 2001 January 1, 2001 December 1, 2000 November 1, 2000 October 1, 2000 September 1, 2000 August 1, 2000 July 1, 2000 June 1, 2000 May 1, 2000 April 1, 2000 March 1, 2000 February 1, 2000 January 1, 2000 December 1, 1999 November 1, 1999 October 1, 1999 September 1, 1999 August 1, 1999 July 1, 1999 June 1, 1999 May 1, 1999 April 1, 1999 March 1, 1999 February 1, 1999 January 1, 1999 December 1, 1998 November 1, 1998 October 1, 1998 September 1, 1998 August 1, 1998 July 1, 1998 June 1, 1998 May 1, 1998 April 1, 1998 March 1, 1998 February 1, 1998 January 1, 1998 December 1, 1997 November 1, 1997 October 1, 1997 September 1, 1997 August 1, 1997 July 1, 1997 June 1, 1997 May 1, 1997 April 1, 1997 March 1, 1997 February 1, 1997 January 1, 1997

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue