Cyber-Threats Outpace Security Measures

Oct 2, 2007 4:19 PM

Despite the increase in government compliance requirements and the proliferation of security tools, companies continue to underestimate the threat from phishing, data loss and other cyber vulnerabilities, says McAfee CEO David DeWalt.

In a keynote address at the InformationWeek 500 conference in Tucson, and reported in Information Week, DeWalt said, "It's amazing how low the awareness is of cyber-security threats," among both government officials and corporate executives. "As the world has flattened, we've seen a significant amount of emerging threats from increasingly sophisticated groups attacking organizations around the world."

Citing recent highly publicized corporate data breaches that have beset major companies like Ameritrade, Citigroup and Bank of America, DeWalt says that cyber-crime has become a $105 billion business that now surpasses the value of the illegal drug trade worldwide.

Internet stock trading company TD Ameritrade Holding says that one of its databases had been hacked by a thief who obtained personal information on some of its customers. An attorney launching a class-action lawsuit against Ameritrade claimed the online brokerage knew that someone had compromised its database as early as one year ago. An Ameritrade spokeswoman told InformationWeek that all of the company's 6.3 million accounts opened before July 18 of this year were exposed.

Worldwide data losses now represent $40 billion in losses to affected companies and individuals each year, DeWalt says. But law enforcement's ability to find, prosecute, and punish criminals in cyberspace has not kept up: "If you rob a [convenience store] you'll get a much harsher punishment than if you stole millions online," DeWal says. "The cross-border sophistication in tracking and arresting cyber-criminals is just not there."

Looking ahead to new forms of threat detection and enterprise data security, DeWalt outlined five major trends that will reshape the security industry and transform how companies secure their corporate and customer information in the next few years.

The first is industry consolidation, as the large number of small vendors become acquired or give way to larger companies. "The security market will go through the same transition that other industries have," DeWalt says.

Second, the increase in cyber-threats has fueled a rapid growth in compliance requirements as the federal government tries to mandate higher levels of security and protection of sensitive consumer and patient data. "There's a lot of legislation around industries forcing them to comply with various standards for customer protection," DeWalt says.

The third important trend is the movement of security protection from the perimeter of corporate networks toward the data layer itself: "Traditional security has always been concentrated on the perimeter, on endpoint devices, particularly with firewalls," DeWalt says.

Fourth, companies are facing new challenges as server virtualization spreads across many industries and many types of industries. "Virtualization is an amazing juggernaut in terms of security risk," DeWalt says, listing non-compliant virtual machines, VM-aware threats that can subvert countermeasures, the propagation of infected virtualization images and "hyperjacking," or the potential for a single breach to offer simultaneouos access to many machines across a virtualized environment as some of the emerging risks.

Finally, the emergence of new platforms and devices presents cyber-criminals with new targets for hacks and phishing scams. Mobile devices such as smartphones and voice-over-IP systems are inherent more vulnerable than traditional clients and telephony services.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue