More attention needs to be paid to security or we risk an abrupt decline in online business and leisure activity, says Symantec’s chief technology officer, Mark Bregman. Both enterprises and individuals need to become more security-conscious.
As consumers do more business online and internet crooks become more sophisticated, THE organisations deal with them need to look more closely at their security, says Bregman. The alternative could be a massive loss of confidence and business.
“Enterprises mostly know how to respond to a data breach or data loss,” he told Computerworld, at Symantec’s Vision 2007 conference, which was held in Sydney earlier this month. “The individual users do not, so their only weapon is to stop doing it [using the online channel].”
Bregman’s advice comes in the wake of alleged security breaches and data losses by several NZ government departments, according to the SIS (Security Intelligence Service). There is also the continuing issue concerning banks in New Zealand and their customers, as to who should bear the responsibility – and how much – when it comes to online security precautions.
Attacks are not primarily equipment-focused any more, says Bregman. They’re now mostly aimed at people – exploiting their trust through phishing, for example.
“To use a physical analogy, they don’t try to pick your lock any more because the locks are too good, [instead] they turn up at your door in overalls and say they’re from the gas company.”
This argues for a different kind of security precaution – one centred on “a combination of [provable] identity and reputation,” Bregman says. He would not say whether Symantec has any making plans here.
One response is to build-up “white-lists” of trusted users and even trusted programs, but the latter would depend on whether program authors were willing to go through a vetting process.
The problem has become more acute with the rise of social networks and other Web 2.0 activities, he says. Young people in particular are not too concerned about their privacy and likely to release sensitive information.
Another risky Web 2.0 phenomenon is the construction of composite applications or “mashups”, which seek to “repurpose” existing content. In the process, the masher could inadvertently use a file or software tool infected with malware and this could then spread to users of the finished product.
The problem is that elaborate security precautions can be a drag on system resources. Symantec has attracted particular criticism in this regard.
Bregman acknowledges this, but says Symantec’s Endpoint Protection 11.0, released this month, has a smaller “footprint” – it is only 15MB – and lower processing demands than previous products.
Stephen Bell was in Sydney as a guest of Symantec