By Richard Adhikari TechNewsWorld
04/08/08 2:45 PM PT
Security concerns are growing in scope and scale, and it might be time for the federal government to step in, Symantec CEO John W. Thompson said Tuesday, citing figures from his company's annual threat report. Thompson also suggested that white-listing would grow as a practice, and recommended corporations look into digital rights management for documents.
The federal government should step in and pass laws to ensure computer security, John W. Thompson, the CEO of Symantec (Nasdaq: SYMC) told a security conference Tuesday.
In the last six months of 2007, nearly 50 million people worldwide were the victims of identity theft, and 70 percent of the most common malicious code used in attacks on computers targeted confidential files.
Loss or theft of laptops or storage devices account for 57 percent of data loss worldwide; 65 percent of new software created today is malicious code; and there is a black market in selling stolen files and data that is sophisticated enough to include money transfer capabilities.
This information from the Symantec Threat Report was disclosed by Stephen Trilling, the company's vice president for security technology and response, at the RSA Security (Nasdaq: RSAS) Conference in San Francisco.
The data came from "more than 120 million computers worldwide" that have installed Symantec's software, Trilling said.
Act Locally, Fear Nationwide
That led Thompson to call for a nationwide law targeting hackers in his keynote speech, "Information Centric Security: The Next Wave." "It's impractical to have 40 different states, each with its own laws; we need a federal law with very high standards today," Thompson said, adding that security issues have become a global problem.
If the growth of malicious software continues to outpace the growth of "good" software, white-listing -- the implementation of a policy stating which applications are allowed -- "will become very important;" identity management "will become important to cover everybody in the world;" and digital rights management "not just of music but of business documents" will become crucial, Thompson warned.
Enterprises will have to change their approach to security: "We will need to take an info-centric view to security using a risk-based approach," Thompson said. This means that businesses must decide what information is critical to their survival and archive only that.
This hard approach is critical because "data grows by 50 percent a year, so only the most important information can be protected," Thompson added.
Selecting Critical Information
Enterprises must answer three questions to figure out what information is crucial to their business: What sensitive information do they really have; where is it being stored; and how is that information being used, he said.
"Once you have answered these questions, you can set policies to guide strategies on how your organization stores and uses information," Thompson said.
The increasing importance of business to businesses requires that business leaders -- "not just the CIO, but also the CEO and CFO" -- become involved in setting security policies. Security and data "must work hand in hand for combined risk management," Thompson declared. "You can't secure what you don't manage."
New Finjan Appliance Sniffs Web Traffic for Crimeware April 07, 2008
Finjan announced a new version of its security appliance that monitors inbound and outbound Web traffic, analyzing the code to keep out malware and keeping an eye on system performance. It also monitors secure socket layer traffic to keep crimeware out, keeping it encrypted when it exits the appliance.
Related Stories
Security Sleuths Search for a Single Sign-On Solution April 08, 2008
At the RSA Security Conference, Project Concordia demonstrated several in-the-works products that aim to give users a single Web sign-on. Norman Data Defense Systems showed off its Sandbox Analyzer, and VeriSign introduced two new authentication tools. FireScope showed off an IT monitoring system that uses the iPhone as its mobile interface.
Live From RSA: Getting Ready for the Security Smackdown April 07, 2008
The halls are just starting to hum at San Francisco's Moscone Center, the venue for this year's RSA Security Conference, which runs through Friday. Among the upcoming highlights: A Security Smackdown to test experts' mettle and several security-related book signings.
Teach a Man to Phish and He'll Feed on Fools for a Lifetime March 29, 2008
Phishing -- trying to trick an e-mail recipient to click here, download that file go to this Web site -- is one of the oldest social engineering tricks in the book. It's been around so long mostly because it still seems to work -- and it's getting increasingly sophisticated. "This isn't malware for the masses anymore," said Jeff Green, senior vice president of McAfee's Avert Labs.
Related News Alerts
More by Richard Adhikari
Google Hatches Plot to Break Into TV March 18, 2010
Google, Intel, Sony and Logitech have reportedly come together to create a new device platform built for bringing the Web closer to the TV. Google TV would apparently use the Android OS to streamline the act of surfing Web content, including Web-based videos as well as social networking sites, through the television.
Anxieties Besiege FCC's Broadband Game Plan March 17, 2010
The FCC has laid out some big goals for America's online future with its recently introduced national broadband plan, and those big goals may come complete with big price tags. Also causing anxiety among private enterprise is the degree of control the government will have to assume in order to put its plan into motion.
What WinPho7 Won't Have March 17, 2010
Windows Phone 7 Series is being positioned as a turnaround for Microsoft's mobile platform, which has seen stalled sales in the face of iPhone and Android. Buzz on WinPho7 has been generally positive, though it appears the platform will lack a few hot-button features: cut-and-paste, full multitasking and memory card support.