In your opinion, what are the biggest online security threats today?
In a recent survey by Network Box, 61 per cent of IT managers said that they thought the biggest threat to network security was from malware being downloaded from the Internet. That’s probably true – but another important threat is usually user-based, in other words, people not keeping their protection up to date, or clicking on bogus links, or even buying from spam.
I think there are two significant challenges we face. Firstly, how to combat spam. I saw a great quote by someone on Twitter, that said: “I cannot escape the feeling almost every email I get is spam. The annoying thing is much of it is spam I've signed up for”. This nicely sums up one of the biggest difficulties we face – you have to define spam in order to block it. The second challenge is the shift of the endpoint. More and more people work remotely; the lines between work and home are becoming more blurred, and this puts pressure on the security of a corporate network.
What do you see your clients most worried about?
Fraud seems the major concern. This ranges from ID fraud, to fraudulent websites, spoofed emails promising great profits and a myriad of other cons that are the daily fare of an end user’s experience. This is still being fed through spam but increasingly there are new ploys as criminals move to website infection of trusted sites to infect new victims. All this despite the fact that the returns for a phisher or even spammer is appearing to be ever thinner. This menace is threatening the success of e-commerce and we need an international effort in these grim times to fight this crime.
What's your take on the full disclosure of vulnerabilities?
This is a painful but necessary process. It requires that immediate action is taken to address those vulnerabilities, alerting people to what has been exposed and addressing customers’ problems. It ensures customers can take corrective action, it forces a fast recovery programme and it helps others not to make the same mistake. None of this is popular with providers of the services that have been shown as vulnerable.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.