What do you see as the main problems in online security?
There are a number of challenges facing the security industry, but if I were to point to any specifics, I believe many organizations begin to feel more secure than they really are. Some of companies you would expect to be well prepared and understand the importance of security, are victimized right along with everyone else. AOL has just had a security problem potentially exposing confidential user information, the auction sites get victimized it happens to regularly. Another challenge is attempting to justify the expense of tight security in terms of return on investment. That's a bit like measuring the return on your car insurance. It only pays off when your car is wrecked or stolen.
There's been a lot of news on identity theft lately. How big would you say the problem is?
Identity Theft is certainly the fastest growing crime in the United States. I suspect that's true on a worldwide basis. The risk reward ratio is skewed well in favor of the criminal. If you think about it, there's much less risk than walking into a bank waving a gun around. The amount you can steal is often higher than your average bank robbery as well. After all, you don't want to just steal someone's credit card or bank account and use that, you want to steal their information and open a dozen new credit cards in their name and use those. In difficult economic times, I suspect the problem will get worse before it gets better. Much the way air travellers have accepted tighter security at airports for their safety, I believe online users will come to accept a few more authentification steps when using online services as they become more aware of the risks to their financial well being.
Do you see the disgruntled employee or the outside attacker as the bigger threat to a company?
That's a difficult question to answer. Unfortunately, the disgruntled employee has access to information and may know a bit about security policy and practice. It may be easier of them to circumvent security practices. Many information security breaches are perpetrated by "insiders". An insider may, however, be after something specific. An outside attacker, on the other hand, may break in and blunder around your system causing collateral damage in an unintended fashion. Either way it's bad.
What are your plans for the future?
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.