The need to create public confidence in using online
services is the biggest security challenge facing businesses, John
Thompson, CEO of Symantec Corporation, said
yesterday.
In a keynote speech at the RSA conference, Thompson said it was
imperative for users and suppliers to work together to make
e-commerce safer, if the benefits of the internet are to be
realised.
“Confidence is essential if we want to realise the potential of
this interactive world. The ability to collaborate online, to work
remotely, has created a whole new set of business models. IT
systems are not a frill. They are essential drivers of innovation
and growth,” he said.
Thompson said it was vital for e-commerce to find ways of
replicating the way trust works in the offline world, largely based
on face-to-face contact online.
“How do we make sure when we are logging onto your bank that it
is actually your bank, not a dummy site? How do we know that your
confidential information that resides with your supplier is still
with your supplier?” he said.
Although the security industry has done a good job protecting
systems over the past few years, the number of threats is steadily
increasing, said Thompson.
The majority of companies expected to experience at least one
security incident a year. Spammers are using new technology to
evade anti-spam filters, and consumers are being targeted with
malware designed to extort money, he said.
But he said going back to doing business offline was not an
economic option. New security models that focus on protecting
information, and the person, rather than devices, would need to be
developed.
“I don’t feel that consumers should feel they are running a risk
by shopping online. I believe we can dramatically mitigate these
risks,” he said.
Security suppliers and enterprises needed to develop ways of
managing the identity of people online securely, he said.
“Consumers will demand that enterprises conform to a set of
technologies and business practices. They will demand a level of
security beyond what we normally expect,” he said.
Building confidence in the connected online world won’t be easy,
said Thompson.
“It will take looking at security in context of the whole risk
management strategy of your organisation,” he said.
In a thinly disguised attack on Microsoft, Thompson said
businesses needed to work with a range of security suppliers,
rather than trust their security to one organisation.
“You would not want the company building your operating system
to also secure it from threats. It is a huge conflict of interest,”
he said.
Read
David Lacey’s
security blog
Read
Stuart King’s
risk management blog
Comment on this article:
computer.weekly@rbi.co.uk