You are here  IT Management Risk Management

RSA 2007: security will become embedded in IT products, predicts Schneier

Security will become embedded in IT products, predicts Schneier

Ian Grant
Tuesday 23 October 2007 12:35

Security will become embedded in IT products so that users no longer have to worry about it, predictsBruce Schneier, CEO ofBT Counterpaneand keynote speaker at RSA Europe 2007.

Schneier said information security threats are becoming more aggressive and more sophisticated technically, and users are confused and frustrated by their inability to keep up. More and more are looking to industry suppliers, including both application developers and service providers, to provide the technical shields to deter attacks and defend their data.

The computer security industry is ignoring how to make people feel secure in favour of addressing threats, and it is not working, said Schneier.

"Fear is a pretty poor sell, because it needs educated customers. Compliance, on the other hand, is the only stick that works. Security is going to become another compliance issues like insurance, which is the price of risk for a known liability," said Schneier.

Users mostly still have to analyse their risks to get a better handle on how much to invest in mitigating it, he said.

But the risk profile keeps changing. "When you have a million or two PCs in a botnet, the question is how to monetise it," he said. For now, most criminals are using botnets ultimately to defraud or extort their victims, but a small minority are using it for industrial espionage, he said.

Schneier said it was hard to be certain of the extent of industrial espionage. "But we get the occasional shadow," he said. Examples include reported Chinese attacks on the US military (and several European governments), car magazines that want pre-release pictures of new models, pharmaceutical companies looking for an edge over the competition, and Boeing vs Airbus, he said.

"You see it when for some reason one company starts winning a lot of bids against its competitors," Schneier said.

Schneier said US government agencies routinely bought data that federal and state laws prohibited them from collecting, and vice versa.

"It is not that government and criminals are in cahoots against individuals it is more like government and big businesses are in cahoots against the competition."