RSA 2008: Websense adopts cyber criminals' structure

The successful 21st century company will adopt the organisational structure favoured by cyber criminals, according to the chief executive of cybersecurity firm Websense.

The successful 21st century company will adopt the organisational structure favoured by cyber criminals, according to the chief executive of cybersecurity firm Websense.

Discussing what makes cyber criminals successful, Websense CEO Gene Hodges told Computer Weekly that e-criminals were agile, distributed, expert and didn't pay taxes. "That's the model for any successful company in the 21st century," he said.

It is the model Websense itself is adopting, although Gene Hodges was quick to say Websense abides by the law, including paying taxes, in the 30-plus countries in which it operates.

He said the economics of software development had "swung over to the dark side".

"A programmer just out of school can now earn $200,000 a year writing code for a Russian cyber crime gang. That's four or five times what he'd make in the regular industry," Hodges said.

As cyber gangs don't pay tax, the software industry is at a competitive pay disadvantage in attracting the best talent, he said.

John Thompson, CEO of Symantec, corroborated Hodges' view. The effect was that, according to Symantec's research, 65% of all new software that hits the internet today is malware. Most of it aims to steal personal and sensitive data, he said.

Hodges endorsed the trend towards organisations securing data at all stages of its life-cycle. This meant understanding better what was important to firms. He cited mining giant BHP Billiton as an example. The two firms had worked together on a bid to acquire Port Authority, which runs US harbours. "You'd say BHP's key assets were mines and giant trucks, and you'd be wrong," he said. "The CIO told me the company's most important data was the knowledge of how to get a few extra percent of metal from an ore body." And because the firm was highly acquisitive, the next most important data were commercial intelligence about rivals and bids for target firms, he said.

"One bit of information under those circumstances could change a price by several billion dollars, so we are talking about real money," Hodges said.

Hodges said globalisation meant development teams were increasingly distributed. Geography was becoming less relevant and talent and skills were the overriding criteria for success, brought together using the internet, he said. "Our organisation chart looks like a bunch of blobs as a result," he said. "We think of ourselves more as a tribe."

Like many of its customers, Websense is a target for cyber criminals. Hodges said even his home network was getting 500 hits a day. This coloured his firm's relationships with partners around the world, notably in China, where until recently intellectual property was less protected than in the West.

"But we have to watch the US and everywhere else too. You just can't trust anyone," he said.

Read more on IT governance