The consensus among the panelists at a Churchill Club discussion entitled "Masters of Cybercrime: The Ultimate Battle of Good and Evil," was that the good guys aren't winning. The panelists included Joe Boerio, CTO, Franklin Templeton Investments; Brad Boston, Senior VP and CIO, Cisco; Scott Charney, Vice President, Trustworthy Computing, Microsoft; and Marcus Sachs, Deputy Director, Homeland Security Cyber Security R&D Center, and researcher at the Computer Science Laboratory, SRI International. The moderator was Dave Margulius of Enterprise Insight.
During the lively and wide-ranging discussion--which is available as an MP3 that can be downloaded or, if you’re already subscribed to ZDNet’s IT Matters series of audio podcasts, it will show up on your system or MP3 player automatically (see ZDNet’s podcasts: How to tune in)--the panelists talked about who are the malware perpetrators, the mainstreaming of cybercrime, insider attacks, the role of the government, vendor responsibility, user education, the impact of phishing and other fraudulent schemes, cybersecurity insurance, social engineering practices, holistic security practices and more. It's certainly worth a listen...
Here are a few samples:
"We thought that the bad guys would be foreign countries for the longest time and we were looking at cyberwar," Sachs said. "We have seen a clear shift in last 18 to 24 month more toward the criminal and fraudulent side of attacking the networks....the tools today are not built to defend against those attacks."
"If there is a bio, chemical or nuclear issue, the citizenry is going to look at government and say, 'How did you let this happen?' If there's slammer, then everyone looks at Microsoft and says, 'How did you let this happen,' " said Charney. "I'm not sure the government wants to stand up and say if it's a cyber thing why don't you hold us accountable for that too. To be blunt, a virus or worm can be problematic and costly, but has a very low potential for wiping out the planet. There are other things that can kill a ton of people."
"The naivete that I think exists among the general population and amongst employees is the thing we all have to overcome," said Boston. "From an enterprise perspective, how do you get them to care about it and understand their responsibility?"
Prior to the Churchill Club discussion, I interviewed Marcus Sachs about his work at the Homeland Security Cyber Security R&D Center. The audio interview is available as an MP3 that can be downloaded or, if you’re already subscribed to ZDNet’s IT Matters series of audio podcasts, it will show up on your system or MP3 player automatically (see ZDNet’s podcasts: How to tune in).