Masters of cybercrime

Masters of cybercrime

Summary: The consensus among the panelists at a Churchill Club discussion entitled "Masters of Cybercrime: The Ultimate Battle of Good and Evil," was that the good guys aren't winning.

SHARE:

Download this PodcastThe consensus among the panelists at a Churchill Club discussion entitled "Masters of Cybercrime: The Ultimate Battle of Good and Evil," was that the good guys aren't winning. The panelists included Joe Boerio, CTO, Franklin Templeton Investments; Brad Boston, Senior VP and CIO, Cisco; Scott Charney, Vice President, Trustworthy Computing, Microsoft; and Marcus Sachs, Deputy Director, Homeland Security Cyber Security R&D Center, and researcher at the Computer Science Laboratory, SRI International. The moderator was Dave Margulius of Enterprise Insight.

During the lively and wide-ranging discussion--which is available as an MP3 that can be downloaded or, if you’re already subscribed to ZDNet’s IT Matters series of audio podcasts, it will show up on your system or MP3 player automatically (see ZDNet’s podcasts: How to tune in)--the panelists talked about who are the malware perpetrators, the mainstreaming of cybercrime, insider attacks, the role of the government, vendor responsibility, user education, the impact of phishing and other fraudulent schemes, cybersecurity insurance, social engineering practices, holistic security practices and more. It's certainly worth a listen...

Here are a few samples:

"We thought that the bad guys would be foreign countries for the longest time and we were looking at cyberwar," Sachs said. "We have seen a clear shift in last 18 to 24 month more toward the criminal and fraudulent side of attacking the networks....the tools today are not built to defend against those attacks."

"If there is a bio, chemical or nuclear issue, the citizenry is going to look at government and say, 'How did you let this happen?' If there's slammer, then everyone looks at Microsoft and says, 'How did you let this happen,' " said Charney. "I'm not sure the government wants to stand up and say if it's a cyber thing why don't you hold us accountable for that too. To be blunt, a virus or worm can be problematic and costly, but has a very low potential for wiping out the planet. There are other things that can kill a ton of people."

"The naivete that I think exists among the general population and amongst employees is the thing we all have to overcome," said Boston. "From an enterprise perspective, how do you get them to care about it and understand their responsibility?"

Prior to the Churchill Club discussion, I interviewed Marcus Sachs about his work at the Homeland Security Cyber Security R&D Center. The audio interview is available as an MP3 that can be downloaded or, if you’re already subscribed to ZDNet’s IT Matters series of audio podcasts, it will show up on your system or MP3 player automatically (see ZDNet’s podcasts: How to tune in).

Topics: Browser, Government, Government US, Hardware, Mobility, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Please. Much of the problem is...

    ...big companies playing the entrenched interest game, stifling technologies, deadlocking standards, and compromising government initiatives with payola. Everybody wants to point their fingers elsewhere. Well, charity starts at home...instead of cyberwar profiteering.
    ordaj@...
  • hi

    "Crime involving high technology is going to go off the boards."
    - special agent William Tafoya, FBI
    Cyber Crime is everybody's quick 'n easy guide to safeguarding home and business computers, and keeping clear of the online bad guys.

    Brian
    http://www.my-casino-gambling.com
    doproiu@...
  • Getting employees and home users to care.

    From the comment:
    "The naivete that I think exists among the general population and amongst employees is the thing we all have to overcome," said Boston. "From an enterprise perspective, how do you get them to care about it and understand their responsibility?"

    The first suggestion that comes to mind is avoiding the implication that IT wants to own users. If security comes across as a synonym for "power grab", then users will identify the enemy on that basis.

    The second suggestion is to accept the attitudes of users about software, that it exists to help, and the more helpful the better. Anyone selling security should emphasize that changes will be considerate (see first suggestion) and will not involve even criticism of what users have and expect from their software.

    That should be enough of a direction to avoid a number of mistakes and ineffectual efforts.
    Anton Philidor