The most significant changes to IT security have come from sociological shifts such as young virus writers finding love or seeking employment after international wars, says a security veteran.
IT security threats are usually explained as a technical phenomenon, says ex-president of McAfee and now CEO of Websense, Gene Hodges. However Hodges believes this view overlooks important sociological changes that have had an even greater impact on the security industry.
Today, it is widely accepted that cybercrime is financially motivated. While this explains the continued growth of malware to steal information leading to money or spread a botnet's footprint, it fails to account for underlying changes that have caused the financial motivations to emerge in the first place, Hodges told ZDNet.com.au.
"Three to four years ago, probably the biggest change in the security industry is that the motivation of the virus writer changed. We think about security as a technological phenomenon but it's really a sociological phenomenon," said Hodges.
The major sociological change, according to Hodges, was that virus writers grew up, found love and got a mortgage.
"The joke we used to tell when I was at McAfee was that the people who write viruses were 14-year-old boys who couldn't get dates ... They would sit in their basement and program to show their intelligence and they were brilliant young kids," he said.
"What's happened over the past few years is ... they got married and they got a mortgage. So now they're working for a spyware ring to pay that mortgage. I say this flippantly but fundamentally this is what has happened."
International territorial conflicts have also transformed the pool of talent for virus writers.
During the latest Indian and Pakistani border conflict over Kashmir, which flared up in 1999, Hodges said Websense was asked by both governments to develop tools for Web warfare.
"We were talking to both the Pakistani and Indian governments. They had approached us to write war grade viruses," he said.
"You could tell there were large groups working on both sides. Hundreds if not thousands of people were working in cyberwarfare organisations," he added.
"And we didn't do that. Websense doesn't help anybody on the offence. I think everyone in security is committed to the defence," he said.
But according to Hodges, it's what happened after the border skirmish finished that has had the greatest impact on security for the masses. "The people on the Indian side were hired by any number of a myriad of companies in Bangalore or Chennai. But what happened to the Pakistani programmers? If they didn't go to the US, how did they end up living?"