The future of security

DUBAI, UNITED ARAB EMIRATES, 12 MAY 2008 - A futurologist in IT security? Difficult to believe, but it is true. On a recent visit to Dubai to discuss the risks of the global Internet, David Perry, Global Director of Education for Trend Micro, is a futurologist, predicts the upcoming dangers and thefts in the IT industry globally. He has been working for Trend Micro for the past 10 years and was earlier associated with McAfee. CNME met up with Perry to get a brief analysis on the scenario today.

CNME: Why do you call yourself a futurologist?

Perry: At Trend Micro there has always been stress on the role of Internet security which is a dense area. There are all kinds of considerations to be made like vocabulary, messed up mathematics, be able to interpret languages from Russians, Chinese and Americans. I am constantly involved in research and I have a good grasp of the English language. You don't find a lot of computer virus help experts with the same ability therefore I am able to interpret all the technical information for the ordinary person. Due to this I am able to predict trends and initiatives which also help me to understand threats. We are able to articulate it and make sense before selling the solution to the end-user.

CNME: How you see the state of Internet Security today?

Perry: Customers must be made aware of basic facts like for example the original computer virus help was not on a PC or an Apple machine or mainframe or storage device. The original virus was a work of fiction by a writer named John Brunner. Viruses existed in fiction before they existed in fact. All the ideas we carry on viruses are fictional and they are not responsible for destroying the hardware. Somebody is not writing viruses in the backroom of an antivirus company. They are invisible, silent and most importantly at this point of the history of the world viruses and malware are stealing your bank accounts. This is happening in the behest of giant organized crime rings in Russia, China, Etnovia, Latvia, South America, Columbia and even including United States and Australia.

The real crime is not about stealing a bank but about stealing passwords, credit card numbers and logins of users. According to the FBI last year 15 million users from America got their identity stolen and computer crime put together accounted for $89.9 b. This means its approaching the same level of crime from drugs therefore making it front rank crimes.

CNME: As a security expert, do you think Trend Micro has done enough to stand apart from competition? What kind of initiatives is being undertaken by the vendor?

Perry: I am influential and one of the most famous anti-virus people in the whole world, probably not as much Gene Kaspersky because he owns a company. At Trend Micro I am able to share any kind of concern with the top management which is a big difference compared to companies like Symantec. They have moved onto hiring professional managers who are only interested in sales, numbers and finances. But in Trend Micro the CEO has 9 patents, she is an engineer, has invented many of our hot products and been with the company for 20 years. The top management - Steve and Jenny Yang - has been around for the entire history of the company. They have a passion and understanding of what makes good protection.

At Trend Micro one of the initiatives we have decided to take up as a public affairs issue is that of children being bullied on-line. We are getting ready to launch information, give lectures and also conduct these sessions in schools. There are market initiatives launched in EMEA where I have gone and given presentations.

CNME: Has security today moved beyond the computer?

Perry: It has definitely moved from the basic computer. Today it's about identity, not about computer security. In the United States if I purchase a sofa, telephone or a car, the credit rating company is called to check on your reputation. The same is applicable with your passport, which is checked every time at the airport for your identity.

In the same situation, if your identity is stolen through your credit card you have lost your credit rating and you cannot buy a car.

We are heading into a future which is not protected and there will be more sensitive data for the end user. There is often a comment made that antivirus companies are catching up with hackers. Even for us, there is immense effort put into research for e.g. there are thousands of research engineers at Trend Labs in Manila. On my way back from Dubai I will be stopping by at the lab. There is a lot of advanced study and research done in this direction but you don't hear about all the products being developed in these labs.

CNME: You have made comments in the past about security vendors not behaving like grownups, please comment.

Perry: Security vendors are always fighting on what to name viruses. In the era of worldwide virus outbreaks, that was affecting the entire world. But now it's a different scene as the virus attacks target a few hundred end-users. The name of the virus help was an important issue and all the anti-virus vendors wanted to name it differently. The question was always 'Who would name it?' so 'Who was the grown up?'

Nobody respects the other to differ from them and they don't want to make Symantec more powerful. There are no grownups in this fight as it moves on to other issues like setting security standards for testing. These are political decisions to be made on how to test the software based on who is going to win this test?

There are companies pushing one kind of standardization putting them into the good light completely. This is a business where billions of dollars are made and therefore the naming problem has to be fixed.

CNME: Should there be set parameters for security in an IT network?

Perry: The first point to keep in mind for an enterprise end-user is to understand what is happening in your network. You cannot fly blind as you have to know what you are protecting and secondly have comprehensive protection. Customers would earlier purchase different security solutions from various vendors. But now customers use heterogenous networks and they could be using a Linux or Nuventu or a Mackintosh OS other than a pure Microsoft XP system.

Computer security is based on four pillars beginning first from systems, then security, followed by hardware, software in all the systems has to be designed in a secure manner and the security products have to be aware of the changes in the system and product.

User education and awareness are the other important factors. Security awareness within the enterprise begins with recognizing the need for it. At Trend Micro we will be able to help end-users do this as we have acquired several new companies and are in a position to start with knowledge assessment then move onto training programs.

source : http://computerworld.com.my/ShowPage.aspx?pagetype=2&articleid=8267&pubid=4&issueid=135