The net number of new cyberthreats is growing exponentially every year, and 40 per cent of all malware in the history of computing was created in 2007, according to McAfee Inc. CEO and president David DeWalt.
“Not a day goes by I don’t see an escalation, several times a day,” DeWalt told a group of journalist in a closed-door meeting in Toronto on Thursday, a wide-ranging discussion of the security landscape that touched on a number of issues:
- Not only is malware growing in terms of sheer numbers; the sophistication of the attacks is increasing. DeWalt offered Microsoft’s Patch Tuesday cycle of updates as a barometer. Whereas before, it might be weeks or months before vulnerabilities in the new patches are exploited, McAfee is seeing tens of attacks every release – before the next update.
- Because of his sensitive work, DeWalt enjoys high level security clearance from a number of governments. “You see a real emergence of sophisticated cybercrime groups,” he said. Recently, the U.S. Air Force has begun promoting its responsibility as defender not only of American skies, but its cyberspace as well. DeWalt described a USAF ad featuring a picture of the Pentagon, with the caption: “This building is attacked eight million times a day.”
- Infrastructure attacks are becoming more common. A Russian-based attack recently brought down much of Estonia’s infrastructure. One liability is that utilities, power, nuclear facilities and the like are often in the hands of the private sector, which is sometimes relying on older mainframes and not necessarily mandated to have cutting edge cyber-security.
- As smart phones and mobile devices incorporate more sophisticated operating systems and feature sets, they’re becoming more vulnerable to attack as well. “Threats have become as pervasive” as they are in the PC world, DeWalt said. This is a trend that’s going to continue; there are three billion mobile phones in use, with one billion added every year. With the introduction of IPv6, there is the potential for an unprecedented number of IP addressable elements – one duodecillion, or 10 to the 39th power.
IT World Canada Webinar
- DeWalt is among those participating in the drafting of the Cyber Security Enablement Act in the U.S., current languishing on the floor of the Senate as presidential hopefuls duke it out on the campaign trail. The difficulty in prosecuting and punishing cybercrime, DeWalt says, is that there’s often no legal precedent. The Act is a modernization of law and punishment so that online fraud is punished on the same basis as “real-world” fraud, for example.
- New protocols and technologies create new vulnerabilities. As telecom moves toward an IP telephony model, session initiation protocol (SIP) becomes more significant, yet it’s a protocol with no encryption or authentication capabilities. Likewise, the explosion of virtualization technologies also demands specific security attention. Virtualization isn’t new, DeWalt noted, but dates back to the mainframe days. The virtualization user was typically in testing and development; a high-end power user running multiple environments. It wasn’t until virtualization moved into production that questions about availability and security started to be asked. “The ability to spread malware virtually rather than physically is a whole new landscape,” DeWalt said. “It’s a bit of a maturation process for this marketplace.”
- Justifying the cost of IT security to the most senior management can still be a challenge. “It isn’t a revenue centre … it’s basically a defensive posture,” DeWalt said. And many companies have deployed multiple point products in the past from a variety of vendors, working from the perspective that “well, somebody’s going to catch it.” That actually creates more vulnerabilities and compliance headaches, DeWalt said, and makes it harder to demonstrate the successes and continuing vulnerabilities of IT security in the organization. “Best-of-suite” products are cheaper and more effective, DeWalt argues, relying on a single desktop agent rather than separate agents for spam, antivirus, etc. That’s a trend that’s affecting the network, too, as separate firewall, IDP, antivirus and other appliances are being superceded by unified threat management (UTM) strategies and appliances, DeWalt said.