SAN JOSE, Calif. -- Code monkeys, cryptographers and security-business executives gathered for their annual powwow here this week to check out the latest trends and listen to nuggets of wisdom from leaders in the industry.
Chief among the minds of executives and government officials at the RSA security conference was the changing landscape. They warned that online threats are no longer about so-called script kiddies looking for notoriety, but organized groups of criminals executing targeted attacks for financial gain.
Such threats are more complex and sinister, prompting Tom Noonan, CEO of
Internet Security Systems
to say, half-jokingly, "In some ways, I long for the days of
Of course, ever-expanding threats also make security companies bullish on their opportunities for growth in the sector.
Here were a few of the hot topics:
In Online We Trust
Loss of consumer confidence is the greatest threat to the growing digital lifestyle and those companies that rely on online technologies to do business, John Thompson, CEO of security software firm
, told an audience on Wednesday.
And the burden is on the companies themselves to protect their customers from increasingly sophisticated criminals behind today's security threats, he said.
"While no one has offered to sell the Brooklyn Bridge online -- yet," said Thompson, hucksters have tried to sell Mexico, fairy dust and the meaning of life -- which, he said, sold for $3.26.
"If we fail to create a trusted digital environment, we just won't slow the growth of e-business, we'll slow the growth of all business," Thompson said. "We won't just hurt the digital economy, we'll hurt the entire economy. This is the real hidden threat today -- not some massive cyber attack, but loss of consumer confidence in the digital world."
Thompson said that, across industries, companies have built the efficiencies of digital technologies into their business models. They are relying on the expansion of the digital lifestyle for their own growth, and the growth of the global economy.
Yet consumer confidence is waning. Identity theft has topped the list of consumer complaints collected by the Federal Trade Commission for six years straight, costing consumers time and money. Thompson cited a survey of 10,000 households that found 41 % purchased less online because of security concerns. Another survey by the Cybersecurity Industry Alliance found that 32 % believe their financial information may soon get stolen.
"We can't allow trust to continue to erode," Thompson said. "We can't continue to lose the public's confidence and expect to continue the robust digital lifestyle that we've come to enjoy. Trust, ultimately, is the foundation of the online world."
To restore that confidence, businesses must offer end-to-end solutions to take risk out of digital world and create a trusted online community, he said. Businesses should look to database-protection technologies and backup and recovery tools. In addition, they should implement tools to authenticate legitimate Web sites. They also need to take the lead to protect privacy and personal information and support the idea of one comprehensive data-breach law that would require notification of consumers and tough enforcement.
Flanked by a collection of G-men in the rafters and adjacent to the stage, FBI Director Robert Mueller emphasized on Wednesday the importance of partnerships between government agencies, state and local law enforcement and the private sector to prosecute cybercrime.
"Information sharing is a two-way street. We recognize that in certain areas we lack the expertise that you possess," Mueller told the audience of information security professionals. No one person, agency or company can prevent crime on their own. "We can't investigate if we do not know the problem or are not made aware of the threat."
He said he knew that some businesses do not report security breaches for fear of negative publicity or losing a competitive advantage, potentially affecting their position in the marketplace.
"We certainly do not want you to feel victimized a second time by our investigation. We will work hard to minimize the disruption to your business. We will not release proprietary or confidential information on a pending investigation," he said.
"But maintaining a code of silence will not benefit you -- or your company -- in the long run," Mueller said.
The FBI head said that those in the private sector should make every effort to secure their own networks, and law enforcement in turn will thoroughly investigate and prosecute cyber criminals.
"Together we must work to stop these attacks," he said.
I'll Take One of Those
Bigwigs from Symantec,
held a session this week to talk about what companies are looking for in an acquisition.
There's been a robust market in M&A in the security industry, Rob Owens of Pacific Crest Securities pointed out, and Wall Street hasn't seen an IPO in the security market since Netscreen in 2001. He asked panelists why private security companies are getting bought rather than going public.
Parveen Jain, executive vice president of McAfee corporate strategy, said the security market is still in an early stage, and Wall Street is harder on companies going public since the bubble burst, especially those that may only have a single product. Also, "Most of the innovation is coming from the smaller start-ups," Jain said, and they are scooped up at an early stage by larger companies.
Sarbanes-Oxley regulations also make it more expensive to go public and bigger public companies also want to buy growth, Michael Cristinziano, in charge of M&A for Citrix, said.
Still, Neel Kashkari of Goldman Sachs said "the IPO markets are definitely open" for young security companies.