Sectors
Companies
About
Subscribe

Complexity the enemy of security

Ilva Pieterse and Candice Jones
Johannesburg, 23 May 2007

expert Bruce Schneier, CTO of BT Counterpane Security, identified the top 10 security trends during his keynote address this morning at the ITWeb Security Summit, held in Midrand, Johannesburg.

1. Economic value of information - "Our daily lives and businesses run on an information backbone, and it is becoming ever cheaper to save information, even if it's of marginal importance."

2. as critical infrastructure - "Without the Internet, everything stops."

3. Third parties controlling information - "As broadband becomes more ubiquitous, we rely on our information being on someone else's server. Our security is not in our control and this trend is increasing - more and more of our stuff is elsewhere."

4. Criminals thriving on the Internet - "Hackers have turned from hobbyists into criminals - most of the hacking activity today is criminal."

5. Complexity - "Complexity is the enemy of security. As computer systems get more complex, they become less secure. We like complexity - wireless, peer-to-peer, e-mail on cellphones - but all these things introduce vulnerability. So we are losing ground even as we are gaining."

6. Slower patching and faster exploits - "[The IT industry] is on a patch treadmill. A patch has to be extraordinarily well tested or fast - you can't do both, you must choose. We are seeing more and more zero-day exploits."

7. More sophisticated worms -"Worms are designed for stealth, they make no noise. We are seeing polymorphic worms, metamorphic worms, blended threats, worms with vulnerability assessment systems, targeted at specific companies. This is an effect of the criminal taking over the hobbyist."

8. The untrustworthiness of the endpoint - "Encryption and VPN doesn't matter when the bad guy is already looking at your screen. Security used to be focused on the threat model of a guy sitting in the middle that's eavesdropping. But it doesn't matter if you encrypt it or use a VPN, the bad guys watch your screen and your keyboard."

9. End-user as the attacker - "More often now the sender or the receiver is the enemy."

10. Regulatory pressure - "Regulation seems to be the only thing that sells security."

The 10 trends are getting worse, not better, overall, said Schneier. "Things are getting more complex and non-tech aspects of security are becoming more important."

The future becomes more cloudy and hard to predict, and economics, more than computer science, drives security, he concluded.

Related Story:
 Economics drive security

Share