|
|
Your feedback is important:
Please take our 1-minute survey here and provide us with your input on Axway Today.
Thank you!
|
|
back to top ^
|
|
|
|
Cybercrime: How Serious Is The Situation?
Dr. Taher Elgamal, the Chief Security Officer of Axway, is a leading expert in computer, network and information security. Recently awarded the RSA's Lifetime Achievement award, Dr. Elgamal is recognized as the inventor of SSL, having led the SSL efforts at Netscape and throughout the industry. He wrote the SSL patent and promoted SSL as the Internet security standard within standards committees and the industry. He also invented several industry and government standards in the data security and digital signatures area, including the DSS government standard for digital signatures. Recently, Axway Today caught up with Dr. Elgamal to speak with him about a pressing issue facing the global community today: Cybercrime.
Axway Today: Dr. Elgamal, in your view, how serious an issue is cybercrime today?
Taher Elgamal: No period in the history of modern connectivity, business productivity, and personal interactivity—not the adoption of dial-up in the late 1990s nor the follow-up acceptance of mobile phones and broadband in the early 2000s—has brought with it faster growth and transformation than the late 2000s. Mobile phones and broadband Internet connectivity give us the power to connect with family, negotiate with business partners, and exchange information with ease. But with the spread of this connectivity comes the empowerment of legions of unsavory characters who have seized upon the opportunity to spread malware for financial gain and for access to many precious things—things held in confidence, things held in high regard, things held in banks.
I submit that we—individuals, businesses, nations—must take far more aggressive action than we've been taking.
AT: How are we, as a society, addressing the flow of criminals into the hacker community?
TE: Malware (a combination of the words "malicious" and "software") today spreads faster than any other application using the new connectivity medium. The ongoing flow of criminals into the hacker community—a community that used to be content to simply launch worms in order to impress their fellow geeks—has brought about a transformation. What was once a mere annoyance is now truly insidious—a vicious group whose activities have the potential to cause more trouble than any other criminal activity in history. Yet, despite the unending examples of malice (e.g., set price levels on stolen account numbers and identities, published on the Web), society at large mostly ignores the hacker community, comforted by the fact that all their previous attacks have been largely ineffectual, that no houses or jobs were lost, that no power grids or water supplies or food shipments were interrupted, and that any lost productivity was reasonably recovered.
AT: How much should federal and local governments encourage and, perhaps, incentivize organizations to invest in protecting the IT infrastructure?
TE: There are some who would say that it's a matter of simple mathematics, that we simply must combat the increase in fraud and cybercrime with a proportional amount of encouragement and incentives. Fifteen years ago, security products and services accounted for just one percent of all IT expenditures. Today, despite that one percent figure's rise to somewhere between four and five percent, fraud and cybercrime have far outpaced this growth. In my opinion, however, talking about percentages is the wrong way to approach this issue, like a fire brigade bringing to a fire only as much water as they estimate they will need, and not as much water as possible. The right way to approach this issue is to act with extreme prejudice toward these criminals and embrace a new class of infrastructure products and services, vehicles that will foster our trust in the Internet and mobile communications as worthwhile mediums for conducting daily tasks. Critical to this approach is the realization that the existing infrastructure lacks the necessary controls for achieving a heightened level of trust, and that there is much to be done before a truly safe experience can be guaranteed. Many technologies and
While methods for protecting our children and enterprises and nations are more abundant than ever before, too few of these methods are actually being deployed.
|
tools exist that can provide these necessary controls, but any security gaps (e.g., a lack of strong identity verification and/or content protection technologies) in any part of the infrastructure affect the entire network, the same network that connects us to one another in so many ways. While methods for protecting our children and enterprises and nations are more abundant than ever before, too few of these methods are actually being deployed.
AT: Some would say this is paranoid, alarmist thinking.
TE: Absolutely not. Countless economists expressed outrage when the mortgage crisis descended upon us, the same experts who were dismissed as alarmists when they predicted that sheer economic calamity was about to happen. This recession is an example of what happens when we ignore qualified insights and fail to mitigate serious threats. Is it simply that we, in our modern culture of skepticism and cynicism, are incapable of facing clear and present danger that hasn't yet sent over its first real barrage? Are we that obtuse? We must do better. I urge all of us—individuals, businesses, governments—to re-evaluate the current cyber threats. We must determine the level of investment necessary to protect our infrastructure, its applications and all who access them. We must not repeat the mistakes of recent years and wait until another global catastrophe occurs before we act. We must act as a great generation and intervene with all deliberate speed.
| | Dr. Taher Elgamal is the Chief Security Officer of Axway. You may read more about Dr. Elgamal's achievements here.
| |
|
