One of the delegates at the closed Executive Security Action Forum, held before the RSA conference this year, asked: “What will the internet look like – and will it even be there for our children?”
Look at the facts. In a 2005 survey, 52 per cent of US consumers were “extremely concerned” about banking online. In the US, it is now said that everyone knows at least one person who's been the victim of identity theft.
People are right to be alarmed. We are connecting new victims to the internet at an alarming rate. Joe Public goes to PC World, Staples or his local Wal-Mart or Tesco, buys his PC and takes it home – no training required. It's unlikely to be installed with the latest patches; if he's lucky, it has XP-SP2 installed so the firewall will be enabled by default. It will possibly be set to automatically update, but it's unlikely to come with anti-virus as well. Even if he has a level of IT knowledge to know he has to buy it and install it himself, average Joe's AV is likely to default to updating itself once a week.
A week later, he will have ordered the cheapest broadband deal he can find and is now merrily surfing the web.
As security professionals, we know the end of this story. Within the hour, his PC will probably be infected, part of some faceless criminal's bot-army. The spyware that also infects his system will be capturing his key strokes and, when he does venture to shop or bank online, it sends his credit card number, PIN and CVV to a faceless server as another entry into an ever-increasing database, waiting to be sold to the highest bidder. Some estimates place the number of infections as high as 50 per cent of all newly internet-connected PCs.
As security professionals, it is up to us to start taking more responsibility for this state of affairs. If a hospital was losing 50 per cent of all its patients, it would be the professional duty of its doctors to speak out. Yet as security “professionals” we seem content to sit around and accept the status quo.
“With great power, comes great responsibility,” said Uncle Ben to Peter Parker in Spider-Man. It's as true for us as it was for Spidey, and the recently launched Institute of Information Security Professionals is an excellent initiative to put this industry on a professional footing.
As security “profess-ionals”, perhaps we should be standing up and shouting about the fundamental flaws in the internet that make it such an easy place for criminals and people intent on doing evil at everyone else's expense.
We should also be proactive in driving whatever changes are necessary to ensure that the internet evolves to a point where Joe Public with his new PC can safely use his new DSL connection. If we start now, then the internet will hopefully still exist for my children and their children.