Security will get worse before it gets better

The damage caused by threats and the number of Net-dependent critical systems are on the rise. Yet we still haven't created a safer Internet

One day we will get the safer Internet we deserve. The question is: How much more damage needs to occur before we that happens? Longtime readers of this blog will recall that I've even written a manifesto on this topic, entitled "Fixing the Internet: A Security Solution."

Critics of my solution, which recommends establishing a global Internet security infrastructure service, tend to decry what they see as an unreasonable decrease in anonymity and privacy. They point out that a reasonable solution is that things stay just as they are. After all, the real world has learned to live with a certain amount of crime as a cost of doing business. Why not the Internet?

[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Central newsletter. ]

The laissez-faire solution might seem like the right one by default, considering the continued lack of serious effort toward better Internet security. We've been living for at least a decade with things as bad as they are -- identity theft, APTs, Trojans, and so on aren't exactly new.

The problem with living with the status quo is twofold: The harm caused by cyber crime keeps intensifying, and the critical systems that depend on the Internet keep jumping in number.

Increasing damage
Internet crime isn't leveling out. It's getting worse. I don't mean sheer numbers -- I mean damage. A decade ago, we had hundreds of millions more email worms and buffer-overflow Trojans (Iloveyou worm, Melissa virus, and SQL Slammer), but the cost in productivity and money was far less. Years ago, malware just played tricks. Now, almost every malware program steals money one way or another.

Today, nearly every significant company in the United States has been compromised by foreign adversaries that have stolen nearly all the important intellectual property. The bad guys have pwnd their victim's networks so badly that most companies will never be able to get rid of them. We are just now finding out what happens when your adversary knows all your secrets. It's like a classmate who cheats every time and never takes a test without looking over the best pupil's shoulder to steal the answers.

The companies we trust and rely upon the most -- including Apple, Facebook, Microsoft, and Twitter -- have all recently reported they were compromised by malware. I'm not sure of the extent of the damage in any of those cases, but they show that, unsurprisingly, no one is perfectly protected.

1 2 Page 1
Page 1 of 2
7 hot cybersecurity trends (and 2 going cold)