Internet more dangerous than ever

The internet is more dangerous than it was last year, according to Art Coviello, chief executive of RSA Security.

In his opening keynote at the RSA Security Conference in Amsterdam, Coviello (pictured) warned that the proliferation of web-enabled applications and devices and a lack of fault fixing have made the environment more dangerous.

Business will have to improve its performance if the industry is to avoid government regulation, he cautioned.

"Despite great efforts in the last year we as an industry have not made sufficient progress," said Coviello.

"Things are definitely worse, although for a good reason. The range of applications and devices that can access the internet has made us more productive but also more vulnerable."

The Federal Communications Commission (FCC) has estimated that online crime will cost $45bn in the US this year and that 25 million identities have been stolen. The commission has also warned that the internet is making it easier for criminals to exploit stolen identities.

But fears of cyber-terrorism have been dramatically overstated, maintained Coviello. Terrorists are not interested in cracking systems but instead on attacking people and physical targets. Spam poses a bigger threat to the productivity of the internet, he said.

Hackers are also getting smarter and more adept. The average time from a flaw being found to exploit code being available has fallen from 500 days in 2000 to 40 days now. Meanwhile, vendors are faced with a huge installed base of hardware and software that is riddled with flaws.

Coviello highlighted small and medium-sized enterprises as being particularly at risk, since they cannot afford the in-house security teams available to large companies. Hackers are growing increasingly aware of this and have started targeting such businesses, he added.

But while Coviello was upbeat about the progress made by governments in dealing with computer crime, especially the harmonisation of hacking laws and sentencing, he called for them to stay out of other areas of regulation.

"I'm concerned that governments get overzealous in trying to regulate how security works," he said.

"They don't know enough about the topic to regulate it, [they] move much more slowly than the security industry, and legislation can't acknowledge that different companies have different security profiles."