All the latest UK technology news, reviews and analysis


Bruce Schneier: Web attackers are trouncing defenders

05 Jun 2014

Bruce Schneier warns of web threats facing firmsCyber defenders are currently fighting a losing battle against hackers and government agencies, according to security expert Bruce Schneier.

Speaking in London on Thursday, the security guru said that with cyber criminals' attacks increasing in sophistication all the time, incidents like the Target credit card theft will only become more common.

“Security is a battle of attack versus defence and right now on the internet attack is much easier than defence,” he said at the Good Exchange event, attended by V3.

Schneier pointed to advanced persistent threats (APT) as an area where organisations are woefully ill-prepared to prevent attacks.

“We are not winning against APTs,” he warned. “We are terrible at defending against them.”

Schneier said those launching APTs are usually highly skilled and determined, adding that there is often little companies can do to stop them.

“An APT is a different sort of animal. In the security industry it’s often about relative security. If your security is better than those around you the criminal will target your rival that is less secure," he said.

“Against an APT, though, that’s not true so security has to be absolute. What matters is not if you are better than them [another company] but if you are better than the attacker.”

Further exacerbating the security threats facing companies are market trends that are taking more control away from IT teams as both data and devices are outsourced.

“It used to be that our data was in our computers and that was it. Now our email is in one hoster, our photos in another, our documents in another. Sometimes this is one company, like Google, or Apple or Microsoft, or maybe half a dozen, but it’s in third-party hands,” Schneier explained.

“Meanwhile we are losing control of devices. It used to be we bought computers that we controlled absolutely. Now the vendor maintains the control, it controls what software updates are available and what you can download.

“There is no iPhone software on my iPhone that Apple didn’t already approve.”

Schneier offered some advice to organisations on how to minimise the threats they face, saying they should focus on two areas: trust and resilience.

“You have to be able to figure out how to trust all of your hardware and software vendors. They cannot technically provide you with that, but you have to figure out who you know, who you trust; which governments, which corporations, which regulatory environment,” he said.

“In this world of attack versus defence you have to think about resilience. Resilience if there is a bug in the products you use, if the legal landscape changes, if you are attacked and need to recover.”

Schneier added that resilience in the providers you use was also crucial, citing the recent closure of TrueCrypt as a warning that security vendors can go under and leave their users exposed.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Dan Worth
About

Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal

View Dan's Google+ profile

More on Operating Systems
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
12%
6%
10%
3%
19%
3%
47%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Junior Software / App Developer - VC Backed Medical Tech Start-Up

Junior Software / App Developer - University Spin Off...

Web Developer - £30k - £37k, Manchester city centre, PHP, MVC, Python

PHP Web Developer - Manchester city centre, £30k - £37k...

IT Systems Administrator - Warrington, £40k - £45k basic, Concept

IT Systems Administrator - Birchwood, Warrington, £40k...
To send to more than one email address, simply separate each address with a comma.