All the latest UK technology news, reviews and analysis

Bruce Schneier: Web attackers are trouncing defenders

05 Jun 2014

Bruce Schneier warns of web threats facing firmsCyber defenders are currently fighting a losing battle against hackers and government agencies, according to security expert Bruce Schneier.

Speaking in London on Thursday, the security guru said that with cyber criminals' attacks increasing in sophistication all the time, incidents like the Target credit card theft will only become more common.

“Security is a battle of attack versus defence and right now on the internet attack is much easier than defence,” he said at the Good Exchange event, attended by V3.

Schneier pointed to advanced persistent threats (APT) as an area where organisations are woefully ill-prepared to prevent attacks.

“We are not winning against APTs,” he warned. “We are terrible at defending against them.”

Schneier said those launching APTs are usually highly skilled and determined, adding that there is often little companies can do to stop them.

“An APT is a different sort of animal. In the security industry it’s often about relative security. If your security is better than those around you the criminal will target your rival that is less secure," he said.

“Against an APT, though, that’s not true so security has to be absolute. What matters is not if you are better than them [another company] but if you are better than the attacker.”

Further exacerbating the security threats facing companies are market trends that are taking more control away from IT teams as both data and devices are outsourced.

“It used to be that our data was in our computers and that was it. Now our email is in one hoster, our photos in another, our documents in another. Sometimes this is one company, like Google, or Apple or Microsoft, or maybe half a dozen, but it’s in third-party hands,” Schneier explained.

“Meanwhile we are losing control of devices. It used to be we bought computers that we controlled absolutely. Now the vendor maintains the control, it controls what software updates are available and what you can download.

“There is no iPhone software on my iPhone that Apple didn’t already approve.”

Schneier offered some advice to organisations on how to minimise the threats they face, saying they should focus on two areas: trust and resilience.

“You have to be able to figure out how to trust all of your hardware and software vendors. They cannot technically provide you with that, but you have to figure out who you know, who you trust; which governments, which corporations, which regulatory environment,” he said.

“In this world of attack versus defence you have to think about resilience. Resilience if there is a bug in the products you use, if the legal landscape changes, if you are attacked and need to recover.”

Schneier added that resilience in the providers you use was also crucial, citing the recent closure of TrueCrypt as a warning that security vendors can go under and leave their users exposed.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Dan Worth

Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal

View Dan's Google+ profile

More on Operating Systems
What do you think?
blog comments powered by Disqus
Related jobs

Devices at work poll

Which device do you use most for work?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Client Account Director - Global Marketing Insights / Analytics Leader

Client Account Director - Global Marketing Insights...

Client Account Manager – Digital, CRM, Analytics Background

Client Account Manager – Digital, CRM, Analytics Background...

Desktop IT Support Engineer - IT Support Consultancy

Desktop IT Support Engineer - IT Support Consultancy...

Senior Project Manager - IT Infrastructure

Our highly successful client urgently requires Senior...
To send to more than one email address, simply separate each address with a comma.