Computer security is getting worse as penny pinching firms put economics before the development of secure technology, according to Bruce Schneier, a renowned security specialist and the founder of Counterpane Internet Security.
"I think in general things are getting worse, not better," Schneier told delegates during a session at the RSA Conference in San José.
"There are lots of little victories. Spam is one of our industry's shining victories, but there are lots of areas where we aren't doing very well."
Software vendors lack any incentive to pay attention to security when they create their products, according to Schneier, and buyers are generally unable to determine the level of insecurity when they evaluate products.
This leads them to buy the cheapest product available on the market, which in turn forces developers that do emphasise security to lower their security levels in order to compete.
The security sector is using technology to solve the poor state of computer security. But technology is becoming less relevant now that networks have become an attractive target for criminals who have a strong incentive to exploit security vulnerability for financial gain, Schneier warned.
Security providers can create anti-spyware and security filtering software, but these applications are useless if consumers do not install them, he added.
"The fundamental driver in computer security, in all of the computer
industry, is economics. That requires a lot of re-education for us security
geeks," said Schneier.
The solution is to create economic incentives to improve computer security. " Make the entity in the best position to mitigate the risk responsible for the risk," he argued.
There are several ways to shift that responsibility, according to Schneier, but legislation and regulation are usually needed.
Requiring credit card providers to pay for fraud, for instance, has caused them to implement numerous security technologies and policies for merchants.
In the UK, meanwhile, Schneier pointed out that banks have done very little to tackle ATM fraud, because legislation makes consumers, not the institutions, responsible for fraud.
IBM and Technical University of Munich team demonstrate how Shor's algorithm, which can't be cracked by conventional computers, can be solved quickly with quantum computing
Hubble Space Telescope finds superflares from young red dwarfs could strip away planetary atmosphere
Younger stars are 100 to 1,000 times more energetic than when they're older
Two of the big four supermarkets will use the system to control sales of restricted products
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23