Computer security is getting worse as penny pinching firms put economics before the development of secure technology, according to Bruce Schneier, a renowned security specialist and the founder of Counterpane Internet Security.
"I think in general things are getting worse, not better," Schneier told delegates during a session at the RSA Conference in San José.
"There are lots of little victories. Spam is one of our industry's shining victories, but there are lots of areas where we aren't doing very well."
Software vendors lack any incentive to pay attention to security when they create their products, according to Schneier, and buyers are generally unable to determine the level of insecurity when they evaluate products.
This leads them to buy the cheapest product available on the market, which in turn forces developers that do emphasise security to lower their security levels in order to compete.
The security sector is using technology to solve the poor state of computer security. But technology is becoming less relevant now that networks have become an attractive target for criminals who have a strong incentive to exploit security vulnerability for financial gain, Schneier warned.
Security providers can create anti-spyware and security filtering software, but these applications are useless if consumers do not install them, he added.
"The fundamental driver in computer security, in all of the computer
industry, is economics. That requires a lot of re-education for us security
geeks," said Schneier.
The solution is to create economic incentives to improve computer security. " Make the entity in the best position to mitigate the risk responsible for the risk," he argued.
There are several ways to shift that responsibility, according to Schneier, but legislation and regulation are usually needed.
Requiring credit card providers to pay for fraud, for instance, has caused them to implement numerous security technologies and policies for merchants.
In the UK, meanwhile, Schneier pointed out that banks have done very little to tackle ATM fraud, because legislation makes consumers, not the institutions, responsible for fraud.
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance