Security concerns are growing in scope and scale, and it might be time for the federal government to step in, Symantec CEO John W. Thompson said Tuesday, citing figures from his company's annual threat report. Thompson also suggested that white-listing would grow as a practice, and recommended corporations look into digital rights management for documents.
High Performance, Low Cost Solutions for eCommerce
Surviving and thriving in today's competitive online retailing world is not getting easier. This white paper provides insight on technology that scales eCommerce applications to support more advanced end-user functionality and a rapidly growing user base.
The federal government should step in and pass laws to ensure computer security 
, John W. Thompson, the CEO of Symantec (Nasdaq: SYMC) 
told a security conference Tuesday.
In the last six months of 2007, nearly 50 million people worldwide were the victims of identity theft, and 70 percent of the most common malicious code used in attacks on computers targeted confidential files.
Loss or theft of laptops or storage devices account for 57 percent of data loss worldwide; 65 percent of new software created today is malicious code; and there is a black market in selling stolen files and data that is sophisticated enough to include money transfer capabilities.
This information from the Symantec Threat Report was disclosed by Stephen Trilling, the company's vice president for security technology and response, at the RSA Security (Nasdaq: RSAS) Conference in San Francisco.
The data came from "more than 120 million computers worldwide" that have installed Symantec's software, Trilling said.
That led Thompson to call for a nationwide law targeting hackers in his keynote speech, "Information Centric Security: The Next Wave." "It's impractical to have 40 different states, each with its own laws; we need a federal law with very high standards today," Thompson said, adding that security issues have become a global problem.
If the growth of malicious software continues to outpace the growth of "good" software, white-listing -- the implementation of a policy stating which applications are allowed -- "will become very important;" identity management "will become important to cover everybody in the world;" and digital rights management "not just of music but of business documents" will become crucial, Thompson warned.
Enterprises will have to change their approach to security: "We will need to take an info-centric view to security using a risk-based approach," Thompson said. This means that businesses must decide what information is critical to their survival and archive only that.
This hard approach is critical because "data grows by 50 percent a year, so only the most important information can be protected," Thompson added.
Enterprises must answer three questions to figure out what information is crucial to their business: What sensitive information do they really have; where is it being stored; and how is that information being used, he said.
"Once you have answered these questions, you can set policies to guide strategies on how your organization stores and uses information," Thompson said.
The increasing importance of business to businesses requires that business leaders -- "not just the CIO, but also the CEO and CFO" -- become involved in setting security policies. Security and data "must work hand in hand for combined risk management," Thompson declared. "You can't secure what you don't manage."
Next Article in Malware: New Finjan Appliance Sniffs Web Traffic for Crimeware
Print Version
E-Mail Article
Digg It
Reprints
More by Richard Adhikari
Related Stories
Related News Alerts
Related Resources
More Stories by Richard Adhikari
Letters: 
Talkback: