Protecting home computer networks against security threats is as problematic as managing a small business, according to former White House cybersecurity advisor Howard Schmidt.
Speaking today at a forum organized by managed security services firm Clara.net on "zero-downtime/always on" internet services, Schmidt, now the president and chief executive of R&H Security Consulting, said defending home networks against information security threats – including hacking, identity theft, viruses and phishing – is a major challenge for the security industry.
"Large enterprises have been doing a good job in preventing security breaches. They are providing free security services, rewiring and reengineering their services themselves, and blocking phishing, spam and trojans. But small businesses normally don't have full time IT staff. They don't normally have someone who thinks about security. Office managers usually do it themselves and are stretched," he said. "We now have a situation where home networks are like small enterprises to manage. Clearly the challenge associated with that becomes difficult."
Schmidt said that with the increasingly widespread use of wireless internet and high-speed broadband, along with the growing number of people who own a computer and personal digital assistant, there will be more endpoints to protect.
"In the future, the big issue we are going to be dealing with, particularly with the home networks and SMEs, is that there are more endpoints to defend. Now everything is done at the endpoint," he said. "The motivation of hackers is changing too. They are no longer viewed as ‘clever hobbyists' but real criminals doing this for financial gain."
The former CSO of eBay added that cybercriminals are moving away from network-based attacks towards targeting applications directly.
"Hackers are now shifting and focusing on applications. Not only network applications, but also word processing and spreadsheet applications and the shopping cart – things that users spend a lot of time on," he said. "They are changing tactics because we don't pay a lot of attention to the successful security development of these things."