A panel of security experts provided a bleak view of the internet, noting it as a battleground where criminals are launching sophisticated attacks that are hard to thwart.
The panel, held Wednesday night in San Jose, included representatives from the Department of Homeland Security, Microsoft, and Cisco Systems. The event was sponsored by the Churchill Club, a nonprofit Silicon Valley business and technology forum.
In the past 18 to 24 months, internet threats have shifted from script kiddies to the criminal world, said Marcus Sachs, deputy director of the DHS Cyber Security Research and Development Center and the computer science lab at SRI International. Criminals have recruited technically savvy individuals to commit fraud and other attacks, he said.
Today's security tools "are not built to defeat those types of attacks," he said.
Scott Charney, Microsoft's vice president of Trustworthy Computing, said the internet is rife with spyware, botnets and other threats.
"The internet is a phenomenal medium for committing crime," because it allows attackers to remain anonymous, he said.
In the past few months, researchers have spotted some alarming new attacks, Sachs said. Malware writers are compromising home systems and turning them into virtual DNS (Domain Name System) servers, which are at attackers' "beck and call," he said.
Also, Sachs said malware writers have created software that can figure out if it has infected a real system or a virtual system used by security researchers and adjust its behavior accordingly.
Joe Boerio, CTO, Franklin Templeton Investments, said outsourcing creates more risks - attacks could come from insiders as well as outsiders - making the job of securing a business more complex and difficult.
"Staying that step ahead [of the attackers] is getting harder and harder," he said.
The panelists generally agreed that a multi-faceted approach involving the government, industry and end user awareness is needed to deal with today's cyberthreats.
Charney noted that enterprises have CIOs to help keep them more secure, but that the general public does not have a CIO. Some service providers are starting to provide that function by quarantining infected machines, he said.
While cybersecurity is a shared responsibility, the public's burden should be reduced, he said.