To stop them, the security industry must recognize that it has strength in numbers.
“Cybercriminals are not bound by any law, service level agreement or governance and compliance requirements,” said Art Coviello, executive vice president of EMC and president of the company's security division, RSA.
Coviello opened what he termed as the largest gathering of security professionals in the world with an overview of the threats the security community currently faces, and outlined a process that he believed necessary to not only thwart cybercriminals, but streamline technology processes as well.
“Our adversaries are organized, purposeful and effective,” he told the large crowd. “They can update bots and AV signatures as fast as they're rolled out. Their supply chain is effective. This is what we're up against.”
The first initiative he proposed was that the vendor community must take the lead to build a security ecosystem.
“We need to be far faster and flexible than cybercriminals,” he said. “And to achieve this, we need a common development process to support risk management.”
He also spoke of how technology can fuel economic recovery by being cost-effective in this process.
“Security today is viewed as too costly and not effective enough,” he said.
Coviello then addressed how emerging technology is taking center stage; for example, cloud computing is being adopted quickly.
The vendor community, he said, must remember the goal is information risk management, which he broke down into four components: policy management, policy decision, policy enforcement and policy audit.
Fraudsters poke at the infrastructure until they find a hole, he explained.
“The real breakthrough comes when we decouple individual components so core, shared functions can be applied broadly, and systems can adapt to circumstances," he said. "It's the very essence of an ecosystem."
Integrating efforts will provide flexibility and strength, he said, adding: “It will allow us to reduce costs and beat criminals.”
But this initiative cannot be done by a single suite from an individual vendor. He called for what he termed inventive collaboration: interweaving expertise of one organization with another.
“We must collaborate on standards," Coviello said. "We need to share technologies, making them more accessible. Enhanced technology integration will create a common language of policy and risk”
He then outlined how virtualization offers a new place to embed security technologies.
“We are on the verge of a shared development process fostered by collaboration that will change the basis of competition,” he said. “Vendors must take the lead, but practitioners must demand this of us. We can fight cybercriminals and reignite innovation.”
He summed up his presentation with an African proverb: If you want to go fast, go alone; if you want to go far, go together.