MISCELLANEOUS

The future of IT Security

The good, the bad and the ugly

 

In my previous post I scrutinized the factors that stirred up the development of the WWW as we know it today and that led to a boom in cybercrime. In this post I will outline what is the stake for users, security vendors and governments.

The end-user’s need for protection has increased and steered from a static and machine-centered approach towards a network-driven and on-line oriented philosophy. Security vendors have acted accordingly by re-designing and engineering the old and, to some extent, simplistic antivirus solutions into more comprehensive defensive suites with highly customizable modules which fit everybody’s needs for protection (firewalls, content filters, phishing and spam shields, privacy and sensitive data protection, parental and application control, network management, e-mail and instant messaging encryption, etc.). Probably the most spectacular development is to be found in the so-called “in-the-cloud” solutions, which are somehow the direct result or offspring (if we may call it so) of exactly the same principles and architecture behind the WWW.

In their turn, governments across the world have understood that IT&C security is no longer an individual or private issue. The recent Digital Agenda released by the European Commission emphasizes that digital security aims at maximizing the potential of technologies so as to fuel job creation, sustainability and social inclusion. The document clearly states that “users must be safe and secure when they connect online” and that “just like in the physical world, cybercrime cannot be tolerated”, although it admits that “IT networks and end users’ terminals remain vulnerable to a wide range of evolving threats”. One direction in which these threats evolve is that of politically motivated acts, as shown by the recent cases of Estonia, Lithuania and Georgia.

In the years to come, the EU envisages the creation of a strategy on identity management, notably for secure and effective e-Government services, of a consolidated Network and Information Security Policy, including legislative initiatives such as a modernized European Network and Information Security Agency (ENISA), and the setting up of measures allowing for a faster response in the event of cyber attacks. This includes establishing a Computer Emergency Response Team (CERT) for the EU institutions, related rules on jurisdiction in cyberspace at European and international levels by 2013, as well as a European cybercrime platform by 2012 and a European cybercrime centre. In other words, this is a quest for transnational (and, to some extent global) means and instruments to regain an equilibrium as, in my opinion, the balance has been more on the cybercrime side so far.

In an age where the mass production and accessibility of computers have turned these devices into regular household commodities, and where smart phones, netbooks and other gadgets link billions of people every day via Wi-Fi or 3G for simple e-mail exchange, e-commerce or for e-banking transactions, sensitive data and money are transferred back and forth in the e-trading of real and virtual assets and services on the declining markets and tormented stock exchanges of the current economic turmoil. In my opinion, it is most likely that the future will continue to be a race against the clock between two major competitors. On the one side, the cybercriminals – looking to maximize their profits. On the other side, three categories of cybercrime antagonists: the security vendors – developing technologies and concentrating on innovative countermeasures, the end-users – demanding more robust platforms, increasing their level of awareness and security proficiency, and governments – searching to create more agile frameworks and a reliable infrastructure to fight and prevent cybercrime.

Safe surfing everybody!

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of their respective owners.

About the author

Răzvan LIVINTZ

With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on www.hotforsecurity.com.

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples http://martzipan.blogspot.com), messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.