Are We Losing the Fight Against Cybercrime?

  • Article

It is an interesting and difficult question. What can we do to really be able to stay on top? Or shall we give up? Well, clearly, I do not think so.

I read this article today, which really made me think: Black Hats are Winning, Symantec Says – wow! A fairly clear statement. We lost (at least according to Symantec). And the solution is – you guess – new technology:

"Technology that does not rely on capturing and analysing a threat in order to protect against it, like Symantec's Reputation-Based Security, is indeed becoming imperative. Other methods that are also playing a key role in combating today's most pervasive threats are heuristic, behavioural and intrusion prevention technologies."

So, I agree that new ways are need but really in enhancing today’s technology? Sure, we have to make sure we keep up with what is going on, but is it a technology problem, which can be solved by the next generation of any security product?

Remember that, a few years ago, we launched Trustworthy Computing in order to change the way we, Microsoft, internally think but we always said that this is an industry initiative. After a while, we realized that this was not enough and we came up with a model we call End to End Trust. The reason we did that was fairly simple: We did the SD3+C (Security by Design, Secure by Default, Secure in Deployment and Communication), we introduced the Security Development Lifecycle, and we worked on specific threat mitigation (actually, this is what Symantec seems to refer to). But unless the underlying architecture does fundamentally change, we (the industry) will not be able to change the rules and always run behind the criminals.

So, the ecosystem needs the trusted stack and a sound identity system which allows for strong identities and for minimal disclosure at the same time – without risking the freedom of speech.

All this is not new, the technologies are available. The problem is, that this is not a Microsoft challenge – it is an industry problem and the ecosystem has to buy in. We are doing a lot of groundwork there but as long as we are looking for medication to cure the symptoms and are not ready to look for the big bold changes, we will definitely lose. However, clearly we need to work on the medication in the meantime as well.

And then, let’s think about what this means for the Cloud… but this is something for another post…

Roger