The practice of surfing the Web from your work terminal may come to an end, according to cyber security expert Howard A. Schmidt.
Schmidt, the former head of online security for Microsoft and eBay, explained that many companies are mistakenly confident about the security of their computer networks and the proprietary information they hold.
“Firewalls and anti-virus packages are great first steps, but we’re finding tremendous vulnerabilities in software and firmware,” he said in a keynote speech on Jan. 7 at the International Conference on Cyber Security at Fordham. “Instead of enjoying the benefit of a new piece of software, we have to install it and then watch it.”
While major applications are updated when vulnerabilities are found, Schmidt noted that each computer contains many smaller programs that function in the background, most of which are never updated. These smaller application, he said, can provide ripe opportunities for cyber thieves who know how to exploit them.
In addition, he said that the advent of mobile devices presents a new front in the war against cyber criminals that has not been adequately addressed. He pointed out that there are roughly 2.5 billion text messages sent each day in the United States.
We’re doing a better job in securing PCs, but not doing a good job at all in securing mobile devices,” he said.
To stem the tide of hackers and other cyber criminals who want to commit economic espionage, Schmidt suggested that industries foster closer relationships with the federal government.
“Workplaces are designed to be open environments, and the general consensus is that when the government gets involved it will make things more difficult,” he said. “But that’s not the case.”
Schmidt said that the government can help protect the assets of corporations by crafting cyber crime laws and working with other nations to standardize those laws around the globe, as well as using law enforcement officers to track cyber criminals across national borders.
But shutting down the criminals’ operations will only solve part of the problem, he said, because new ones soon take the place of those that have been eliminated, which is why corporations also must take more responsibility for their own online security. This may lead to the restriction or outright end of personal Web surfing at work. The practice has been tolerated, if not outright encouraged, by companies thus far.
“We’re starting to see the security implications of allowing someone unfettered access to the Web from within the network,” he said, “and we’re beginning to hear complaints, like, ‘You took away my outlet for watching baseball games while I work.’ But like government systems, it’s difficult to allow that access and still maintain the level of security that’s necessary.”
Schmidt, the current president of the Information Security Forum, was chairman of cyberspace security for the White House and chief security strategist in the Department of Homeland Security.