May 08, 2007 Security crucial as intruders grow sophisticated
What technology gadgets do the experts love, or would love to have? CNN.com is asking experts in several fields about their favorite high-tech toys. This week, we asked security expert Heath Thompson.
(CNN) -- Heath Thompson is vice president, product development for IBM Internet Security Systems.
The 25-year computer industry veteran says security is going to be increasingly important since consumers are spending more of their lives online and intruders are growing more sophisticated.
Here, he shares with CNN.com some of the key weapons in the security cyberwars.
1) Biometrics: Biometric readers are the key to the future, literally. Not only do they reduce the number of passwords the average consumer has to remember, but they are truly a unique identifier and one of the strongest forms of security. Today fingerprint readers are built into laptops, but in the near future, I believe these readers will replace the traditional lock and key and be built into smart phones, handheld devices and door locks for the car and home.
Eventually, I also anticipate that people will be able to store biometric information over the Internet so they can identify themselves from any location.
For instance, rather than carrying keys for safety deposit boxes, mailboxes and office entry, people will be able to access any secure device at any time through identification over the Internet.
2) Filters: My children are coming into their preteens, and with the popularity of MySpace and YouTube (and the uncertainty of what my children will find) I've begun to think about stronger content filtering that would prevent children from viewing violence, hate, pornography, etc.
Unfortunately, content filtering available through the computer's operating system isn't sufficient. Children are relentless and have figured out how to bypass security settings. Parents need industrial-strength content filtering, and the most economical way to get this would be through their Internet service provider. This type of security would allow parents to control individual usage throughout the home.
3) Portable security: It's getting to the point where encrypted sites are not sufficient for financial and confidential transactions because Internet attackers have coaxed users to download Trojans unknowingly. The Trojans sit dormant on the computer and wait for the user to authenticate to the network. Once a secure connection is established, the Trojans awaken and capture consumers' identities that can be reused or sold.
Consumers need their banks or ISPs to provide dynamic, downloadable security clients to ensure the machines being used, be it at home or at an airport kiosk, are free of Trojans and other malicious software. Consumers need dynamic protection that follows them to provide security regardless of location.
4) Secure Internet connections: Today, the Internet is connected to everything -- game consoles, digital video recorders, printers -- even refrigerators are now Web-enabled. Oftentimes these devices have no security settings installed, much less enabled. And even more often people are unaware these devices present an on-ramp into their home network.
The No. 1 targeted source for attacks is the consumer. When it comes to gaining easy access to user account data, Internet attackers have learned the consumer is much more susceptible and accessible than corporations.
For years corporations have been deploying intrusion prevention technology to keep the bad guys off corporate networks. Considering 68 percent of corporations experience six losses of sensitive data every year due to human error, according to IT Policy Compliance Group, employees need consumer-grade intrusion prevention equivalent to what their corporations have to secure their home Internet connections.
Corporate IPS systems would be cost-prohibitive and excessive for consumers and small business owners; however, if consumers could buy secure Internet connectivity through their ISPs, they would be able to protect their Internet Protocol-enabled devices, from today's ever-evolving threats.