At a roundtable discussion, security pros from Microsoft, Symantec, McAfee and other companies weighed the role of consumers, vendors and online businesses in securing the Internet.
During the past few years, the threat of data being bought, stolen
and traded on the Internet has oozed deeper into the consciousness of
many Web users. But unpatched computers, out-of-date applications and
poor Web surfing practices beg the question of whether users need to
take more responsibility for their online safety.
At a June 28 roundtable discussion organized by
the National Cyber Security Alliance, security experts
from Lockheed Martin, McAfee, Microsoft and other
companies discussed the balance between user and corporate accountability
in the digital world. Roland Cloutier, chief security officer at
business outsourcing solution provider ADP, said a lack of consumer
education has led to more unsecure machines
, and improving the situation will require a greater understanding by users of the role they need to play.
Many users have a value system online that stresses openness and
information sharing, opined Dave Marcus, security research and
communications manager for McAfee Avert Labs. However, those same users
are often not aware of the interconnectivity of Web 2.0 technologies
and websites, and just how much their data is shared, he said.
Compounding this, many users don't stay up-to-date with browsers,
applications and operating systems, noted Andrew Cushman, senior
director of Trustworthy Computing at Microsoft. Attackers are typically
lazy, he said, and there's enough "low hanging fruit" in the form of
unpatched or older systems that hackers don't need to target the more
According to May browser market share numbers from Net Applications
nearly 19 percent of Web surfers were using Internet Explorer 6 (IE 6),
and some 13 percent were using IE 7. About 27 percent are using
the most current version of the browser, IE 8, which brought with
it a host of protections users who have not upgraded are missing out
"There's only so much we can do as technologists and vendors," Marcus said.
Still, businesses need to do their part to keep users safe,
participants agreed. Rick Doten, chief scientist for the Center for
Cyber Security at Lockheed Martin, noted that in other countries,
consumers are more open to having businesses push security onto their
machines. In Asia, for example, banks push out protection against
keystroke loggers to customers. However, fears of "Big Brother" make
that unlikely in the United States, he said.
"In the states we are challenged with that," he said after the meeting.