The Anti-Virus Approach Is Not Enough!

US Senate Bill S.773

President Obama has, on multiple occasions, promised to take the government’s initiatives against cybercrime to the next level. With US Senate Bill S.773, the Obama administration has shown, at the very least, that it’s willing to put its money where its mouth is and push cybersecurity to the next level.

This bill would enable software vendors to communicate with one another in real time about vulnerabilities as they develop. Why is that useful? Because when vendors work together in real time, they can respond more effectively to threats and better contain the damage.

A government-initiated “kick in the pants” may be just what the doctor ordered. Ideally, though, private entities would join in the fun of cybercrime-stopping. After all, everyone has a dog in this race. If we allow cyberthreats to metastasize--by doing nothing to shore up the growing gaps in our network defense infrastructure--the consequences could be real and devastating.

But we’ve been facing threats from cybercriminals for over 15 years! Why the urgency now to step up our game?

Because more and more of us are becoming more and more dependent on computer connectivity. The environment is not like it was back in 2000. Or even in 2005. Think of all the “stuff” in our lives that lives and dies on its ability to stay “networked”:

• Our Blackberries and iPhones
• Our email accounts
• Our online bank accounts
• Our Facebook accounts
• Our home and office computers
• Our corporate software
• Our TVs

We could go on… and on… and on with this stuff. The point is, it’s insane how connected everyone is! And what makes the situation even more untenable is how blasted vulnerable most end users are to practically every stripe of cyber crime: phishing, Trojan horses, viruses, identity theft, you name it.

We are on a collision course with a cybercrime asteroid. Computer power is growing exponentially, per Moore’s Law. Simultaneously, we are tethering more and more aspects of our lives to the networked universe. And to top it all off, most “people on the street” (including most tech-savvy geeky types) know next to nothing about what goes on “under the hoods” of our computers and networks.

Our macro infrastructure is also a ticking time bomb. US Senate Bill S.773 and other similar pieces of legislation are definitely steps in the right direction. But we need an approach that goes beyond the piecemeal and the reactive. We need to inoculate ourselves, our data, and our identities against the poisons of the online world.

How do we do that? Don’t we already have Anti-Virus software to mind the store?

The Anti-Virus approach is not enough!

Anti-Virus software is only appropriate as a second line of defense in enterprise security solutions. But it can’t be the “be all and end all,” And it certainly can’t be the first line of defense. AV tech was developed two and a half decades ago, for God’s sake! Two and a half decades on the web is like two and a half centuries in “meat space.”

Protecting our networks with AV software is like equipping our minivans with technology to protect them from runaway horses-and-buggies. That latter tactic would make no sense, obviously. Why? Because we AGREE that car-safety must meet 21st century threats.

Why then do we AGREE to use 20th century technology to protect our networks against 21st century threats? It makes no sense!

Okay, maybe I’ve convinced you. So now you’re probably asking: how then should we more forward and bring cyber security into the new century? I’ll address that in my next post.