Educating the everyday person on security and ensuring that there is the right people to fix the problems are the most pressing challenges for security.
Speaking at the Queens University Belfast Centre for Secure Information Technologies (CSIT) conference, Douglas Maughan from the US Department of Homeland Security admitted that there are lots of threats, but there was too little mention of the people factor as a form of defence.
Maughan pointed to a 2009 White House advisory that mentioned technologies as a defence but not people. “The biggest threat is the user as the weakest link in cyber space,” he said. Relating to the size of his department and the number of threats it receives, Maughan said that the biggest problem today is “economics”, and how you get a small business or home user to buy new security technology when they do not understand why they need it.
“How can we improve software devices and deliver a quality solution? The biggest challenge is software and we all know there are problems there,” he said. Maughan pointed to the number of vulnerabilities in mobile devices and again said that there is not enough people to solve the problems and said that this was not confined to the USA or the UK, but was a global challenge.
“I have met with eight different countries and everyone has the same problem; it is global and there is discussion on how to fix it. We need more private sector organisations partnering with academia, and Government needs to be at the table,” he said.
“We need to focus on educating the user and the next generation of professionals as everyone gets to learn and the bad guys also learn, but they have no rules and can move faster than we can.”