Panda evangelist Sean-Paul Correll looks at the highlights of the Panda-hosted Security Blogger Summit
Last week, Panda Security hosted the first Security Blogger Summit at the Círculo de Bellas Artes in Madrid. Over 200 people involved in IT security attended this inaugural event that included 11 security thought leaders debating in an engaging roundtable from the United States and Spain.
It was inspiring and energizing to hear the world’s foremost security experts put their minds together to tackle the tough issues that we face in IT security today.
Some of the attendees already posted their reactions to the event – Andy Willingham particularly enjoyed the lively debate about Security Awareness Training. Steve Ragan gave a great synopsis of the event overall, stressing how he believes events like these are extremely important to facilitate an ongoing dialogue. Steve suggested in his post that Panda include consumers as well as security experts in the next roundtable to hear what consumers’ perspective is – good idea, Steve!
We recorded the event and will post video highlights soon. In the meantime, here is a brief recap:
Education and Proactive Protection
The session started with a 15 minute talk from Bruce Schneier. He emphasized the major advance that the Internet represents, calling it “one of the most important revolutions after Rock and Roll” and highlighting the economic factors that underlie security problems: “We could have better technology, but we are not prepared to pay for it. The market rewards the cool and the fast, but not the good.”
He also raised the issue of passing the responsibility of security onto our governments, stressing how users and companies must play an active role in protecting themselves. Byron Acohido countered with, “90% of the problem is not down to the user. If a system with errors is launched on the market, this is not a problem of the user.”
Francisco Lago jumped in stating, “The main problem is user behavior. Awareness campaigns about best practices were the most effective vehicle for avoiding security risks.” Andy Willingham and Steve Ragan, coincided in the need for experts to lead this education, but with simple, comprehensible language. “There are blogs and security media, but users do not understand them; and as long as they don’t, we will continue to see the same errors time and time again,” emphasized Ragan.
Current situation and responses to cyber-crime
All speakers agreed that one of the main trends of the last few years has been the professionalization of cyber-criminals. Cesar Lorenzana explained, “It’s not that there is more malware, it’s that malware is now profitable for criminals. It’s a way of earning a living.” Francisco Lago stressed the false sense of security among users, “80% of users believe that their computers are protected, yet three quarters of them are infected.”
Antonio Ortiz, illustrated the lengths that cyber-crooks go to in order to keep a low profile and avoid public institutions from pursuing them: “Owners of botnets do not offer services for DoS attacks on major websites or government pages because then politicians would focus on the problem. They don’t want that kind of attention.”
- Bruce Schneier, one of the most influential security theorists in the world
- Byron Acohido, technology journalist for USA Today and author of “Zero Day Threat”
- Steve Ragan, security editor for The Tech Herald
- Andy Willingham, author, blogger, and IT professional with expertise in financial services
- Ero Carrera, Chief Research Officer of Collaborative Security, VirusTota – Hispasec
- Antonio Ortiz, co-founder of Weblogs SL and editor of ERROR500
- Javier Villacañas, editor, network chief COP and founder of “A Todo Chip” blog
Check out or photos of the event on Flickr here:
UPDATE: Video content from the summit
Cybercrime and Security 1
Cybercrime and Security 2
Bruce Schneier’s introduction