Intel Security's Chris Young tells cyber sector to go on offensive

The president of Intel Security has admonished the cyber security industry for being "too reactive" and focusing on the symptoms of attacks rather than the underlying causes.

Chris Young said that the sector had become "bogged down" in data while cyber attackers get better funded, more innovative and improve their skills.

"We are swimming in symptoms but we don't really understand the problem in many cases. To use a human analogy, I'm sneezing, I can't breathe easily, I have a runny nose: do I have a cold, flu or allergies?" he said.

"In security we're chasing the symptoms like malware and vulnerabilities when we'd be smarter if we knew the contacts of attacks, who the attackers are and why do I care about them."

Mr Young told the Financial Times at the RSA cyber security conference that President Barack Obama's new information sharing proposals, announced in the State of the Union speech, risk creating a flood of new data on attacks that few companies are skilled at processing. The US House of Representatives could vote on the bill this week.

"It is important to share threat intelligence," he said. But "if we're going to share, we should do it with a purpose, not just because it is the right thing to do."

Mr Young said security companies should automate far more of their basic work responding to alerts - up to 98 per cent, which would allow them to concentrate on the biggest threats.

"Companies should be going out and hunting down threats inside your environment," he said. "Offensive doesn't have to mean 'hacking back', it doesn't have to be that aggressive."

<

The tabular content relating to this article is not available to view. Apologies in advance for the inconvenience caused.

Mr Young added that law enforcement needs to dramatically increase its investment in fighting cyber crime until it is on a par with the resources it devotes to other crime.

"Cyber space is becoming essential to every dimension of our lives so it should have the same level of resources as physical security," he said. "We're nowhere near that - we're not even on the path towards the minimum yet."

Speaking at the conference where Jeh Johnson, the US secretary of homeland security declared on Monday the government could not fight cyber criminals alone, Mr Young stressed that Washington needed to share responsibility with the private sector.

"In our physical lives in most cases we basically expect government to do most of the defending and enforcing of the legal system. In cyber security, most of the burden is on the private sector and citizens against attackers," he said. "I'm not saying we're going to shift it back to the same as in the physical world, we just need to move a little bit."

© The Financial Times Limited 2015. All rights reserved.
FT and Financial Times are trademarks of the Financial Times Ltd.
Not to be redistributed, copied or modified in any way.
Euro2day.gr is solely responsible for providing this translation and the Financial Times Limited does not accept any liability for the accuracy or quality of the translation