Shortly after the release of an Auditor-General report criticizing the Canadian government for a lack of security, the chief executive officer of Symantec Corp., John Thompson warned that the threat is getting worse.
“”The average span of time between the discovery of a vulnerability has collapsed
from six months to six days,”” Thompson said during a recent speech to the Empire Club in Toronto.
“”And day-zero attacks are just around the corner,”” Thompson said. “”In other words, we’ll soon see a vulnerability and an exploit appear on the same day, almost simultaneously.””
Two days before his speech, federal Auditor-General Sheila Fraser and her team criticized the Treasury Board Secretariat for failing to complete standards related to intrusion detection and incident response, as well as a lack of consistency in applying standards and adhering to security policies among many government departments.
Thompson admitted that one of the lessons Symantec had to learn itself was that: “”(At one time), our view of security was far too narrow.””
Then came the Slammer attack two years ago, which infected 90 per cent of unprotected servers in just 10 minutes, affecting flight schedules and bank machine networks.
“”Our own research at Symantec shows that it costs 10 times as much to recover from a single incident or disruption, as it does to establish a program in the first place.””
Thompson said new technologies built into security appliances will allow Symantec to deliver prevention capabilities ahead of an attack.
Asked after his speech how Symantec planned to respond to the shortened time between vulnerability and attack, Thompson said while you can only do so much to prevent, and mitigate the risks of an attack, there is technology being developed which he referred to as “”automatic activation.””
Thompson stressed that while an early warning system provides a valuable head start, you have to be able to act on external intelligence immediately.