I often tell people that the state of information security is far worse than they think. Yes, I realize that the security industry loves this type of messaging because fear sells product, but I truly believe that things are really bad.
This morning I met with security company Trend Micro to discuss security trends and upcoming products. The data that Trend presented was even frightening to a security pessimist like me. Case in point:
Newly created Web threats grew 1,564 percent from Q1 2005 through the end of 2007. That's nearly 200 percent growth every quarter. This is due to the large number of variants written off of a base of the original threat.
In 2005, Trend examined less than 1 million malicious code patterns. In 2007, there were nearly 5.5 million malicious code patterns. In the first four months of 2008, Trend has already seen more than 2 million.
These numbers point to the fact that the bad guys are winning. Even the most sophisticated security departments at enterprise organizations are no match for this onslaught. We really need to re-think our security model by adding "up the stack" layers of defense (i.e. more application protection), building in end-to-end trust, and working with expert security service providers like Trend Micro and others.
Note to chief information security officers: The worst thing you can do is go it alone.