Are there other risky areas outside Web 2.0 that people should be leery of?
We are seeing the same level of threats with financial applications, put at risk with financial spam and financial phishing attacks. Overseas the market for very targeted, highly undetectable boutique financial malware to divert funds from accounts or to steal identities is exploding due to the penetration of online banking. We can look to those markets as a clear crystal ball for what we have in store here in the U.S. as online banking becomes more ubiquitous. As the functionality that is extended to consumers through banking applications becomes much more powerful and you can do account transfers and bank-to-bank wire transfers over the Internet, the risk increases. You are going to see these highly targeted malware based threats that even the most savvy of security experts wouldn't be able to differentiate from valid or invalid.
What do companies or individuals have to do to better protect themselves from these types of attacks?
Legacy security solutions that have been deployed for years in the network space were adopted after the fact. We didn't know as much and the security industry wasn't as mature when those architectural and adoption decisions were being made. Security was an afterthought. .Today we are in a unique situation as a lot of areas of technology around next-generation networking and communications converge. People going through the standards and architecture phase now should be considering their security implications and decision as a function of designing, architecting and figuring out their next generation networking solutions. It's important they consider security at the front-end of their network design rather than the back-end. People should use this opportunity to make security more a front-loaded activity that is not separated from the adoption and architectural decisions.
Why is it important to include security in network architecture plans?
The days from being able to differentiate security from network architecture are over. It's not the right way to do things and it's not the most prudent way that buyers can go about really getting a grasp on the risks and potential protections they can deploy if they look at those things hand in hand.