Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

That seems counterintuitive, that things are getting better.

After five, six years there’s now a recipe for botnet takedown and disruption. When a botnet’s command and control is decapitated, it can’t send stolen data anywhere. The security community is far more interdisciplinary, and tighter. Five and six years ago if there was a security researcher like me and a law enforcement dude [looking into an attack] it might take us a five or six weeks to get together, if ever. Today there are [regular, structured opportunities] for me to say, “Let me provide data that might be useful.” And Microsoft now has a tool to clean up botnet infections.

But the [ARMS index] methodology might not make sense anymore. When we developed the index, we decided to have one number, which represented the overall threat. Since then we have seen attacks on consumers wane, and we’ve seen attacks on high-value targets increase. So if we had ARMS C for consumers, ARMS B for business could be 7.5. We’ll probably break that apart when we do it again. 2011 is the year of the enterprise breach. I’m afraid the headlines we’ve seen in the last five months are in no danger of going away

Looking at your scale, anything over 9 sounds terrifying: it describes a world in which almost every computer is being used or watched by malefactors. Do you really think that kind of meltdown could happen?

At this point, it’s a hell of a lot less likely than it was when we dreamed this up three years ago. Since Conficker [an Internet worm detected in 2008], a host of measures have happened to make this less likely. The Windows operating system is more secure, software design is better, ISPs are stopping these kinds of attacks. We’ve come a long way from the days of Conficker. The 9.0 is a fictional Armageddon that I don’t spend a lot of nights worrying about. I worry more about one targeted Gmail attack on a White House staffer. Not a lot of people are motivated to make things melt down. A lot of people are motivated to attack successfully, and the [smaller] their footprint is, the likelier they are to attack successfully.

0 comments about this story. Start the discussion »

Credit: Cisco Systems

Tagged: Business, Business Impact, Securing Data, Cisco

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me