Symantec Presses Congress To Combat Cybercrime

To Weafer, the senior director of security response at Symantec, the question to be asked is not if or when we will be attacked, but rather how severe the attack will be.

"Internet attacks these days are not the large-scale, fast-moving virus or worm pandemic-type attacks that we saw with frequency just a couple years ago," he told the House of Representatives Subcommittee on Telecommunications and the Internet. "Consider this: From 2002 to 2004, there were almost 100 medium-to-high risk attacks. Last year, there were only six and so far this year, there have been none."

Of course, that does not mean systems are not longer being targeted. More sophisticated identity authorization and encryption solutions are a step in the right direction, with today's attacks designed to steal data without detection for the purposes of fraud and intelligence gathering. That's different than previous threats, which more often sought to bring systems to their knees. Many of today's attacks involve botnets, which enable unauthorized control of a computer for the distribution of spam, phishing messages and malicious code.

According to Symantec's Internet Security Threat Report, which analyzes information security activity, attackers are focusing more on weaknesses in the Web servers and applications, resulting in an increase in bot infections, denial-of-service attacks and malicious code.

In his testimony, Weafer encouraged Congress to take a more active role in combatting cyberattacks.

"Congress can help fight cybercrime and cyberterrorism in a number of ways: by investing in cybersafety education and awareness programs for consumers, increasing funding for cutting-edge cyber R&D, passing a strong national data breach law, extending international cybercrime law enforcement efforts, and requiring an Internet reconstitution plan for the U.S. government," he said.