Interview: eBay Security Chief Howard Schmidt
The second piece is the vulnerabilities. In the history of computer programs, we still write computer programs that have inherent flaws. Buffer overruns is one that we all talk about. This is not new; back in the ’70s we were finding these things in computer systems. As the Internet became more mainstream those vulnerabilities became very pronounced to the point where we constantly are applying patches, we’re constantly trying to keep systems updated.
The third piece is training. We teach people how to drive, but we don’t’ do a good job teaching people about cybersecurity. Cable modems, DSLs - wonderful technology but we’re just beginning to see the service providers, when they install, give you a pamphlet that says, here’s learning about personal firewall, here’s antivirus links.
The fourth is authentication. That’s very important. If you look at some of the hack attacks we’ve seen over the past few years, many of those have occurred because we have static IDs, a name and password instead of using smart cards or some sort of secure ID, two-factor authentication.