As president of one of the world’s largest security companies, Michael DeCesare spends his time letting people know what should really be keeping them up at night. On Tuesday night, he visited Saint Mary’s as part of the School of Economic and Business Administration's Executive Speaker Series to describe the mysterious but increasingly threatening landscape of cyber-attacks.
DeCesare has been the president of McAfee since 2007. During his seven years there, he has worked to stop, as he calls them, “the bad guys.”
“In the modern world of cyber security world there are three types of attackers,” he said to a captivated audience in Lefevre Theater. “The first are hacktivists like Anonymous; the next is organized crime; and the final group comes from state funded attacks—these are the ones that are the most frightening.”
“During the political unrest in Ukraine, we’ve seen, for the first time, one group attack another one through their telecommunication systems,” said DeCesare. “Sometime soon there will be a 9/11 level attack on cyber security, and it’s going to be devastating. As we become more technologically advanced and reliant on that technology, the potential for a major attack increases.”
The continued entanglement of identity and technology and the potential risks that causes was one of the central points of DeCesare’s address.
“We are now more connected that ever,” said DeCesare. “We just passed the point where there are more connected devices than people in the world. As a society we are coming online in a major way. This only works, though, if people feel safe and secure. This is the online generation—they expect to be online.”
DeCesare forecasted two major trends that will continue to cause security issues in the future: BYOD and the Cloud. Bring your own device, or BYOD, is the shift in work dynamics where individuals are using their personal devices for work purposes. The days of a company issuing a piece of technology to an employee to use have largely begun to fade. However, when employees integrate their own personal smartphones and tablets into their work lives, it makes securing corporate network much more difficult and significantly increases risks. A similar threat emerges with the rise of Cloud technology. The transfer of viruses or malware becomes much easier if we’re accessing information from decentralized, unsecure places. In both cases increased convenience comes with inherent security risks.
“The level of sophistication in these attacks is substantial. These guys aren’t stupid. One virus used in an attack against a Saudi oil company had over a million lines of code and over 700 IP addresses,” said DeCesare before describing another cyber-attack that involved building a replica of bank’s homepage and stealing password information as users entered it.
“These guys are good,” he added.
Though there will always be security challenges, and indeed it appears those challenges are growing in sophistication and frequency, DeCesare was hopeful about the future of technology.
“I love technology; it allows us to do incredible things,” he said. “Think about Google’s driver-less cars and the implications of that kind of technology. The rise of cell phone usage in remote, impoverished villages allows doctors get access places they never could have before. Babies now wear clothes that have fibers that alert parents who are worried about SIDS [sudden infant death syndrome]. It’s critical that we can make the most of [technology] while minimizing risk.”
The coming paradigm shift, according to the McAfee president, will be towards building security into the design of new technology, rather than having security be an add-on. DeCesare cited Target and other retailers’ reluctance to update their in-store hardware to accommodate smart-chipped credit cards as an example of this.
“There’s going to be a change in thinking,” he said. “You wouldn’t ever consider buying a car that didn’t have airbags already installed. Would you feel comfortable going through a third-party airbag supplier? Why should cyber security be any different?”
With all the future changes and the continued technological leaps, DeCesare urged students to pursue security as a career.
“I used to meet with security heads when I visited companies; now I meet with CIOs and CEOs. Security is that important now, and we’re going to need really intelligent people in security. The industry demand for talent is there.”