Seven years ago, she noted, the attackers Symantec's customers faced were individuals, working alone, motivated by notoriety. Today, "they're professionals. Professional thieves. They may have organized crime ties. They may even be backed by nation-states."
Their motivation has changed as well, Shumm reported. No longer interested in notoriety, today's attackers intend to disrupt communication, block access to critical infrastructure, and even steal data -- sometimes from small, targeted groups within large organizations, making the small-scale attacks harder to detect.
The scope of the problem is staggering. "Every time Symantec sees a new piece of malware in the wild," Schumm explained, "we track it, develop a signature for it, and send it to our customers" to defend against the attack. "In 2008, we had to write 1.6 million signatures," she explained. "That's more than we had written in the previous 16 years combined."
In 2009, Symantec wrote 2.9 million signatures.
Nearly everyone is vulnerable. In 2009, Symantec surveyed 2000 CIOs and CISOs -- and found that 75 percent had faced an attack in the previous year.
CyberSecurity professionals tell Symantec the sheer volume of data they manage doubles every 18 to 24 months, "and I have yet to meet the CIO who tells me that his budget is doubling every 18 months to deal with it."
This data is now carried on converged devices like BlackBerries, iPads and Kindles -- each of which is its own security challenge.
What approach does Symantec think can meet the escalating challenge? "We need to move to an information-centric model of security," she offered, "instead of a network-centric or system-centric model." Agencies need to focus on securing people and information, rather than simply securing a network as a whole.
Symantec is developing its own approaches to the problem, including a new "reputation score" that "leverages the wisdom of the entire internet community" to determine whether a piece of code can be trusted, and a "data insight" decision-support system that helps CIOs decide how to treat each piece of data based on how long it has existed, how often it is accessed, and similar meta-data.
But the key to cyber-security in an information-centric model is still the people who use data, she concludes. Users need to make sure that every device they interact with is secure -- even those from outside the office -- and trust their nervous instincts about attachments and emails from unknown senders.