Security threat changing, says Symantec CEO

The threat posed to computer users and companies by hackers is shifting from attacks on the computers to attacks on electronic transactions, according to the head of one of the world's largest security software vendors.

John Thompson, chairman and CEO of Symantec, said the change has been taking place over the last few years but has recently been accelerating.

"While a few years ago many people were much more focused on attacking the machine and attacking the broad-based activities that were going on online, now all of a sudden we've noticed a significant shift in both the type of attack and the motivation of the attack," he said. "The attacks that we see today are more targeted and more silent and their objective is to create true financial harm as opposed to visibility for the attackers."

Thompson was speaking during a briefing at the company's Symantec Vision event in Tokyo on Thursday. At the same event the company outlined its "Security 2.0" initiative and software being offered by Symantec to mitigate such threats.

The head of Symantec's Asia Pacific business, Bill Robbins, explained in an interview that this changing threat would mean businesses will have to spend more time and energy on making sure that data is not just secure but also recording which users are accessing and manipulating information stored in corporate databases.

Doing so could help stop the type of information leaks that get a company's name plastered across the headlines and then cause the brand-image to suffer among consumers.

"You're going to see more and more targeted criminal activity and more and more B-to-C type activity being intercepted and taken advantage of. It's just going to grow, we have no doubt about that," Robbins said.

Stopping it completely will be difficult but companies of all sizes will have to continue to spend on software like that provided by Symantec because prevention will go a long way to reducing the risk, he said. Mid-size companies should sit up and take notice because hackers aren't choosing their targets by brand-name, Robbins said.

"From a hacker perspective if they get your credit card number from the biggest company in the world or the 48,000th biggest company in the world it's still the same value to them," he said.

Symantec's warnings come at a time when fear of online crime is increasing and law enforcement agencies around the world are taking the issue more seriously.

In late September the U.S. became a party to the Council of Europe Convention on Cybercrime. It will enter into force in the U.S. on Jan. 1 next year and commits the U.S. to working with other signatories to develop effective and compatible laws and tools to fight cybercrime, and to cooperating to investigate and prosecute computer-related crimes.

A survey in the U.K. commissioned by the government and major online retailers found 21 percent of people think electronic crime is the most likely type of crime they will encounter and they fear it more than mugging, car theft, and burglary.