2012: Red October and other cyber warfare and espionage attacks emerged. The myth of Mac security invincibility ended.

What industries are most vulnerable to attack? Kaspersky said his mind is caught in an “endless loop” trying to answer the question, but power, telecommunications, transportation and military come to mind.

There are not enough IT security experts and educated professionals. “We need more and more experts,” said Kaspersky.

But, he conceded we must balance security with freedom, and each industry may require a different balance.

Schmidt walked attendees through some horror scenarios involving transportation systems going dark and airlines essentially being stranded. Real warm and fuzzy stuff.

Back in the 1980s there were was a war dialer that attacked a city grid and turned all the traffic signals green. “When you look at that category it’s different than someone trying to steal” your business plans. “But the fundamental vulnerabilities are the same in all industries.” The solutions are always similar but the vectors from which they emerge may be different.

Can security keep up with constant innovation, such as Google’s self-driven car? “I hope I will die before the end of technology innovation,” quipped Kaspersky.

Worst-case scenarios for cyber terrorism have yet to play out, concluded Kaspersky.

Cyber criminals are increasingly chasing money.

Nation states, however, are driven by something else.

It costs several hundred billion dollars to make nuclear bombs, but cyber warfare is much less expensive.

In 2009, the Aurora operation attacked Google, Adobe, Juniper, Yahoo, Morgan Stanley, Dow Chemical and more.

Also read up on DuQu in 2011.

Gauss-oriented attack is a nation state sponsored malware attack. It is stealing banking credentials. They apparently were trying to find information about how financial organizations move money around to pinpoint weak points. But ultimately, the true purpose of the technology is unknown. There is an encrypted warhead deep inside — the best minds are trying to crack the encryption and everyone has failed.

The latest malware worth watching is Red October. Kaspersky spotted the malware in 2012. Diplomatic institutions — embassies — were targeted. One module steals information from iPhones, Android and Windows phones.

Three dangers of cyber warfare: (1) Ideas from cyber weapons can be re-purposed and copied. (2) Companies become collateral victims in the cyber war between superpowers. (3) Cybercriminals start using weaponized exploits that were originally developed by governments.

Against military grade weapons you want the best available defense technologies. The keywords you want to look at include Patch. Whitelist. Default deny. Exploit prevention.0-day defense. Realtime protection. Cloud protection. Perimeter. Green zone. Raise awareness. Access control. Education. “Without education and awareness bad things turn into catastrophes.

Andy Steingruebl, senior manager, customer and ecosystem security, paypal

Eddie Schwartz, CISO, RSA

Adrian Stone, director, security response, RIM/BlackBerry

Costin Raiu, director, global research and analysis team, Kaspersky Lab

He offered a list of the biggest attacks and incidents of 2012. The VAR Guy will post that list later.

Changes in malware involve the attacks becoming very, very targeted.

How are Botnet’s formed and why are they financially profitable? Orans explained it step by step. The VAR Guy has a photo of the process. Nasty stuff. More later.

Three- to five-percent of corporate PCs at any given time have been compromised by botnets. Roughly 20 to 30 percent of consumer-grade PCs have suffered from botnets.

Three ways to protect BYOD devices: MDM, hosted virtual desktops and network access control.

Anti-spam companies becoming cloud application brokers: Web filtering, anti-malware, DLP, identity services, encryption services, devices profiling, audit and logging.

Businesses want three things: Agility (move fast, be nimble and flexible); efficiency (cut costs, consolidate and streamline) and productivity (maximize the value of existing resources; do more with less).

Malware gets in the way of all that. There are more than 200,000 new samples daily. There are more than 35,000 malicious programs that target mobile devices.

The new offering includes encryption, mobile security and MDM. It’s all in one dashboard/console. MDM piece involves security, full-visibility, policy enforcement. Container technology allows corporate applications to be separate from a user’s private BYOD applications. You can draw a line between corporate and consumer data. That also allows content to be selectively wiped if the device is lost or stolen.

In terms of systems management, there’s systems provisioning, vulnerability scanning, license management, remote tools, patching and network admission control.