Hackers and malicious code distribution has become more professional over the years, how can we win the fight?

We're in for the long haul on this one. It is a fight, or more accurately an arms-race, in which both sides will forever battle to stay one step ahead of the other. I am proud that RSA is a leader in that arms-race, and we have achieved some significant successes. We have already seen a steady evolution over time, from the script-kiddies who would deface a website to impress their peers to today's super-organized online fraud cartels that deploy a range of sophisticated techniques for the purpose of financial gain. Vigilance is key, as is education and the evolving thinking around 'intelligent security'. What I mean by that is the importance of shifting the emphasis of security away from battening down the hatches or hardening the network perimeter - after all, data will always move around and often needs to be shared with third-parties - and toward securing the data itself, at-rest and in-motion, across devices and over time. Security should be applied continuously and intelligently so that it is commensurate with the level of risk posed by the information to be protected. But above all, it must be built-in and ever-present.

Where do you see your customers spending their IT security budget this year?

We see customers wanting to work with fewer vendors with broader security offerings, and who can provide a holistic approach to information security. Security budget justifications are trending towards risk factors throughout the information infrastructure. We're seeing a dramatic increase in spending to prevent data breaches and protect credit card data and personally identifiable information. Key management and data loss prevention technologies have been particularly popular in this respect. In the financial services industry, much of the focus continues to be on managing risk and protecting online transactions through risk-based authentication. And getting more attention than ever is the ability to track and analyze all security events on a network, to not only protect against data breaches, but to provide the key log and audit mechanisms to meet regulatory compliance mandates.

What are the biggest IT security threats businesses and consumers face?

Both consumers and businesses face an increasingly-sophisticated crimeware ecosystem which specifically targets vulnerable groups, including employees of financial institutions and executives. This crimeware ecosystem is complex, methodical, and professional, focusing on social engineering, vulnerable applications such as enrolling new customers, and vulnerable channels such as telephone banking. Just like businesses, cyber criminals have a "go-to-market" strategy that starts with attacking the largest major markets first like the United States. Now we are seeing increasing online fraud in Japan and a dramatic increase in malicious online activity based in the city of St. Petersburg.