Software and hardware products that are supposed to bolster Internet security have actually made the problem worse because they are not effectively tested and are poorly implemented.
Delivering a blistering attack on how the Internet is being misused by business, Kc Claffy, founder and director of the Cooperative Association for Internet Data Analysis (CAIDA), said the Internet was not built for its current use.
Business, she said, has become totally dependent on the Internet to the point where it is now being treated as critical infrastructure.
"In the drive to secure the Internet, the business community is adding new layers of complexity," she told delegates at the AusCert conference on Queensland's Gold Cost last week.
The Internet's infrastructure was not built to withstand such heavy use and dependence, and Claffy warns that over the next 10 years the problem is going to get much worse.
"The Internet was never built to be turned into critical infrastructure," she said.
The risk is exacerbated, she said, by poor products which are deployed by individuals who lack training and use unsafe methods.
"Therefore none of us should be surprised if we continue to see the rise in break-ins, defacements and viruses in the years to come," Claffy said, adding that the ability to secure the Internet relates directly to economic ownership, but nobody wants to get governments too heavily involved in regulating the World Wide Web.
Based at the University of California's San Diego Supercomputer Centre, Claffy's full time job is to study raw data to measure and analyze performance data on the Internet's workload.
The goal is to promote better business, engineering and policy decisions regarding Internet infrastructure.
Since the Internet's inception, Claffy said, security has been ignored in favour of convenience, which is why attempts to retrofit security are not working. It is now up to IT security professionals to get it right and that includes getting management on board by playing the role of educator, and most importantly taking ownership for these problems.