IT Week: As chief executive of antivirus and web security specialist Trend Micro, where do you think security vendors are going wrong with enterprise defences?

Eva Chen: It is wrong of vendors to dwell on [new threats]. They should be encouraging firms to look at the overall threat landscape, and vendors need to change the threat management experience of the IT manager. Originally, if there was a problem, [the vendor] would release a patch and that would be it, but now [there needs to be a process] starting from risk assessment and risk mitigation.

How is your company dealing with the ever-evolving internet threats?

We’ve been working with Cisco to deliver specific services whereby if there is a problem before a virus pattern file [is available] we can control the network and deliver policies to configure it – for example, to close ports or protocols temporarily until the signature arrives. We’re [trying to be] the virtual IT staff for small and medium-sized firms – to automatically prevent the threat. IT departments in large companies also need help from vendors like us, so each of our large customers has an account manager who will contact them at the time of a security breach.

What is the biggest security threat facing IT managers today?

Security used to be centred on the client, and then the gateway, but now the most vulnerable area is mobile computers coming into the network. IT managers should look at their access points to the network and enforce strict policies. Meeting rooms, for example, are one area where people bring in their computers from outside and log in to the network. It is a fine balance, however, and some vendors only offer policy enforcement so that if a PC hasn’t [got prescribed antivirus software], it can’t enter the network, but this will damage a firm’s p roductivity.

With offices all over the world, have you noticed some internet security threats are more common in certain regions?

Yes, China doesn’t really have a [sophisticated] wired network, but GPRS is much more sophisticated there, and so [malicious code writers] have targeted mobile phones through SMS – it’s a big threat, so we have to offer protection for it. In Japan, point-of-sale system devices are all embedded with Windows, so they can’t be patched. This makes them very vulnerable and they are attacked a lot. Finally, the UK seems to have the highest rate of phishing attacks. In fact English-speaking countries seem to be more prone to spamming and phishing attacks than other nations.

What are the most effective ways of combating online attacks?

Education is the most important thing in every country. In the UK, IT staff don’t always have the time to do this, so we’ll come in and hold security-awareness drills and assess user awareness levels to spot the weakest links [in an enterprise]. Offering affordable security is also vital – many people [in poorer countries] cannot afford to secure their networks. Our HouseCall online virus scanner is free of charge, and from 2006 customers will be able to donate however much they like for the service [to go to charity].