That was the general message at a "town hall" event at the RSA Conference Thursday, where law enforcement officials and security executives described the threat of organized crime on the web but expressed confidence that efforts by the public and private sectors to thwart the threat are succeeding.
"While the challenges we face are significant, this is not a gloom and doom story," said Robert Holleyman, president and CEO of the Business Sofware Alliance, which sponsored the event.
Ralph Basham, director of the U.S. Secret Service, described the agency's various efforts to catch cybercriminals, including last year's Operation Firewall, which nabbed a global network of online criminals responsible for $4.3 million in losses.
"With just a few keystrokes, cybercriminals around the world can disrupt our economy," he said.
The Secret Service has forged a partnership with the private sector to combat electronic crimes, including an effort with MasterCard to prevent identiy theft, he said. Protecting cyberspace requires collaboration between the public and private sectors, he said.
"The responsiblity in some measure belongs to each of us," he said.
In a panel discussion held after Basham's keynote, Howard Schmidt, chief security strategist for eBay, said online criminals have shifted from targeting large enterprises to small businesses, which have fewer IT resources to protect themselves.
However, he said he views spwyare and phishing as short-lived threats. Technology and improved user awareness are helping to reduce the number of people falling for phishing scams, he said.
Dave Cullinane, CISO, Washington Mutual, said his firm's educational efforts to warn customers about phishing have paid off. Only an "extremely small number of our customers" have fallen for the scams, he said.
Chris Painter, deputy of the Computer Crime and Intellectual Property Section at the Department of Justice, said online threats have increased but added, "There is still a lot of good security on the internet."
Locking down systems combined with strong law enforcement is needed, he said, adding that combating cybercrime is a priority for federal law enforcement.
Cullinane, though, said that a company has to hit a certain "threshold" of pain caused by a cybercrime in order to get law enforcement to put the case on a priority list.