As the Chief Security Officer at telco giant AT&T, Edward Amoroso knows a thing or two about cybercrime. Which is why he has been giving testimony before the United States Senate Committee on Commerce, Science, and Transportation specifically assessing how vulnerable the US is on the cybersecurity front and proposing the government level action that needs to be taken in order to make things better.

Amoroso's recommendations on the solutions front were practical enough: dealing with botnets needs a smarter government procurement response, international cooperation must improve and the current arms-length relationship with service providers must be reconsidered.

This last recommendation, which suggests that the government should take a more active role in policing at the network provider level is obviously controversial. In his testimony, Amoroso argues that service providers cannot stop botnets alone and says that those agencies which run their own cybersecurity operations "should be ready to justify such decisions."

But for me, the most controversial bit of the testimony was that which compared cybercrime to drug dealing. Amoroso suggests that cybercrime revenues have now outstripped drug crime on an annual basis, being worth around $1 trillion to the bad guys.

I thought that this stank just a little of hyperbole and sensationalism, but not everyone in the know agrees. Take Ben Itzhak, Chief Technology Office at business Internet security specialists Finjan who tells me that his latest research suggests "whilst the economic downturn is reducing the income of drug traffickers, cybercriminals are becoming ever more innovative in the ways they extract money from companies and individual."

Itzhak continues "In our Q1 2009 report on cybercrime, for example, we revealed that one single rogueware network are raking in $10,800 a day, or $39.42 million a year. If you extrapolate those figures across the many thousands of cybercrime operations that exist on the Internet at any given time, the results easily reach a trillion dollars."

Against this backdrop, Itzhak argues that the Amoroso got it right: "we can confirm AT&T CSO Amoroso's testimony that cyber-security threats have increased significantly over the past five years, and have reached the point where they pose a significant threat to all organisations."

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.