The corporate mind-meld
Let an infinite amount of monkeys type on an infinite number of typewriters for infinity, the saying goes, and they will produce the complete works of Shakespeare. Such might also be said of hackers, who have shown enormous patience and determination to find ways around corporate security methods--if only to prove that they can.
Recent technological advances have, of course, provided many more opportunities for those code monkeys to cause harm. Mobile devices, changing content profiles, VoIP, wireless LANs and myriad other technologies have all changed the risk profile for companies operating today. So, too, will Microsoft’s introduction of Windows Vista--which, with its new architecture and substantially revised security model, will have system administrators scrambling to adapt.
As is the unfortunate reality of the security industry, vendors are keeping one step behind the perpetrators--although, fortunately, the length of that step has shortened considerably in recent years as increasingly intelligent solutions bring problems like spam under control.
It can never be said too strongly, however, that companies shouldn’t rely just on technology to solve their security problems: guards, after all, don’t protect property better if they carry bigger guns. As always, policy is as important as technology in building an effective corporate security environment--and even more so now that there are so many more potential carriers for data and incoming attacks.
There are signs that companies have finally gotten the message about security policies: the 2006 AusCERT survey found that only 29 percent of attacks were attributable to internal sources, compared with 37 percent last year; this statistic, as well as one finding a slight reduction in the percentage of respondents citing a need to change users’ perception and behaviour about security (60 percent in 2006 vs 65 percent in 2004), suggest that corporate culture and policy are finally delivering the kinds of cultural modifications that have been talked about for years.
This change has led to a slight softening of security priorities in many companies: AusCERT found that fully 10 percent of respondents thought they were managing all aspects of computer security reasonably well--a jump from seven percent in 2005 and just five percent in 2004, and only 50 percent of companies increased security spending in 2006 compared with 68 percent in 2005 and 70 percent in 2004.
There are other challenges, of course: increasing workloads and complexity of information security requirements are forcing companies to search for dedicated security specialists, for example, and large businesses as always face the challenges of scaling any security strategy so it applies equally across the entire enterprise. Partners, too, add a potential spanner in the works: you can take all the protective measures in the world, but if a trusted partner isn’t being as diligent it’s a recipe for disaster.
Nonetheless, the fact remains that it is now more possible than ever to both anticipate network security problems, and to do something about them. If nothing else, that knowledge is finally allowing the traditional victims of information security attacks to put the battle on a slightly more even footing.
That has, so to speak, finally imbued the clueless co-ed with the foresight to turn on the lights. Just what she sees will still be a cause for alarm--but at least there’s hope. Give her the right tools and the determination to succeed, and her struggle may just get that much more interesting.
Like This Article?
www.technologyandbusiness.com.au
Technology & Business is Australia's premier enterprise technology title, providing useful and high-quality news, reviews, analysis, interviews and opinion on issues key to Australian business and IT leaders.
Technology & Business is the only title to provide independent lab testing and analysis of enterprise products, looking not only at performance but also interoperability, future proofing, return on investment and service as testing criteria.
Want to subscribe?
NetRegistry December Newsletter
Report a bug