InfoEdge Logo
Offering Select IT And Business Management Research
research@infoedge.com
800.544.7337 | 617.969.9080
Home Page About Us Contact | Questions Shopping Cart
Recent Reports Information Centers Free Research IT Business News and Articles CIO Strategy Center Browse Categories
Related Reports
Security Audit Program
The audit program is one that either an external auditor or an internal auditor can use to validate the compliance of the Information Technology organization and the enterprise to ISO 17799, Sarbanes-Oxley, HIPAA, and PCI-DSS.
IT Spending, Staffing and Technology Trends
The study tracks spending in ten industry and government sectors and provides objective and comprehensive data designed to assist IT and business executives in the financial and strategic management of information technology.
Options in Enterprise Backup
This report reviews the intricacies of backup practices and procedures, including security, business continuity, archiving and compliance.
The State of the Mainframe
Mainframe MIPS growth is averaging around 20% per year. This new report looks at the current state of this "legacy" system.
IP Telephony Solutions: Product Comparison Report
This report includes an overview of the enterprise IPT market, a comparison of nine leading IPT solutions, and a summary of the relative strengths and weaknesses of each product.
Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Threat Intelligence / Preparedness

Anticipating Threats

By Lauren Barack

CIOs can no longer rely solely on security updates and patch management companies to keep their businesses safe from hackers and criminals. Recent attacks to computer networks have shown how dangerous today's security threats can be. When MyDoom brought down the servers of software company SCO earlier this year, the damage was so extensive and expensive that the firm offered a $250,000 reward to anyone who could catch the virus creator. The SQL Slammer worm that hit hard in January caused airplanes to be grounded and ATM machines to malfunction, all of which added up to a reported $1 billion price tag. Even Internet businesses -- companies that should be in the know, such as eBay and America Online -- have fallen prey to hacks and malware (short for "malicious software").

The onslaught of threats continues, and groups that track attacks made across the Internet are finding these dangers on the rise. Recently, the SANS Institute's Internet Storm Center, which monitors the activity and traffic on the Internet, noted that unprotected servers were getting hacked approximately every 13 minutes. In fact, about 80 percent of the activity on the Internet is taken up every day by viruses, worms, spyware and other forms of malware, according to Peter Cochrane, a co-founder of technology consultancy firm ConceptLabs.  Experts believe so-called "zero-day" threats -- a virus or worm that hits the Internet within minutes of the announcement of a known software weakness -- are a very likely danger.

CIOs who rely on a reactive approach are potentially endangering their company's data. This wait-and-see mind-set gives attackers the edge. In some cases, companies literally pay the price, as they become victims of hacker extortion. For example, a hacker will attack a company with a DDoS (distributed denial-of-service attack), and then threaten to do it again if not paid. At least six to seven thousand companies are paying online extortion demands, according to Alan Paller, director of research of the SANS Institute. "[The hackers'] motivation is money and extortion," agrees Lance Spitzner, a founding member of The Honeynet Project, a five-year-old non-profit hacker research group. "The easiest way for them to make money is to threaten to attack again, rather than actually launch the attack."

The Right Support: Proactive rather than Reactive

Companies need to review their approaches to protecting their networks. A secure system will implement every software patch and utilize every notification it receives. But a company must think like a hacker -- and start using proactive tools to anticipate the source of an attack, and how it might enter a firm's network. A proactive CIO will:

  • Share secrets with competitors so that everyone in a similar industry is following best practices. If one firm is compromised by a computer attack, a competitor will often find its customers demanding potentially costly assurances of their security. By sharing information with competitors on how each keeps its own system secure before an attack happens, firms can save time and money.

  • Hire firms that specialize in breaking into their IT infrastructure to find vulnerabilities before hackers do. This should be done at least annually, to locate and then neutralize any insecure portal.

  • Demand a direct pipeline to software vendors. Instead of relying on notification messages, major clients of software vendors are eligible for early versions of patches. Hackers understand that an open-patch release dispatched by a software company is an alert to where the vulnerabilities lie in an existing system. Less public communication between CIOs and software vendors will help eliminate this exposure.

  • Train employees to be cautious when callers request information such as their password or user name. "If you did not initiate the conversation, then do not give out your information," says The Honeynet Project's Spitzner. A telephone on an employee's desk is as much of a danger to an IT Infrastructure as a hacker discovering a software flaw. If a hacker can get an employee's name and password, they can have open access to a computer mainframe.

With new ways of thinking, CIOs can start implementing proactive tools to not just react to threats, but anticipate their arrival. A holistic approach -- one that involves not just an IT department and employees, but industry colleagues as well -- is the strongest firewall.

Lauren Barack's work has been published in Business 2.0 and Wired.

CIO Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Spam and Viruses
Preparedness
Strategies
Related Content

Features

View More


Metrics

View More

Fast Fact

"About 80 percent of the activity on the Internet is taken up every day by viruses, worms, spyware and other forms of malware."
Sponsor Tools

Resources

White Papers

View More


Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


Preparing for a Disaster
Playtime: 8 min 07 sec



Download | Subscribe

Copyright © 2009 Studio One Networks. All rights reserved.
Geography Specific | Advanced Technologies | Industry Verticals | Executive Management | Information Technology | Human Resources | Telecommunications | Sales And Marketing | Finance | Hardware | Software | Web | Outsourcing | Top IT Priorities
home   |     site map   |     about us   |     privacy statement   |     research providers   |     contact us   |     categories

Entire contents ©2008 InfoEdge. All Rights Reserved.
Email: research@infoedge.com