I`ve been warning for some time that all large businesses` systems are at risk, and that they are leaving gaping holes to be exploited.
Now last week ITWeb was able to gain access with the greatest of ease to ABSA files through a flaw in Microsoft`s Internet Information Server. The previous week it was reported publicly that banks were putting their clients at risk through previously announced security holes.
Small and medium enterprises are likely targets for Internet attacks and over half will suffer a successful attack between now and 2003.
Ian Melamed, MD, Ian Melamed Secure Computing
When will companies begin to take security seriously? It really isn`t that difficult. After all, the banks take it plenty serious when a cash-in-transit heist occurs. But they seem to be all at sea as to how to safeguard themselves against cyber-intruders. Based on recent experience and reports, they lack the will and the organisational capability to secure their systems and by extension their customers` accounts and cash.
But it`s not just large organisations that are at risk. Small and medium enterprises (SMEs) are likely targets for Internet attacks and over half will suffer a successful attack between now and 2003, according to Gartner. Most at risk are those that manage their own network security and use the Internet for more than e-mail. Some 60% of companies targeted won`t even be aware of the attacks, which will feature Web site hacking and the spreading of viruses. Gartner recommends four steps to beef up security: Regular checkups; proper firewall configuration; boundary services, including the scanning of incoming e-mail for viruses, and the discouraging of spam and relay services; and consolidated remote access with strong authentication. Couldn`t agree more with these findings, especially as they`re all relatively easy to implement!
Gee, who`d have guessed it? The US public doubts the ability of its government to manage the entire topic of computer security and privacy. This after it has appointed itself as the global watchdog on these vital points. It has been shown over and over again that the US government and its agencies are as vulnerable as anyone else when it comes to information security, as recent audits by the General Accounting Office have shown. A poll conducted by the Information Technology Association of America has shown that 80% of those surveyed have low confidence in the government maintaining security and privacy on the Internet. Many also doubt the security of legalised digital signatures.
The most prevalent piece of malware (a category which embraces viruses, worms and Trojans), according to anti-virus software companies, is not I Love You or Melissa, but the remarkably durable kakworm (could the author of the Trojan have had any idea of how apposite this title would be in SA?). Entirely apart from the damage kak wreaks, it is one of the few current viruses not to need a Visual Basic macro to execute. Instead, it typically sneaks in via the view pane function in Outlook Express, where it is embedded in HTML text. It`s sneaky, pervasive and persistent, and it can easily bypass standard anti-virus system checks. Among its delights, it spontaneously reboots your machine while you`re working. Gotta just love those sneaky little virus writers!
William Culber will have plenty of time to contemplate how stupid he was: a former employee of the Daily Mail, Culber offered rival paper Daily Express a scheme whereby he would disable the Daily Mail`s computer systems for at least a week, in exchange for monetary compensation. The Express didn`t play ball, and worked with Scotland Yard`s Computer Crime Unit to have him arrested. He`ll spend the next 18 months in jail.
Just have to admire some of our emerging global leaders. I had reason recently to find myself at the Brussels Computer Faire, and the dominant stands were those of Dimension Data and Comparex - SA standing tall and proud in the most testing of times.
Sources: CNN, BBC, Yahoo and ZDNet.
Share
