We all know Steven Covey`s seven habits of highly successful people. Well, here are the seven most frequently committed management errors that lead to computer security vulnerabilities. I don`t recommend you follow any of them. (These are as determined by 1 850 computer security experts and managers meeting at the SANS99 and Federal Computer Security Conferences held in Baltimore).
7. Pretend the problem will go away if you ignore it.
6. Authorise reactive, short-term fixes so problems re-emerge rapidly.
5. Fail to realise how much money your information and organisational reputations are worth.
4. Rely primarily on a firewall.
3. Fail to deal with the operational aspects of security: make a few fixes and then not allow the follow-through necessary to ensure the problems stay fixed.
2. Fail to understand the relationship of information security to the business problem - you understand physical security but do not see the consequences of poor information security.
1. Assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job.
The picture is more or less the same wherever you look. European companies lack "a cohesive security management strategy", says a report from research consultancy IDC. The proliferation of e-business, increased Internet-based access to company information and brand protection are all driving the need for security. Malicious actions from inside and outside companies are the most pressing threat. The most common security measure is to use virus detection software, but some 26% have no security measures at all. A little like Aids, isn`t it?
CNN reports that more than 100 countries lack the laws necessary to fight crimes committed via the Internet, according to law enforcement officials. The big problem is the potential for crime to be committed across borders. The Internet offers the unique opportunity to remotely commit a crime in a given country, thereby avoiding any local laws that may apply to the illegal activity. In support of its plea for the concept of an international law, the US Department of Defence says it has warded off more than 22 000 attacks in the last 12 months.
So, will your toaster be the next to be nailed by a virus?
Ian Melamed, MD, Ian Melamed Secure Computing
An online smut dealer recently went out of business, and left customer profiles and credit card information in its virtual remains. When visitors check the site now, in place of a storefront they find a handy list of directories accessible to anyone. The information leak enables credit card fraud and violates the privacy of those who placed orders. Be ultra-careful with whom you do e-business.
So, will your toaster be the next to be nailed by a virus? Or your dishwasher? Microsoft has unveiled its concept home of the future. According to Microsoft`s vision, all major appliances and home gadgets will be connected in a home network and this network will be wired to the Internet. Raises the interesting potential possibility of home appliances hanging; your toast burning every time, your clothes tumbling forever in spindrier lunacy, your microwave oven starting and resetting itself, the hourglass turning on your TV! The system will rely on plenty of cameras to track the movements of people in the house. Now there`s a challenge for malicious voyeurs to hack in.
Be afraid, be very afraid. Politicians have discovered e-mail. At the recent G8 summit in Nago, Japan, Russian President Putin recommended a revolutionary idea to the other world leaders gathered there: "Let`s use e-mail to communicate with each other." What this has revealed is that general computer literacy and awareness among global leaders is minimal. One anecdote described a prime minister pointing a mouse at a computer and attempting to use it as a remote control. And you thought the TV advert was over the top!
A German freemail service provider, GMX, has become the latest to suffer a series of attacks on its subscribers. First, 118 000 accounts were erased from its servers. Then, in a password theft scheme, over 1 600 users` passwords were compromised. Subscribers received an e-mail with the command "think about it!" in the subject line. On opening the message, an automatically executing script changed the account username and password. E-business, ahoy!
After causing havoc in the Microsoft world, virus writers have turned their attention to the computer-aided design (CAD) market. A virus has been reported in AutoCAD 2000, the world`s leading CAD software from AutoDesk. The virus is written, predictably, in Microsoft`s VBA macro programming language. It is not an immediate threat, and has not been reported in the wild. However, its sources in VBA are significant, as AutoDesk licenses VBA from Microsoft. Visio, Corel and Micrografx are three other companies to have licensed VBA, so it seems only a matter of time before viruses reach these applications.
Sources: Computer Wire, ComputerWeekly, CNN, Mercury Center and Chicago Tribune.
Share
