IT directors must review security every 90 days

by Karl Cushing, © 2002 ComputerWeekly.com Ltd. All rights reserved

IT directors have been warned that they should reassess their companies' global IT security strategies every three months if they are to protect themselves from hacking attacks.

Thursday, 19 December 2002
- According to new research from security specialist mi2g, the UK was the third most targeted country in the world in 2002. UK organisations sustained 5,099 successful digital attacks this year, making it the highest-placed European entrant in a list that was topped by the US.

However, IT directors should be vigilant in all their geographical locations following the appearance of Norway - a country not noted for its political profile - at number three in the figures for December, after "a sustained digital attack", mi2g said.

Organisations in the G8 group of western industrialised nations will be prime targets for anti-capitalist and pro-Islamic motivated hacking attacks next year, mi2g warned.

"The speed of change has accelerated significantly," said mi2g chairman and chief executive DK Matai.

Four years ago IT directors could get away with changing their strategies annually. Now mi2g advises that "IT directors reassess their global IT strategies from a security perspective every 90 days," he said.

The scope of digital attacks and the potential for damage has also increased exponentially. "This is not an issue that only affects the UK or the US, it has fast become a global problem," Matai said.

Too many companies have focused on making their headquarters secure while neglecting their regional offices. They are leaving themselves open to attack via the back door, for example from trojans - a program that is capable of locating passwords or password information despite appearing to be legitimate - or making the system more vulnerable to future entry, said Matai.

Changes in insurance and re-insurance policies over the past nine to 12 months have left many organisations unwittingly yet hopelessly unprotected for damages to IT systems ensuing from digital attacks and viruses, he said.

Organisations are compounding matters by failing to adopt layered authentication procedures; install patches for vulnerabilities promptly; monitor temporary staff; and deal with more effectively with disgruntled employees.

Suppliers are also at fault, mi2g said. "We are still flummoxed by the number of vulnerabilities being announced by suppliers. This is a lingering problem," Matai said.

Financial services firms, which were key targets this year, will be replaced by the tourism, travel and hotel industry in 2003. Increased broadband usage will put more small- to medium-sized enterprises and domestic users at risk from digital attacks.

The figures are based on reports of overt digital attacks held in mi2g's security intelligence products and systems database, which records incidents from across the globe.

Renowned worldwide for the ATCA Briefings. Subscribe now.
Home - Profile - Values - People - Careers - Partners - Contact Us
D2 Banking - Bespoke Security Architecture - Digital Risk Management - Tools

Intelligence Briefings - Brochures - Case Studies -
SIPS Methodology FAQ (pdf)
Keynote Speeches - Articles - News Feeds - Glossary (pdf)
Terms and Conditions - Privacy Policy