By Sathya Mithra Ashok
Everybody’s favourite mantra for the difficult times can be applied as much to security and IT as anything else.
Everybody’s favourite mantra for the difficult times can be applied as much to security and IT as any other organisational process.
As if all the news on how the (financial) world is crashing around our shoulders was not enough, now it is the security companies raising a hue and cry on how criminal elements of cyberspace can use this time to compromise organisational networks and cause havoc. According to them, almost all web criminals have risen in arms to break through any company’s protective screen.
You might not believe all of what they say, but recent incidents seem to suggest that there is at least some truth to their allegations.
Take the already infamous Downadup worm. This worm, of unclear origin, exploits a bug in the Windows platform to infect computers, especially across corporate networks (largely because it is easy to spread within an internal network where security is lax). Though no harm has come of it yet, many experts suspect that the attacker – individual or group – can turn on the worm at any time and use affected PCs to steal data or commit other cybercrimes.
The latest news has been that the worm has spread to organisations in the Middle East. Companies, like F-Secure and Symantec, have come out with ways to discover and do away with the worm, but not many regional organisations have implemented these protective measures, simply because the worm (also called Conficker) does not seem to cause any immediate damage.
Closer to home, recent reports claimed that the website of the UAE’s Federal National Council (FNC) was successfully hacked. Though FNC was quick to deny these reports, the former reports nevertheless raise the spectre of hackers who are out there, targeting specific websites with tools that could potentially let them through even with the best of defences in place.
These incidents, coupled with vendor warnings, seem to indicate that even at the worst of times, companies cannot let their guard down. However, not many organisations in the region seem to be taking these apparent attacks very seriously. As projects get delayed, and claiming payment arrears become a challenge, all companies seem to be able to concentrate on at the moment is keeping things going from day-to-day. In this melee, internet and network security are at the bottom of priority lists.
One sector that seems to be beating this trend is the banking and finance industry (BFSI), as NME finds out in the February issue’s cover story. This year might not see many companies invest in new security, but BFSI organisations are looking to get more from their existing defence solutions through optimisation and rationalisation. (Read the February issue of NME to know how financial institutions are planning to handle their security in 2009).
Companies across verticals can take a leaf out of their book to combat the increasing terrors of the web. Small improvements, such as increasing productivity, educating personnel on things to watch out for and brushing up on security processes, can go a long way in helping companies avoid becoming victims.
IT managers have to concentrate on security and do more with less, because, if indications are right, things are going to get worse before they get better.
You can avoid malware forever for free simply by installing Ubuntu Intrepid Ibex as your operating system