Month: December 2003

However, less than favourable economic climates and ever-dwindling budgets mean that many organisations never invest in anything more advanced than an anti-virus package and a firewall solution.

In fact, companies need to stop looking at security as a purely preventative measure and realise that it can actually be a business enabler, but recognising the real benefits that more sophisticated solutions can bring to business seems to be eluding many organisations.

It stands to reason that when money is tight, investment is hindered.

The 2003 Ernst and Young Global Information Security Survey found that spending on technology, education, training and infrastructure to support IT security is slipping further down the priority list.

Mobile working and remote access have been widely welcomed by employers and employees alike.

Company bosses are won over by the extra productivity it can bring to business and the workforce is attracted by the added freedom and flexibility it enables in doing their jobs.

Whilst the mobile working revolution provides organisations with ease and convenience, it can have serious implications for security and information integrity which cannot be ignored.

In order to do their jobs outside the office, employees often need to download vital, confidential company information to their laptops and PDAs.

This means that at best you have just lost an expensive piece of kit which now needs replacing, but at worst your private company information ends up in the wrong hands.

It’s all very well rolling out laptops and PDAs to your employees, but without adequate security any potential gain from implementing mobile working may be lost along with your private company data.

Security solutions specifically designed to protect wireless devices are enabling organisations to enjoy mobile computing safe in the knowledge that security isn’t being sacrificed.

For example, with single sign-on and application launch control features, you can deliver both productivity and security improvements, enabling your business to take advantage of the latest technologies, such as GPRS, in a secure fashion.

The financial, retail and telecommunications industries have been benefiting from smartcard technology for a number of years, however its potential for enhancing security within all organisations is being recognised.

The major concern for most, if not all organisations is the bottom line and being able to survive over the competition.

Being able to take advantage of the latest technology and working procedures is the key to ensuring competitiveness in an overcrowded market and the board must recognise that security is a true business enabler.

More info: [url=http://www.infosecnews.com/opinion/2003/12/03_02.htm]http://www.infosecnews.com/opinion/2003/12/03_02.htm[/url]

A simple search reveals a plethora of resources, tools, and personal homepages, most claiming to “hack” for legitimate reasons, within the law. But there is also an entire underground network of hackers honing their tools and skills with malicious damage in mind.

“Ten years ago, ‘hackers’ used to mean people who tinker with computers. The definition has changed, so get over it,” Peter Tippett, founder and chief technical officer at TruSecure told BBC News Online.

The underground network is vast, with thousands of individuals and groups, ranging from lurkers who are intrigued by hacker chat to “script kiddies” who try out hacker tools for a laugh. Newsgroups, internet relay chat and increasingly, peer-to-peer chat and instant messaging, are buzzing with constant hacker chatter.

Net security companies like TruSecure in the US, have the job of keeping an eye on these groups to work out which weak net spot they are planning to attack next. It currently tracks more than 11,000 individuals in about 900 different hacking groups and gangs.

“There are 5,500 net vulnerabilities that could be used theoretically to launch an attack, but only 80 or 90 are being used,” says Mr Tippett. “Only 16 of 4,200 of vulnerabilities actually turned into attacks last year.”

A team of human and computer bots – artificial intelligence programs – count the vulnerabilities that pop up all over the web daily and measure the risk of security attacks for TruSecure’s 700 or so customers. But that is not enough for 21st century net security, says Mr Tippett.

A separate team at TruSecure has a more mysterious job. It is the elite group of hacker infiltrators, codename IS/Recon (Information Security Reconnaissance). Their daily job is to “see what the bad guys say to each other and what they claim to have done” by gaining respect and building online relationships with groups with names like Hackweiser and G-force Pakistan, Mr Tippett explains.

The hours spent gathering 200 gigabytes of information a day, are invaluable in helping to catch the small proportion of hackers who do the net severe damage. Pieces of information about groups and individuals are put together like a giant jigsaw in TruSecure’s mammoth database, nicknamed the “brain”. [Editor note this is actually a product called “The Brain”.]

More info: [url=http://www.thebrain.com/company/Press/bbc/BBC%20NEWS%20%20Technology%20%20Cracking%20the%20hacker%20underground.htm]http://www.thebrain.com/company/Press/bbc/BBC%20NEWS%20%20Technology%20%20Cracking%20the%20hacker%20underground.htm[/url]