Month: November 2004

The research shows that enterprises worldwide will hire about 800,000 more security professionals by 2008. The research leaves no doubt that human beings will be needed to thwart the threats caused by other human beings.

Among other findings of the IDC/ISC research: The compounded annual growth rate of hires worldwide between 2003 and 2008 should be 13.7 percent.

“There are still many organizations around the globe that haven’t fully addressed their security issues,” Carey noted. Some of the most insidious damage to data is accomplished as inside jobs.

When viewed from a macro level the striking characteristic of threats is change. “It’s a continuously dynamic environment,” Carey added.

The vulnerabilities of networks and data centers evolve, just as the methods employed by hackers do.

The key to a successful security strategy is involvement.

It appears the enterprises that remain the free of viruses, break-ins and thefts will be those that refrain from throwing money or software at problems, and instead bring people in to respond to the shifting sands of I.T. hazards

http://www.cio-today.com/story.xhtml?story_title=I_T__Security_a_People_Problem__Workforce_To_Nearly_Double_by_____&story_id=28254

As security pros protect their applications and networks from today’s most common attacks, hackers are preparing to wage new wars. As new technologies such as Web services, radio-frequency identification, and smart phones loaded with complex operating systems become prevalent, new attack techniques against business-technology systems will follow.

The days of the hacker interested in intruding upon networks, cracking systems, and writing viruses and worms for the joy of the challenge or the mischievous thrill are turning into the days of the hacker as profit-motivated mercenary. The profit to be made through identity theft, corporate espionage, or using hacker skills to attack business competitors will continue to rise (see Extortion Online).

“It’s common for security professionals to continue to focus on fighting their most previous battles,” says Pete Lindstrom, research director with Spire Security. “But it’s important to prepare for the next front line.”

Last month one of the most complex attacks to strike the Internet targeted unsuspecting Web surfers who visited certain Web pages. Attackers infiltrated an Internet marketing company’s server and redirected Web surfers who visited sites displaying banner ads transmitted via the infected ad network to sites containing malicious code. Earlier this year, hackers attacked Web surfers via another Internet Explorer flaw by infecting Web sites and attaching malicious code to JPG image files.

As more companies deploy Web services, security experts predict hackers will find weaknesses in both Web-services security standards and companies’ implementation of these relatively new standards. Expect attackers to attempt to tamper with Web-services transaction data, deploy transactions that could contain potentially malicious payloads, and launch denial-of-service attacks (see Motorola Secures Web Services).

Spyware is one of the fastest-growing Internet threats. Unlike worms, viruses, and denial-of-service attacks, which are obvious when they strike, the crafters of spyware don’t want their work to be discovered.

Virus authors have written applications such as the Cabir virus, which spread via Bluetooth, and the Skulls Trojan, which disguised itself as a cell-phone wallpaper or ring tone but actually disabled some cell-phone functionality and turned icons on the screen into images of skulls (see Worm Is First To Target Mobile Phones).

Expect hackers to exploit weaknesses in RFID tags to attempt to wreck havoc on supply-chain systems by changing details stored on the tags, including pricing and the actual product.

http://www.informationweek.com/showArticle.jhtml;jsessionid=E3MTPP5V3IO0OQSNDBCCKHSCJUMEKJVN?articleID=54201336