Month: March 2005

The report — called IT Priorities — is culled from a survey of 1,400 IT decision makers from what are described as mid-sized companies in Canada, the United States and Britain.

It’s a worrying figure but, in my view at least, part of the blame is being laid at the wrong door. First, before anybody runs away with the idea that the failure of IT projects is rampant, it’s necessary to look further into the study’s findings.

In a later section of the report, Info-Tech admits the majority of IT projects are in fact delivered on time, on budget and do meet expectations. Well, some projects inevitably fail to measure up, and getting good results most of the time isn’t good enough, it seems.

Failure is failure, and the infrequent missteps are tarnishing the reputation of IT groups in the eyes of business executives, the researchers say. “Only 5 per cent of enterprises told us they were always on time,” the report states. This indicates that 95 per cent of IT shops are not delivering some number of projects on time or to the full satisfaction of the business executive. This is a major contributor to a misalignment of business and IT.” The latter statement seems a bit harsh, since IT by its very nature is imperfect.

Consider the breakable operating systems in widespread use at most companies, coupled with desktop hardware that often delivers less-than-predictable performance. As a result, it’s arguable that most businesses are accustomed to experiencing something less than perfection when it comes to technology and, by extension, IT projects (including the “successful” ones).

But let’s take the researchers’ claim at face value.

Info-Tech asserts that the top three “perceived” reasons for project failures include unrealistic time frames, staff shortages and poorly defined project scopes — results that would make most IT consultants positively giddy, given that two of the three are practically open invitations for their services. These may be contributing factors, but in my experience the bottom line is simply that failures sometimes occur and people, even highly skilled IT workers, occasionally make mistakes. IT departments can’t always anticipate what will go wrong and they don’t usually know when they’re embarking on a doomed project. But when laying blame for problems, here’s something the researchers may not have considered.

Vendors, rather than IT staff, might be the ones ultimately at fault in some of the most serious project failures. That assertion comes as a result of some rather passionate comments made during an informal session of IT World Canada’s most recent chief information officer exchange, a regular meeting of top IT executives from government, finance and manufacturing. A pet peeve expressed at the meeting was that many IT companies overstate their products’ capabilities.

In some instances, it was reckoned that an overzealous salesperson sold a bill of goods that fell well short of what a CIO may have thought was being purchased. This becomes a particularly nasty problem when the shortcomings of the solution don’t become apparent until the project is well under way. Those shortcomings can be the primary reason behind a failed (or at least late) project.

And instead of the vendor, it’s the IT staff doing the integration work that tends to take the heat from management.

Let’s be clear about the magnitude of this sort of problem. I heard this complaint again and again from seasoned CIOs, people who have lots of technical knowledge and experience dealing with vendors. Distressing, too, is the fact that senior executives of these technology suppliers may not be entirely aware of this customer dismay, or of the less-than-forthright sales practices of some of their own reps. False claims by individual salespeople suggest a short-sighted approach aimed at getting the deal done, hitting the sales target and moving on to the next prospect. It’s a situation that frustrates the customer, who wonders why the supplier doesn’t take the time to understand his business and send knowledgeable salespeople who can propose solutions that might actually be useful.

http://www.globetechnology.com/servlet/story/RTGAM.20050331.wmclean31/BNStory/Technology/

However, 64 per cent of Canadians surveyed were unable to accurately define the term “phishing” – the increasingly common practice of using fraudulent spam emails and fake corporate Websites to fool recipients into divulging personal financial data.

Phishing email messages mimic a legitimate source such as a bank or an online auction site. Messages notify recipients that an update is required to their account information and directs them to follow a link where they are asked to provide personal account information.

In rating security, men and women differed slightly in their online priorities in the Aol study. Forty-two per cent of women versus 36 per cent of men rated identity theft as their number one concern. However, more men (22 per cent) than women (10 per cent) rated spyware or adware tracking their online habits as their primary online security concern.

While Canadians list identity theft (39 per cent), viruses (31 per cent) and spyware (16 per cent) as major security concerns, they are less fearful of spam in general.

Only nine per cent of respondents listed spam among their primary security concerns.

http://www.canada.com/technology/story.html?id=917533a9-8e14-4410-9e5b-3f5c71977cfd

Research from the Anti-Phishing Working Group (APWG) found 13,141 new phishing emails were reported to the organisation in February, an increase of just two percent compared to results from January.

The number of phishing Web sites supporting these attacks only rose by 1.8 percent — from 2,578 to 2,625 — over the same period.

Phishing scams attempt to lure victims into parting with confidential information. Scammers typically send an email, purporting to be from a bank or e-commerce vendor, that links to Web sites that mimic those companies, but are actually hosted by scammers.

The group claims that the monthly growth rate of phishing attacks since July 2004 is 26 percent.

However since the APWG results depend on the number of people that report phishing scams to its Web site the increase in reported scams could simply have been due to growing awareness of the APWG and its actions.

It’s not clear why there was such a small rise in reported phishing scams between January and February 2005.

The report also confirmed that scammers have started using a new practice called pharming — a technique that hijacks domain names and secretly redirects users to fraudulent Web sites.

http://news.zdnet.co.uk/internet/security/0,39020375,39193153,00.htm