CyberSecurity Institute

During the first quarter of 2005, IMlogic issued more than 15 priority alerts to enterprises and IMlogic Threat Center subscribers in response to the increasing frequency of reported IM threats. 75 new threats on public IM and peer-to-peer computing networks were discovered in the first three months of this year.

More than 50 percent of the incidents reported to the Threat Center during the first quarter of 2005 involved attacks at workplaces.

Only 11 percent of the incidents tracked by the Threat Center involved attacks on known vulnerabilities on IM applications.

The group said that 82 percent of the incidents reported to it involved IM virus or worm propagation, while 14 percent dealt with IM file transfer hijacking.

The Bropia, Kelvir and Serflog worms were found to be the three most frequently detected IM infections at workplaces.

The report released today by the IMlogic Threat Center provides complete data, analysis and discussion of key trends for the first three months of 2005.

More than 50 percent of externally reported incidents to the IMlogic Threat Center in Q1 2005 were attributed to enterprises and small businesses utilizing popular IM applications such as AOL Instant Messenger, MSN Messenger, Windows Messenger, and Yahoo!

The report highlights the increase in targeted IM attacks on corporate environments and the need for both enterprises and small businesses to prepare and defend against emerging IM threats.

Trend analysis provided in the IMlogic Threat Center Q1 2005 report suggests that IM-borne attacks will continue to increase as hackers capitalize on the growing popularity of IM in both consumer and corporate environments.

“The trends identified in our report will continue as IM becomes the new target for more sophisticated attacks aimed at disrupting Internet security,” said IMlogic Chief Technology Officer and Vice President of Products Jon Sakoda.

The Q1 2005 IM Security Threat Report is available free of charge by visiting the company’s Web site at www.imlogic.com/online/Q105_IMThreatReport.asp.

http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20050405005541&newsLang=en
http://www.zdnetindia.com/news/international/stories/120002.html

The report — called IT Priorities — is culled from a survey of 1,400 IT decision makers from what are described as mid-sized companies in Canada, the United States and Britain.

It’s a worrying figure but, in my view at least, part of the blame is being laid at the wrong door. First, before anybody runs away with the idea that the failure of IT projects is rampant, it’s necessary to look further into the study’s findings.

In a later section of the report, Info-Tech admits the majority of IT projects are in fact delivered on time, on budget and do meet expectations. Well, some projects inevitably fail to measure up, and getting good results most of the time isn’t good enough, it seems.

Failure is failure, and the infrequent missteps are tarnishing the reputation of IT groups in the eyes of business executives, the researchers say. “Only 5 per cent of enterprises told us they were always on time,” the report states. This indicates that 95 per cent of IT shops are not delivering some number of projects on time or to the full satisfaction of the business executive. This is a major contributor to a misalignment of business and IT.” The latter statement seems a bit harsh, since IT by its very nature is imperfect.

Consider the breakable operating systems in widespread use at most companies, coupled with desktop hardware that often delivers less-than-predictable performance. As a result, it’s arguable that most businesses are accustomed to experiencing something less than perfection when it comes to technology and, by extension, IT projects (including the “successful” ones).

But let’s take the researchers’ claim at face value.

Info-Tech asserts that the top three “perceived” reasons for project failures include unrealistic time frames, staff shortages and poorly defined project scopes — results that would make most IT consultants positively giddy, given that two of the three are practically open invitations for their services. These may be contributing factors, but in my experience the bottom line is simply that failures sometimes occur and people, even highly skilled IT workers, occasionally make mistakes. IT departments can’t always anticipate what will go wrong and they don’t usually know when they’re embarking on a doomed project. But when laying blame for problems, here’s something the researchers may not have considered.

Vendors, rather than IT staff, might be the ones ultimately at fault in some of the most serious project failures. That assertion comes as a result of some rather passionate comments made during an informal session of IT World Canada’s most recent chief information officer exchange, a regular meeting of top IT executives from government, finance and manufacturing. A pet peeve expressed at the meeting was that many IT companies overstate their products’ capabilities.

In some instances, it was reckoned that an overzealous salesperson sold a bill of goods that fell well short of what a CIO may have thought was being purchased. This becomes a particularly nasty problem when the shortcomings of the solution don’t become apparent until the project is well under way. Those shortcomings can be the primary reason behind a failed (or at least late) project.

And instead of the vendor, it’s the IT staff doing the integration work that tends to take the heat from management.

Let’s be clear about the magnitude of this sort of problem. I heard this complaint again and again from seasoned CIOs, people who have lots of technical knowledge and experience dealing with vendors. Distressing, too, is the fact that senior executives of these technology suppliers may not be entirely aware of this customer dismay, or of the less-than-forthright sales practices of some of their own reps. False claims by individual salespeople suggest a short-sighted approach aimed at getting the deal done, hitting the sales target and moving on to the next prospect. It’s a situation that frustrates the customer, who wonders why the supplier doesn’t take the time to understand his business and send knowledgeable salespeople who can propose solutions that might actually be useful.

http://www.globetechnology.com/servlet/story/RTGAM.20050331.wmclean31/BNStory/Technology/