IT directors must review security every
by Karl Cushing, © 2002 ComputerWeekly.com
Ltd. All rights reserved
IT directors have been warned that they should reassess their companies'
global IT security strategies every three months if they are to protect themselves
from hacking attacks.
Thursday, 19 December 2002 - According to new research from security specialist
mi2g, the UK was the third most targeted country in the world in 2002.
UK organisations sustained 5,099 successful digital attacks this year, making
it the highest-placed European entrant in a list that was topped by the US.
However, IT directors should be vigilant in all their geographical locations
following the appearance of Norway - a country not noted for its political
profile - at number three in the figures for December, after "a
sustained digital attack", mi2g said.
Organisations in the G8 group of western industrialised nations will be prime
targets for anti-capitalist and pro-Islamic motivated hacking attacks next
year, mi2g warned.
"The speed of change has accelerated significantly,"
said mi2g chairman and chief executive DK Matai.
Four years ago IT directors could get away with changing their strategies
annually. Now mi2g advises that "IT
directors reassess their global IT strategies from a security perspective
every 90 days," he said.
The scope of digital attacks and the potential for damage has also increased
exponentially. "This is not an issue that
only affects the UK or the US, it has fast become a global problem,"
Too many companies have focused on making their headquarters secure while
neglecting their regional offices. They are leaving themselves open to attack
via the back door, for example from trojans - a program that is capable of
locating passwords or password information despite appearing to be legitimate
- or making the system more vulnerable to future entry, said Matai.
Changes in insurance and re-insurance policies over the past nine to 12 months
have left many organisations unwittingly yet hopelessly unprotected for damages
to IT systems ensuing from digital attacks and viruses, he said.
Organisations are compounding matters by failing to adopt layered authentication
procedures; install patches for vulnerabilities promptly; monitor temporary
staff; and deal with more effectively with disgruntled employees.
Suppliers are also at fault, mi2g said. "We
are still flummoxed by the number of vulnerabilities being announced by suppliers.
This is a lingering problem," Matai said.
Financial services firms, which were key targets this year, will be replaced
by the tourism, travel and hotel industry in 2003. Increased broadband usage
will put more small- to medium-sized enterprises and domestic users at risk
from digital attacks.
The figures are based on reports of overt digital attacks held in mi2g's
security intelligence products and systems database, which records incidents
from across the globe.