A Host of Insecurities about Security

Wednesday, October 21, 2009

Sudha Nagaraj


Security concerns will continue to dominate the IT sphere for a while. Governments are crying hoarse to put in preventive measures, the security industry is struggling to make up for losses suffered in a recessionary environment, enterprises are growing paranoid about the ‘insider threat’ and the small and medium enterprises are waking up to the need for security management.

With the recession weighing heavy on every CEO’s mind this year, security spending may have been minimal, but if IT advisory firm Gartner is to be believed, user activity monitoring through myriad security tools will be a dominant technology trend in 2010. Gartner gives us some numbers to back its prophecy: The worldwide security software market will total $14.5 billion in 2009, an 8% increase from 2008. In 2008, it grew at 19%, and Gartner anticipates the market to grow 13% in 2010 as revenue will total $16.3 billion.

So do we infer that coming months will see a deluge of attacks on IT systems? Surprisingly, that is not the case. A closer look at the steady increase in number of breaches can apparently be traced to stepped-up efforts to track them. Further, the bulk of attacks reveal the same techniques used a year ago, reveals Gartner’s security czar, John Pescatore in his Cyber Threat Assessment for 2010.

The only evident change seems to be our lack of preparedness in tackling the problem.This also has to do with mindset. Security has traditionally “focused on putting up a perimeter fence to keep others out, but it has (now) evolved to monitoring activities and identifying patterns that would have been missed before.”

Thus, information security professionals face the challenge of detecting malicious activity in a constant stream of discrete events that are usually associated with an authorized user and are generated from multiple network, system and application sources, reasons the Gartner report.Now, if that reads like the “enemy is within’ and Companies had better stalk their employees 24x7, see what a new research by global market intelligence firm IDC, (sponsored by security solutions provider, RSA) has found: “A study involving 400 respondents revealed that more security incidents were caused by accidents or carelessness by insiders than by malicious insider attacks, and the financial impact was greater.

Unintentional data loss through employee negligence was the most common threat, while the greatest financial impact was caused by out-of-date or excessive privileges and access control rights for users. Other internal incidents included the accidental spread of malware and spyware.”

That brings us to the question: How does one differentiate between the malicious insider, the ignorant insider, the trusted outsider, the careless worker, the harmful hacker and so on…if you leave it to mere tools, you are bound to get many  false alarms. And the irony is you cannot afford to ignore a single one. Looks to me, the CIO/ CSO should turn Chief Investigating Officer/Chief Surveillance Officer as well.

Possibly Related Articles:
General Enterprise Security Breaches
breaches Budgets Security Strategy
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.