Content

Summer’s Long Days: Bouncing from Thought to Thought

Good old reliable time, not the Internet kind, does some flying.

That's not to say that Internet time, the stuff upon which that fast electronic highway relies, doesn't do some major racing of its own. Unfortunately, at this point, it seems that we're all just a bunch of poor souls simply trying to keep up with the massive interconnected beast. And, folks, time is being less than kind to those of us relying on the highway to bring their businesses some e-successes.

It all seems to be moving too quickly really - especially in a publishing industry that covers IT security. Right now, our staffers are already working on finishing September's issue and trying to move onto November. In our cluttered minds the end of 2002 is upon us - not the sun-soaked days of summer.

Maybe it is the near boiling temperatures and the muggy afternoons that have my head in a spin with all number of thoughts. The ones of greater import surround IT, infosec, and what the next year holds in store for businesses connected to and relying on the World Wide Web for the launch or maintenance of various corporate initiatives. It is in this humid haze of summer, during which I find myself thinking of how to approach our autumnal editions, that I decide to revisit old issues to see exactly what we've been going on about in the pages of our worldwide publication.

And, what I see makes me shake my head, because the issues the corporate world still grapples with haven't changed too much. I register surprise because I optimistically thought with the quickness of Internet time we had somehow managed to move on to bigger and harder issues. Despite our seeming and persistent awkwardness traveling the Internet highway among the various threats we face and the needs that challenge us, I thought that we had made some gigantic strides.

In a March 2000 commentary, I note that with the successful conclusion to the Y2K conundrum, folks have turned to resolving other issues, the main one being "protecting that all-too-important intellectual property." I write that "publicity surrounding information security is, not surprisingly, becoming quite mainstream," and that "even Kevin Mitnick was recently interviewed about it on a popular T.V. show." But, I then ask, "So with all this discussion ... infosecurity should be just as big a non-issue as Y2K, right?"

And, of course, the resounding response is a big no (both then and now): "There is still much to be done."

Back then in early 2000, people were still intoxicated with the encouraging conclusion to Y2K. They were wallowing in the fact that this long feared thing was a wee bit of a whimper, not the predicted nasty one-two punch that was to knock down whole systems for the final count.

But, then, just as quickly as the realization came that nothing too bad was going to happen because of Y2K, came the understanding that infosecurity was a big issue that needed to be dealt with in much the same thoughtful manner as was Y2K. Experts argued that the reason the changeover turned out to be such an inconsequential blip to most organizations was because of the planning and effort they put into making it so. Therefore, just as they did with Y2K, companies needed to plan, find out what their vulnerabilities were, be mindful of the threats and find the budget to deploy tools and implement policies to support protection of corporate assets. These concepts created the skeletal outline to developing a substantial and steadfast infosec infrastructure.

While predictions then surmised that companies would experience $100 million losses from cybercrimes (noting that such losses would only worsen), the prophets could not know that the CSI and FBI would show even worse figures in 2002. Now, 44 percent of some 220 respondents to the Computer Crime and Security Survey would actually quantify their losses at around $456 million.

So, here we are in 2002 experiencing acts of theft and fraud facilitated via the Internet. Back then, a company's Internet connection was noted as a frequent point of attack ... and that connection still fulfills this role today, but for even larger numbers of companies.

Even though the "Millennium Bug Misfired," as we noted in a later 2000 cover story, infosec threats certainly have not. It is certain that they have, more often than not, hit their intended targets again and again and again. And, this is occurring despite the fact that organizations were supposed to learn from Y2K.

"Executives now realize that IT departments in companies all over are necessary for defining and maintaining a footing in the global e-commerce market. The security of transactions over the web, availability of access to the web, development of standards for the web, combined with the demands of portability, integration and speed, are all issues that will be tackled by IT professionals..."

While many of these professionals have striven to reach these goals and other infosec-related objectives, there is still much to be done. The next Y2K still remains infosecurity. Though we learned then that we are "well past the infancy of the computer age," we still have some growing pains it seems in regard to understanding that we are wading smack dab in the middle of the computer age's "adolescence, where the practice of discipline must be exercised if a mature adulthood is to be realized."

Computer security, though well on its way to becoming mainstream several years ago, did not really get the nod it deserved. It is just now that blended threats like Nimda and Code Red and worries of cyberterrorist attacks are beginning to open up upper level managers' eyes to the dangers of being on the Internet. Said Michael Anderson, president of New Technologies, Inc., during a recent interview, "Y2K was the best friend of the computer security professional because additional funding became available. However, in my view, the area is still under-funded and not viewed as the important job that it is for the business survival of the organization."

But, it should be. As I've mentioned throughout this column and as we've noted throughout the pages of our publication, there is still much to be done when it comes to infosecurity planning, technological deployment, monitoring and education. Yet, the many problems associated with cybercrime prevention are far from irretractable - especially when it comes to the longevity of your company.

So, Mr. Executive and Ms. Board Member, begin acknowledging the importance of infosecurity for your enterprise's survival. Once you've done that, find the money to support it. Of course, in the current lousy economy this overly simplified suggestion to find more money for infosec may seem laughable. Yet, ignoring security needs and opting to spend dollars on other business initiatives won't make the bad guys go away. It may, however, see the demise of your company. And, in this economy, who on earth can afford that?

Illena Armstrong is U.S. editor of SC Magazine (www.scmagazine.com) and global features editor.
 

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.