by Don Willmott
Last September I attended the New York launch event for Symantec's annual release of its Norton Internet Security suite. Among the evening's highlights was a riveting presentation by a real-life FBI agent specializing in cybercrime, who regaled us with tales of outrageous online crime sprees. Of course, to move their merchandize security solution providers have to sell a little fear, but I left thinking about just how scary life has become.
I'm not the only one thinking that way. The very concept of "security" in all its forms it a hot topic everywhere these days, and certainly the IT arena is no exception. At the end of last year,
IT employment analyst David Foote said that, "Unlike other technology job segments, pay and demand for security skills have risen steadily since 2007 and neither budget nor headcount has diminished in economic hard times." Why? Fear of increasing threats to the enterprise, increased regulation, and a growing sense that risk management is not just an IT task but an overall business imperative, he believes. That's why employers are looking for "experience necessary for corporate and business line security positions in risk management and governance."
Interestingly, our communal free-floating fear could have an impact on another incipient IT trend: cloud computing. Are enterprises really going to move more of their operations online if they fear that the Internet is crawling with data thieves and cybercrooks? PC Magazine analyst Tim Bajarin made a bunch of 2010 predictions recently, commenting that:
There could be a major security threat aimed at our cloud networks that is so drastic it could set back the timeframe for shifting businesses and users to the cloud-based model. Maybe I've been hanging around with too many cyber security types lately. They tell me that their biggest fear is that cybercriminals will try to take down our power grids and financial systems. But even if cybercriminals don't succeed, there may still be successful attacks on existing cloud services that will dissuade users from storing more information in the cloud.
See what I mean? Everyone is running scared.
If you'd like to get a more measured take on what the real threat levels are, tune into an archived December webcast from the Computer Security Institute, in which it announces the results of its annual security survey. Some highlights:
- Respondents reported big jumps in incidence of password sniffing, financial fraud, and malware infection.
- One-third of respondents' organizations were fraudulently represented as the sender of a phishing message.
- Twenty-five percent of respondents felt that over 60 percent of their financial losses were due to non-malicious actions by insiders.
So yes, the threats are real. But let's keep our wits about us as we work to prevent trouble (and make a little money as we do so).