The current security threats to business IT infrastructures have increased dramatically. Most notable are the rising number of viruses and similar malicious programs that threaten serious financial loss.
“The numbers of viruses, worms, Trojans and other, malicious programs aimed at PC users has now surpassed 100,000” according to McAfee (Tuesday, 21 September, 2004).
McAfee, and many other anti-virus firms, are seeing 25-50 new viruses or variants of old ones every day. For example, the current number 1 on Trend Micro’s list of top five security threats is the NetSky.P worm. The variants of NetSky have been prominent in IT and mainstream media for the majority of this year infecting networks through email attachments that, at first, appear to be official documents. NetSky, along with other worms, MyDoom, Sasser and SoBig, racked up an estimated £8 billion in combined damages, worldwide in the last 2 years.
Anti-virus software is becoming more effective to fight the new strains of viruses and worms, but is still a reactive form of defense. Anit-virus software, in some circumstances, is used to resolve damage caused by a virus rather than prevent it in the first place.
Although viruses are one of the most feared IT security threats, there are many other issues organizations must consider in today’s evolutionary technological industries in order to keep their IT infrastructures safe.
The 2003 CSI/FBI Computer Crime & Security Survey results still conclude that over half of known IT security breaches occur from within organisations.
Disgruntled or former employees pose a threat to any business and can gain access to internal systems relatively easily. Confidential company information can be used maliciously by employees either hacking into servers and files or by utilizing hacking tools readily available via the Internet and with a higher concentration of computer literate workers these risks are even more significant.
Even trusted employees can, unwittingly, cause major disruption to organizations. Security breaches that affect the financial bottom line are not just in the form of externally or internally introduced viruses that infiltrate and damage the network. Other factors to contemplate are legal threats and loss of productivity which could bring about consistent financial loss if not identified and addressed.
Peer-to-peer file sharing has become an extremely popular pass-time, especially during company working hours and with audio and video files having unlimited sizes, it is easy to understand the network bandwidth issues that may arise. The requirement to upgrade hardware to compensate for lack of storage or the threat of virus propagation on the network can be costly, as can the loss of productivity whilst engaged in this activity.
Games and animations can also affect user productivity. These can easily be introduced onto the network and distributed between peers as the majority of standard operating system security measures are weak.
Internet access is crucial to most businesses and the security threats that can be introduced by it are notorious. Emerging Internet threats include spyware and adware technologies, which have the ability to install themselves on machines without users’ knowledge. These types of programs can collect and transmit information, such as key-strokes and Web-surfing behavior, but more importantly can reveal passwords and other sensitive information.
Inappropriate content is a controversial and worrying threat to today’s enterprise. Through the Internet or peer-to-peer file-sharing, employees have the ability to download or share pornographic content. Not only can these cause detrimental effects on company reputation, but could leave the organisation liable to legal action. Both scenarios could result in financial losses.
A major Internet security risk, in which a user could unknowingly incur substanial cost to the organization, is the downloading or introduction of unlicensed software to machines inside the network.
At War with the Law
Software piracy continues to grow.
“More than one third of the software installed on the world’s computers is pirated” according to the Business Software Alliance (BSA). UK copyright laws (penalties include unlimited fines and up to two years imprisonment) serve to deter unlicensed software being introduced onto company machines, but the issue is, how do organizations monitor, let alone, combat unlicensed software being introduced onto corporate systems by their users, via Internet downloads or removable media?
A BSA reward of £10,000 for revealing companies who use unlicensed software has also made it an attractive proposition for some to turn in their organisations to the authorities. After all, it is the company Directors who pay the price not the employee!