ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Toolkit

Talkback

Post a comment


Story: Corporate keylogger infections up 50 percent

  • Previous comment

Posted by: Arthur B. (Tuesday 16 May 2006, 11:46 PM)

  • Reply

Problem is that the entire security landscape is still seriously underestimated. Most decision makers still think that they're almost there, safe enough or label it a next year problem. Most of them basing their conclusions on commercially sponsored opinion, sales talk and what their peers are doing. Which underlines a serious lack in liability in places that matter.

Another thing is that the bad guys are constantly and rapidly evolving. Customized penetration and information gathering is nothing new under the sun and the average "off the shelf" security solution won't catch it. Certainly not in the way most of those are implemented, configured, maintained and monitored (outsourced and all). Couple that with the masses of organizations that never fail to bring in the latest and greatest gadgets that seriously weaken overall security (smartphones, PDA's, smart watches, WiFi, VPN, USB devices, iR, BlueTooth. Not to mention social engineering, bribed co-workers, smart PABX systems, consolidated centralization, waste bins, etc, etc) without giving too much thought on keeping on top of things, if any (most IT departments are overflooded with following support questions and incidents anyway, or worse: go the 'not my problem' route), and get their act together.

In other words, as long as the right people don't take responsibility or are not made responsible enough we're condemned to do what we've done the last ten years or so: carrying water to the sea while thinking we're not there yet but almost anyway.
Nothing short of a few worldwide disasters in a row will wake us from that dream state. And we've had a few in the mean time. Just not enough serious enough ones in a short enough amount of time. How quickly people forget.

Oh right, we've got politicians and commercial lobbiests bringing us new laws and technologies as the one and only answer to all the problems they in fact shoved down our throats. And for some reason or another we're not to believe that's mostly to protect self interest at the cost of various consumer and citizens rights, budgets and choices. DRM to the rescue? Who's rescue anyway? Updated IP laws for protection? Who's protection anyway? More power to the powerfull? Who's power anyway?

Back to the practical part. Either way, by following the commercially preferred way in solving the latest security issues and then the next and then the next and so on, or doing a root cause analysis and opt for more lasting solutions on the basis of a solid foundation, most organizations are facing yet again huge investments (time, budget, resources) to get things modernised because not doing anything will increase their risk of becoming a victim (including falling too far behind) as time goes by. Nothing new under the sun. Next year we'll know if they've learned anything or are setting themselves up to repeat the same mistakes in creative new ways.

  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread