advertise here



Industry Comment Research   RSS Feed

Webinars Buyers' Guide Podcasts

Related Publications Foward Features




  In partnership with:

25 June 2008

2008: The year of the breach

The year so far, by Infosecurity’s Slack Alice

It's been a funny old six months here at Slack Space towers.

We've seen several major - and not so major - private and public sector organisations publicly humiliated as common sense on the security front seems to have departed the brain cell (note the singular) of their managers and employees.

We've also seen the slightly amusing - if tragic – demise of several senior government figures (Move over Darling) apologising to the House of Commons for the security failures of their peers and underlings.

I suppose it all started when some hapless soul at HMRC's North-Eastern operation decided to save a few bob by mailing the details of around 25 million child benefits claimants through the post, rather than use a courier.

That event took place last November, but the effects reverberated through the government on the IT security front.

Or did they? The Information Commissioner's Office got more than a little shirty in April when it transpired there had been a total of 94 data breach and data loss incidents since the HMRC child benefit data fiasco of last November.

Bruce Schneier (for it is he), erstwhile security guru and BT representative, made light of these data losses at the Infosecurity Show in April, even going to the extent of staging an onstage drama (ooh luvvie!) of a fictitious large company that discovered a data breach via a rogue wireless access point, which had taken place on its IT systems.

The sight of grown men hamming it up on the stage was almost too much to bear, but most attendees at the ‘interactive theatre' were here for words of wisdom from Bruce, whose Californian sense of humour had many in stitches.

Of course, Brucie had to go and spoil it all by admitting that he kept his home/office wireless router - which operates at T1 speeds (things are bigger and faster in the US, you see) - on open access and with not a WEP key in sight.

Mind you, Brucie's home truths on WiFi access security seem to be mirrored by almost every company here in Britland. In late June, for example, Virgin Media (yet another division of Branson, the bearded one) admitted it had lost the bank details (and other, ahem, non-critical data) of around 3 000 of its customers.

The data, it seems, had been saved in a non-encrypted format to a CD-Rom and then, er, lost.

The fact that Beard Media has its own network, email system and entire ISP operation didn't stop the company employee from using a CD-ROM. Secure FTP transmissions? Who needs them?

Back in the House of Commons, the steady stream of data breaches and losses has not gone down well with PM Gordy Brown, I am reliably informed.

Gordy, of course, has rather a lot on his plate at the moment, not the least of which is ensuring his pension contributions will be okay for the next few years, so he's been delegating the issue of government IT security matters to a number of lesser mortals.

But the security incidents keep on coming. In early June, no less than six laptops were stolen from a cupboard at a South London hospital, containing 20 000 unencrypted patient records, much to the annoyance of the Minister for Public Health, Dawn Primarolo.

The ensuing farrago (Dictionary.com's word of the day for March 25, 2002) has resulted in a lot of hot air. And not a lot else.

But the government, even though it has its hands full with arguably the worst economic outlook since the dark days of the mid-1970s, may have to get its finger out, as the provisions of the Companies Act 2006 are due to kick in this coming October.

Corporate governance? I suspect that the government could be cursing this term by the end of the year.

They certainly aren't taking any chances in the US where the Sarbanes Oxley(Sox) Act celebrated (if that is the right word) its fifth anniversary in June.

Most US managers live in mortal fear of the legal fallout of this Act, with some managers calling such fallout `Smelly Sox' for obvious reasons.

Will the provisions of the Companies Act 2006 result in similar fear and loathing amongst board level managers in the UK?

I somehow doubt it, as the DTI - which appears to have split in two according to its press office - seems to have overlooked the fact that the Act's provisions kick in this coming Autumn.

Talking of the law leads me to mention a lawsuit filed in May of this year by the Motion Picture Association of America (MPAA) demanding $15.4 million in compensation from file-sharing index site The Pirate Bay.

Considering that the indexing site's hardware must be worth around $5 000 and the student chappies running the site dress in T-shirts, we don't rate the MPAA's chances very highly.

The lawyer acting for the MPAA, meanwhile, has admitted to US reporters that she is worried about her computer being hacked by The Pirate Bay supporters. Bless.

As we enter the second half of the year, my peers here at Infosecurity Magazine (where I occasionally hang out) are asking me what will be the hot topic on the IT security front in the remaining six months of the year.

I think spam, notably mobile spam, is going to be a serious headache for IT managers and technology users.

No, I don't mean the disturbingly bouncy meat in a can kind of spam, but the electronic variety, which had its 30th birthday this year.

Yes folks, 30 years. According to mobile security vendor AdaptiveMobile, the first ever spam email was sent from the Digital Equipment Corporation to more than 390 Arpanet employees back in 1978.

Now it's a bit older, spam has decided to take a more active role in annoying mobile phone users, with 80 per cent of mobile punters receiving spam in 2007, according to the International Telecommunication Union.

"The industry should do everything possible to protect mobile users from spam, and to prevent it escalating in the same way as its PC equivalent," said Lorcan Burke, AdaptiveMobile's CEO.

Mind you, mobile spam can be quite useful. Apparently there is this nice Nigerian chap that is offering me five per cent of the $124 00 million left to the late King Ess el-Ack-Space of the state of Ubu Wonga, who died intestate earlier this year.

If I assist him, not only can I pay my mortgage, but I can even afford to pay my gas and electricity bill this year...
 

Latest News

Take it on Board: What Infosecurity's editorial board expected from 2008



 

 
Search this Site:
Google Custom Search



Click here...