February 06, 2001, 10:44 AM — On the heels of different security threats and incessant attacks on high-profile Web sites, security experts agree: When it comes to the security of your systems, never be complacent.
Citing a Computerworld U.S. survey conducted last month, Douglas G. Conorich, Global Solutions manager of Managed Security Services at IBM Global Services, said that a majority of the 1,400 chief information officers (CIOs) polled said they believed their organizations were secure from both internal and external threats.
"This is a very unsecure posture to take. Security professionals need to have a paranoid attitude. Even the most innocuous hole can cause major problems," he said. "Security is not only a matter of how secure we are, but also how secure our customers feel we are."
For Warren R. Bituin, director of Technology Risk Consulting at Arthur Andersen, the public perception and attitudes of organizations toward security have changed in a positive way. He added that they are more aware about the dangers of taking security for granted.
"However, their usual approach to security management is not optimal," he pointed out. "In most cases that I've seen, companies roll out technical solutions right away without really going through the process of risk assessment and enterprisewide security architecture design and development."
As a result, some security threats are not effectively addressed and some system vulnerabilities are not fixed on a timely basis, Bituin observed.
Albert dela Cruz, president and CEO of Wolfpac Communications Inc., a local security system provider, attributed this change and growing awareness to the much-publicized distributed denial-of-service attacks (DDoS) on popular Web sites like Amazon.com and eBay.com as well to the security breaches experienced by software giant Microsoft last year.
"Well, there are good things that came out from the bad. Because of these events, companies have taken a serious look at information security," he said.
MORE ATTACKS TO COME
All these security experts believe that security threats will continue to be a major concern of organizations that are taking advantage of the Internet as a business tool.
At the same time, the Internet will also continue to be the major source of different security threats and hack attacks, said Bituin. "This is because the skills required to execute an attack has gone down due to the proliferation of hacking tools that are just a download away."
Dela Cruz agreed, saying that the increasing availability of DoS scripts over the Web and its ease of use have made it a favorite tool for wannabe hackers.
Conorich said the biggest threats on the horizon are from those that exploit vulnerabilities related to buffer overflows, floods and malicious code attacks, which the DDoS Trojans use.