October 09, 2001, 10:13 AM — IT professionals in charge of computer security need only look in the mirror to meet their biggest enemy.
About 90 percent of security breaches occur because attackers take advantage of software that IT staffers have either misconfigured or failed to patch, a Gartner Inc. analyst said on Monday during the company's Symposium/ITxpo 2001 here. Thus, by fixing known vulnerabilities and properly configuring software products, IT departments would be able to prevent most security incidents, such as Web site defacements, information theft and denial of service attacks.
"We have met the enemy, and they are us," said analyst John Pescatore.
Most of the malicious code that is unleashed on the Internet simply mimics existing attack scripts and attempts to exploit known security holes for which patches exist.
"Internet attacks are 90 percent imitation and 10 percent innovation," Pescatore said.
That these types of easily-preventable viruses and worms -- such as the Nimda worm and the Code Red worm -- often wreak havoc across computer systems worldwide, proves that many IT departments are simply not showing even basic levels of diligence and care regarding security. But that must change. As companies increase their use of the Internet for critical operations, the cost of security breaches will rise significantly in the coming years.
"As your company's use of the Internet evolves, your security program must lead the way," Pescatore said.
Another big problem is that many IT departments don't have a unified view of their security infrastructure because security initiatives are dispersed among a variety of groups that don't always coordinate their efforts. So the team in charge of a company's PCs may load anti-virus software on client machines, while the networking group puts up firewalls and the server people implement wares to protect applications, all the while without checking with each other first to make sure that those products interoperate, he said.
This lack of communication and coordination often leaves security gaps no one is aware of until it is too late. Gartner estimates that companies where a variety of groups monitor and manage security will suffer 50 percent more attacks than those where security management is consolidated. Companies should evaluate products designed to pull together the management and reporting functions of a variety of security tools from different vendors, he said.
"A fractured approach to security monitoring and management leads to security fractures," he said.
Other security tips, facts and warnings from Pescatore:
-- Desktop operating systems, including Windows 2000 and Windows XP, do not provide all the necessary security safeguards client machines need, so most users must buy third-party security software for adequate protection.