In what is becoming an all-too-familiar scenario, IT security managers are feeling the pinch to stay ahead of the security spending curve during uncertain economic times and an onslaught of viruses and worms.
Users last week had to keep alert for a tricky but destructive new e-mail worm as well as be reminded of the dangers of Web site hack attacks on customer credit cards.
Less than a month after enduring the hype and fast infection rate of the Anna Kournikova worm, many users were caught off guard last week by the "NakedWife" worm that spread through Microsoft Corp. Outlook. The Visual Basic Script (VBS) worm punished its victims by deleting all .INI, .LOG, .DLL, .EXE, .COM, and .BMP files -- in that order -- in the root Windows folder and then in the Windows System folder upon its execution, according to officials at Espoo, Finland-based F-Secure.
Meanwhile, Amazon.com Inc. subsidiary Bibliofind.com alerted its customers via e-mail last Monday of a "security violation" on its site that compromised credit card information found on the company's servers from October 2000 through last month, according to a report in the Wall Street Journal.
In its e-mail message to customers, Seattle-based Bibliofind.com, an old and rare book e-marketplace, said it has contacted the FBI and credit card companies about the break-in.
An advisory update published last week by the U.S. National Infrastructure Protection Center (NIPC) said the FBI has observed cases of hacker activity occurring for several months before the victims become aware of any type of intrusion.
Many small to midsize enterprises are complacent about these issues, assuming they are invisible to these threats and that larger companies are at greater risk, said Eric Hemmendinger, research director at Boston-based Aberdeen Group Inc.
Often it is up to the IT department to form a solid business plan -- equipped with security advisories, vendor product analyses, and cost comparisons -- to convince an organization to prepare for the worst, said Tom Schrieber, senior network engineer and IT manager at Sunnyvale, Calif.-based General Magic Inc.
"That's money [executives] see going away every year, and if they do not see anything hitting them [they ask], 'Are we spending the money for nothing?' " Schrieber said.
"But in actuality, it's saving them money by catching everything that comes in the door and saves man hours [because they don't have to] fix these issues, not to mention that it saves frustration," Schrieber said.
General Magic, which offers a voice gateway application, uses SonicWall Inc. for its VPN connectivity.
Some users cut corners by opting for in-house implementation and management, which is a risky move, said analyst Frank Prince at Forrester Research Inc. in Cambridge, Mass.
"In times of hard budgets, doing it yourself is even greater folly than doing it yourself when you have large budgets," Prince said.
This story, "IT security under the gun" was originally published by InfoWorld.