Companies blasted over IT security

Companies are still not doing enough to protect themselves from viruses and hackers, despite their unprecedented growth over the past year.

In a scathing attack on the state of IT security, Arthur Coviello, president of RSA Security, blasted companies for failing to act against the rising threat faced by corporate systems.

Speaking at RSA's annual European conference he said increasing use of Wireless Local Area Networks (Wireless Lans), the huge growth in external rather than internal attacks and the growth in email viruses were all reasons why 2002 has been the worst yet for IT security.

"Never in the course of human history have so many people talked for so long and done so little," paraphrased Coviello.

"The time to act is now. Things are not getting better and our critical infrastructure - utilities, communications and financial - are all vulnerable to attack from the internet and are being targeted."

However, Steve Hunt, vice president of security reseach at Giga Group, said Coviello was only partly correct.

If viewed as purely a technical problem, the threat has leapt, Hunt agreed. But companies realise they have bought too much technology that has failed to solve business problems.

"Companies have vastly improved the quality of their IT security in the last year through policies, procedures and, most importantly, by assigning people whose job it is to make sure that technical security measures relate to business risk," said Hunt.

Coviello said that IT administrators are failing to install wireless networks properly, which was becoming a major problem.

A recent trip through the City of London by a monitored drive-by hacker found 124 unsecured wireless networks, allowing access to 207 different networks.

In up to 80 per cent of these cases the default settings of the wireless networks had remained unchanged, allowing easy access by hackers using widely available software.

But extracting company data from a poorly protected wireless Lan still requires a skilled hacker, and far more of a problem for IT managers are rogue Wireless Lans, said Hunt.

"The real challenge is identifying rogue access point, where staff have bought a wireless hub and plugged it into the corporate network.

"This is the same sort of problem that we had when modems were first introduced and people installed them without authorisation," he said.

According to RSA, organised outside hackers were now causing the most damage, a big shift from last year. Previously internal threats, usually from disgruntled staff were the main problem.

Coviello said UK businesses understood that security was a board-level issue, not just a problem for the IT department. However, this awareness had not been matched by significant funding and so progress was faltering.

Virus problems have continued to damage businesses and individuals, as the number of viruses in the wild is rising rapidly and the low sentences handed out to their creators have not proved a deterrent.

The creator of the Kournikova virus received just 120 hours community service while David Smith, creator of Melissa, was jailed for 20 months.

Comment on this story