Anti-hacking squads could help corporates

Gartner has called on enterprises to consider establishing specialist internal anti-hacking teams who would have wide ranging powers to defend against internet attacks.

William Spernow, Gartner research director, said that such a team would realistically cost $250,000 a year to run, and would be hard to sell to chief executives, but was needed in order to defend technology infrastructures.

Four in five Gartner clients haven't considered the issue of how they would prepare for internet attacks, according to Spernow. He said that law enforcement agencies can only help companies when they become victims, and that it is unrealistic to expect to resolve attacks after they happen.

"Companies don't realise a need to set up a team until they get burned," said Spernow. "If you're not prepared you're just another victim in the pool."

A cyber incident response team would mean network and voice engineering experts becoming involved with human resources, legal and PR departments. Its job would be to identify threats to a company's technological infrastructure, which it would then contain, isolate (if necessary by pulling the plug on internet connections), collect evidence on and, if necessary, disable.

Outsourcing incident response is one approach, but carries a risk that external agencies may become swamped and unable to respond in time.

Spernow predicted that the current Middle East conflict could spill into the technology arena and cited this year's FBI Computer Crime and Security survey to underline the possible threat.

According to the survey, eight per cent of security attacks originate from foreign governments and 10 per cent from foreign companies. US companies are the source of 18 per cent of threats, but external hackers, at 31 per cent, and disgruntled employees are still the most serious problem, according to the study.

"With a lot of external hacks you find there's an insider associated with the attack," said Spernow, who referred to a hacker who compromised a US financial institution and then began reselling access to data at $10,000 a time.

Spernow said that a huge security industry of around 100,000 jobs had grown up around a threat that was difficult to quantify. Estimates of the number of hackers capable of finding and maliciously exploiting a vulnerability in an operating system vary, said Spernow.

According to hackers, he said, such individuals might number only 100 to 300, whereas private sector estimates put the figure at between 1000 and 3000.

"We know it's out there but we're not really sure how bad it is," said Spernow, adding that because of uncertainty on their part, in some cases "vendors are developing applications for a threat they don't understand".