Is your network leaking?

The life of the IT manager is an absolute minefield when it comes to securing the network

  • E-Mail
By  Julian Pletts Published  June 10, 2009

The life of the IT manager is an absolute minefield when it comes to securing the network. This was made abundantly clear when I attended a very interesting lecture given by Rik Ferguson, a prominent security threat analyst, in which he discussed the depth and breadth of the worldwide ‘underground economy’ where seedy characters populate smoke filled rooms renting out maliciously controlled botnets.

Alarming and absorbing statistics were being thrown at the increasingly bemused audience, such as 1,000 infected and controlled machines are farmed out for illicit use for just US$40. One ‘vendor’ of compromised machines is reportedly able to offer up to 145,000 machines at any one time and guarantees uptime. In addition to this, those that push malware are getting more and more businesslike. There are, according to Ferguson, plenty of malware providers out there precociously offering malware with service level agreements. Malware as a service is a growth market for the criminals.

The reason I mention this is not to turn people to the dark side of IT, but to instill a note of caution in any CIO or IT manager out there that might be considering cutting back on security or even just delaying the renewal of annuity service agreements. We may be in the midst of a great deal of financial confusion, but now is perhaps the best opportunity for negative entities to make a play for the integrity of your network.

There are of course security issues that the financial crisis is throwing up, or at the very least contributing to. Problems that IT leaders have to act on, sooner, rather than later. In the July issue of Network Middle East we find out about the plague of data leakage.

When thinking of data leakage, the disgruntled laid-off employee, wrangling as many sensitive files onto a USB, before being escorted from the building, springs to mind. But it seems there are many more holes than this that have to be cauterised.

There are two distinct categories to data leakage —data stolen from the outside and information leaked from the inside. But within these categories there are countless ways for sensitive data to make it into the open. For instance, thanks to your well-known email application being so kind as to remember email addresses already typed, you absent-mindedly hit send, and seconds later your recipient is greeted with a nice collection of your last quarter’s revenue figures. It could even be just as simple as someone wandering into your office with a laptop and plugging into the nearest network port.

The it-will-never-happen-to-me mentality, largely brought about by a mixture of human nature and the lack of firms holding their hands up to major data leakage incidents, is quite dangerous. Do not be fooled. It does happen here, it could happen to you. Hopefully we will be able to find out exactly what the region’s network administrators should be doing, today, to avoid having to mop up some rather costly and unsightly data spills in the near future.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code