Throwing away the key

Wayne Hull, general manager for Cisco UAE takes a look back at the security issues that have shaped the IT landscape this year

Tags: Cisco Systems IncorporatedUnited Arab Emirates
  • E-Mail
Throwing away the key Wayne Hull, CEO Cisco UAE: "The recession has created new moneymaking opportunities for at least one group of ‘entrepreneurs'— identity thieves".
By  Julian Pletts Published  November 24, 2009

As online criminals constantly adapt and refine their techniques for reaping illegal revenue, security professionals and individual computer users must become even more sophisticated in their own approaches to combating security threats. There are encouraging signs that aggressive ‘good guy' collaboration can succeed. The Conficker Working Group is an excellent example. The group was founded in early 2009 as the Conficker botnet continued to spread, and now boasts more than 100 security organisations (including Cisco) as members. The group's website publicises news about recent Conficker infections, the latest patches to block the Conficker worm, and tests to check for infection. The collaborative efforts of Conficker members helped disrupt most of the worm's activities earlier this year.

What in your opinion have been the most significant non-commercial developments in IT security over the year, globally and locally?

Businesses are increasingly putting in place programmes for reducing IT risk, especially security and compliance risks.  This has moved security from a technology discussion to a business discussion.  Regulatory compliance whether it be SOX, payment card industry or another compliance requirement has become a critical driver for security, tying together the technology controls with the policy drivers required to achieve compliance.

However, while regulatory standards are designed to help protect user data, organisations should never view compliance as a security guarantee. In fact, as stated in the Cisco 2008 Annual Security Report, multiple security incidents in the previous year involved organisations considered to be ‘compliant'. However, compliance procedures are specific by design; they are intended to help organisations achieve only very specific objectives that mitigate only particular security risks.

Overall how do you feel the financial crisis this year has impacted security and security considerations, globally and in the Middle East?

As worldwide unemployment has risen and the job market tightens both globally and in the Middle East, security watchers assume that online crime may also be on the upswing. Employees, who have been laid off, particularly those with IT skills, may see no option but to turn to online scams or other criminal activity. A subset of disgruntled employees without jobs may also be tempted to earn money by targeting former employers through network attacks or the theft and sale of intellectual property.

In May 2009, the UK's Financial Times reported that fraud committed by employees against their own companies may be on the rise, owing to the weak economy. The newspaper cited statistics from ‘whistleblower' hotlines, showing an increase in tips about insider crime.

And in April 2009, the Association of Certified Fraud Examiners, the world's largest anti-fraud organisation, released its report, Occupational Fraud: A Study of the Impact of an Economic Recession. According to the report, 90 percent of surveyed fraud examiners said they expect to see a rise in fraud over the next 12 months. 

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code