Software // Enterprise Applications
Commentary
10/22/2004
01:11 PM
Bob Evans
Bob Evans
Commentary
50%
50%

Business Technology: Cyberinsecurity And A Hot Job Market

Nietzsche, who would no doubt have worshipped hackers, said that out of chaos comes order. Bob Evans says he doesn't know about that, but does know that unless software companies and their customers begin to think very differently about security, then out of today's cybersecurity chaos will come massive job opportunities for computer-security majors.

For anyone who thinks there are no more great IT job opportunities--you know, the ones offering long-term potential, lucrative pay packages, and a relentless stream of customers clawing at your door and waving blank checks in your face--it's time to plunge into cybersecurity. Got a son or daughter in college majoring in Philosophy of Environmental Protest with a minor in Ballroom Dancing? Immediately pull all funding--and cancel all credit cards--until the little dreamer starts taking eight courses per semester in Advanced Cybersecurity. Come to think of it, pair that up with an aggressive minor in Deviant Psychology and the kid will exit college to a bidding war that would make Shaq jealous.

I wish this were all a joke. But just take a look at the cascading chaos in the cybersecurity world today--and this is but a brief sample from last week:

  • A security breach at Berkeley might have compromised Social Security numbers and other personal data of 1.4 million Californians
  • Newly discovered bugs in Internet Explorer might make even XP Service Pack 2 vulnerable to attacks
  • Microsoft's Steve Ballmer says "we've learned more about security than anyone" but adds it would be "naive" to think the company can eliminate all security vulnerabilities
  • Google, awash in cash and seeking to wave its "Do No Evil" banner as it enters new markets, introduces a desktop search device that turns out to be tailor-made for hackers
  • And, in news that's a mix of good and bad, Microsoft said XP Service Pack 2 is now in the hands of more than 100 million users .
  • Let's take a look at some of the forces behind the chaos, and since Microsoft has been featured so prominently in these security-oriented news items lately, let's start with it. Ballmer says that hackers are continuing to get smarter and that this on-the-job training is thereby negating at least some of the progress Microsoft is making in trying to bulletproof its products. "I think we've learned a lot more about security basically than anyone else in the world," he said. "That's kind of the good news and bad news, being the position we've been in with our kind of market share." OK, we can see his point--but does it help anyone other than the college kid looking for a growth profession?

    Then there was the system breach at Berkeley, which had an interesting timeline: the break-in occurred on Aug. 1 but went completely undetected for about four weeks. When it was finally discovered at the end of August, state officials--despite the staggering number of potential Californians whose personal information was exposed and could have been accessed or stolen and sold--waited three weeks before notifying law-enforcement authorities. And even after all that, a state official from the California State Health and Human Services Agency tried to pooh-pooh the whole thing, as our Tom Claburn [tclaburn@cmp.com] reported: Emphasizing that there was no evidence that the hacked info had been looked at or sold, the agency's assistant secretary said, "Really, this is a precautionary measure." Well, sweet joy--THAT's gotta make those 1.4 million Californians feel better!

    OTHER VOICES
    The Internet Education Foundation and Dell have launched a spyware education program that aims to reach 63 million Internet users. Tom Claburn has learned that although more than 90% of computers in the United States have some form of spyware on their hard drives, the majority of people don't know how to identify or combat the online menace [http://blog.informationweek.com/wip/].

    -- InformationWeek's "Works in Progress" blog


    Taking a bit of a different tack, a security expert told Claburn that a major factor behind the break-in is that the university's security philosophy centers on keeping unauthorized intruders out without policing the actions of "legitimate" users. "It's a bit ironic," says Jonathan Bingham, president of Intrusic Inc., a security software company focused on internal threats. "The same thing happened to UC Berkeley back in 1998. What it highlights are a couple of factors that are inherently flawed within the industry and within the security profile of not just UC Berkeley but all of the organizations that are out there today."

    And then there's the new product from Google. It had barely made its online debut last week before reports began to circulate about the huge security problem the new product could present if it wasn't used for exactly and precisely the application the company intended. I'm sorry, but human nature being what it is, is that a viable approach?

    In response, as we reported last week, Google tried to emphasize the product is aimed at a very specific application, but the company ended up dispensing more of the treacly not-to-worry medicine we've all been dosed with lately: Google director of consumer Web products Marissa Mayer said managers of shared computers "should think twice about installing the software until Google develops advanced features like password protection and multiuser support." Yes, I see her point; from a straight logic perspective, it makes sense. But in reality, in today's hacker-infested environment, is it smart to tell people to "think twice" before installing a product with a gaping security hole? Shouldn't the advice not be "think twice before installing it" and instead be "don't think even ONCE about installing it" on anything but a standalone PC?

    And I have to add this perspective about the industry's security whipping boy: Can you imagine the indignance explosion that would be triggered if Microsoft said something like what Google said? Or like this: "We can only make Desktop Search as secure as your computer," [Google's] Mayer says. "If you lose control of your computer, yes, it's possible people could use Desktop Search and search for various items. However, there are also a lot of other things they could do to your computer while they're sitting in front of it." Oh. OK. For a minute there I thought other people looking through my computer was a problem.

    Nietzsche, who would no doubt have worshipped hackers, said that out of chaos comes order . I don't know about that, but I do know that unless software companies and their customers begin to think very differently about security, then out of today's cybersecurity chaos will come massive job opportunities for computer-security majors. And that's one growth market we ought to try to avoid.

    Bob Evans
    Editorial Director
    bevans@cmp.com


    To discuss this column with other readers, please visit Bob Evans's forum on the Listening Post.

    To find out more about Bob Evans, please visit his page on the Listening Post.

    Comment  | 
    Print  | 
    More Insights
    Building A Mobile Business Mindset
    Building A Mobile Business Mindset
    Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
    Register for InformationWeek Newsletters
    White Papers
    Current Issue
    InformationWeek Tech Digest, Dec. 9, 2014
    Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
    Video
    Slideshows
    Twitter Feed
    InformationWeek Radio
    Archived InformationWeek Radio
    Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
    Sponsored Live Streaming Video
    Everything You've Been Told About Mobility Is Wrong
    Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.