Other
Commentary
7/11/2006
11:14 AM
Commentary
Commentary
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Same Old Security Song And Dance? Yes And No

In This Issue:

1. Editor's Note: Same Old Security Song And Dance? Yes And No
2. Today's Top Story
     - Microsoft Shows Off New Vista Basic Look
Related Stories:
     - Windows 98, Me Support Ends, WinXP SP1 Next
     - Microsoft Makes Leap To Per-User ERP Pricing
3. Breaking News
     - Mozilla To Release Firefox 2.0 Beta Tuesday
     - Legal Setback Raises Questions Of SCO's Survival
     - IBM To Release Linux Notes Sooner Than Promised
     - White House Asks For Dismissal Of NSA Wiretap Suit
     - Fans Pushing Back Against File-Sharing Suits
     - Options Pricing Scandal Could Hit Tech Vendors' Customers
     - EU To Cap Microsoft Daily Fine At $3.8 Million: Source
     - EMC Says Quarterly Results To Miss Forecasts
     - Data Brokers Draw Increased Scrutiny
     - BlackBerry Maker Comes Late To The Small-Business Game
     - FBI Warns Job Hunters Of Online Scams
     - Wi-Fi Cloud Of Hot Zones Planned For NYC
4. Grab Bag
     - Apple's New iPod Nano May Sport Metal Jacket (Appleinsider.com)
     - If You Have Something Worth Millions, Shouldn't You Back It Up? (techdirt.com)
     - Who's Afraid Of Nathan Myhrvold? (Fortune)
     - The Resurrection Of AOL (Business 2.0)
5. In Depth: InformationWeek's Annual Global Security Survey
     - InformationWeek Global Security Survey 2006: Controlled Chaos
     - Outsourcers Fill Businesses' Security Gaps
     - Built-In Software Security Flaws Have Companies Up In Arms
     - Global Differences
     - The Fear Industry
     - Video: Larry Greenemeier Talks About The Love-Hate Relationship With Security Researchers
     - Reader Tool: Compare Your Security Practices 2006
6. Voice Of Authority
     - Down To Business: There's No Leader's Manual
7. White Papers
     - Exploring Six Common Myths Of System i5 High Availability
8. Get More Out Of InformationWeek
9. Manage Your Newsletter Subscription

Quote Of The Day:
"The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents." — Nathaniel Borenstein


1. Editor's Note: Same Old Security Song And Dance? Yes And No

The results of InformationWeek's Annual Global Security Survey got me to thinking that the more things change, the more they stay the same.

By which I mean there's a certain amount of same-old same-old here, which is to be expected. On one level, the story is that the security story doesn't change much. The issue is a continuum, playing out over and over again. Companies may be spending more money, but they still aren't spending enough money. (They never do unless they've been publicly embarrassed.) For the most part, they don't set up or fully follow security procedures unless a news story scares the pants off them. They plow ahead with new technologies even though they know they aren't secure. (Hey, you gotta do what you gotta do to keep a competitive edge.)

And users keep doing stupid things, too. Mom was right: If their laptops weren't screwed to their desks, they'd lose them. No wait, they aren't nailed down, and they do lose them! Hackers continue to have their way, IT shoulders the blame, and researchers reap much publicity in the race to ferret out application flaws. If I never see another survey that brightly announces that users don't change their passwords enough, or should stop using birthdays and pet names as passwords, it won't be soon enough. (It's stuff like this, by the way, that will probably help propel biometric access methods into the mainstream.)

In fact, the only things that seem to change in this ongoing saga are the targets, the technology, and the attitudes of the public, legal, and regulatory sectors.

For example, it used to be that users of Macintosh or open-source systems didn't have to worry so much. Not anymore. Maybe blowing holes through Windows got to be too easy, but the bad guys have finally gotten 'round to training their sights on Apple and Linux. And hackers—even and especially white-hat ones—also didn't used to have to worry so much. Not any more. You get caught today, even with the best of intentions, and you face the highest chance ever of going to jail.

Law enforcement has taken an increasingly harder view of cybercrimes of all ilk, and it's showing up in tougher laws, cross-agency and cross-national teamwork, more arrests, and more jail time.

Congress at least thinks more about addressing high-tech issues, but the very thought of more action on the hill ought to give pause, given the knowledge base we're dealing with there. Take that key senator who brightly announced that the Internet is not a truck. Very good, sir, you may sit down now. On the other hand, if companies can't be scared straight, so to speak, into enacting needed reforms to protect the data they collect, well, maybe it would be better if Congress stepped in.

One obvious change is the evolution in publicizing hacks, data breaches, and vulnerabilities. Yeah, we still don't hear about this stuff in as timely a manner as we should, and the source of that information is often not the affected party (which it should be), but we're seeing more cybercrimes and computer flaws reported and publicized. Which is a good thing. It's good because it will spur at least some readers into action, and because knowing how each event happened, and knowing how it was dealt with, adds to our knowledge base.

The area of biggest change is, of course, technology itself. Be it the frighteningly fast evolution of viruses, Trojans, worms, and other forms of attack, old and new, or the technologies being used to defend against such attacks, the pace of change has been furiously fast.

At the end of the day, this should mean a major ratcheting up in turns of the seriousness of this issue. It means that even if the number of attacks falls, the cost of those attacks is escalating up and up. The fallout from a successful enterprise breach or data loss carries a higher probability of being more devastating. The cost of cleaning up after such an attack and defending against the increasingly more complex and sophisticated efforts to break in are going to rise to painful levels.

So even if your company is more secure today than it was a year ago, it won't necessarily help you going forward. IT needs to make sure all the security bases are fully covered, deployed, and in use, and then determine to remain on alert going forward, updating and changing policies and technology as needed. Be honest, does this describe your company?

This is a different kind of war on terror, but like its political counterpart, it's never going to be over. So don't wait for the next big news story to start looking at your security setup. Be proactive now because you never know—yours could be the next company splashed across the headlines.

** For another take on our annual global security survey, read Larry Greenemeier's summary of what he sees as the five biggest surprises from the survey and his cover story package on that survey. You can see the full package of survey results, reader tools, and stories by going to our special topic page on the subject.

Patricia Keefe
pkeefe@cmp.com


2. Today's Top Story

Microsoft Shows Off New Vista Basic Look
For machines that lack the horsepower to handle Vista's "Aero" interface, with its animation and other visual goodies, there will be a more basic look and feel.

Related Stories:

Windows 98, Me Support Ends, WinXP SP1 Next
Microsoft has reminded users several times that all support for the operating systems—including delivery of critical security updates—will cease after the regularly scheduled July 11 patch date. It recommends users upgrade to Windows XP.

Microsoft Makes Leap To Per-User ERP Pricing
The most common functions will be bundled in a Business Essentials entry-level package for about $2,250 per user before volume discounts. Included will be general ledger, accounts receivable, accounts payable, fixed assets and consolidations, and other core functions.


3. Breaking News

Mozilla To Release Firefox 2.0 Beta Tuesday
Enhancements range from an integrated spell-checker to an anti-phishing tool that warns users when they surf to a site blacklisted by Mozilla.

Legal Setback Raises Questions Of SCO's Survival
The Unix vendor says failure to win the lawsuit against IBM could kill off the company.

IBM To Release Linux Notes Sooner Than Promised
A Notes client for Red Hat Enterprise Linux 4 will be available on July 24, with a version for Novell Suse Linux Desktop for Enterprise 10 due within 90 days after that, IBM said.

White House Asks For Dismissal Of NSA Wiretap Suit
Government lawyers Monday argued that the National Security Agency's program is key to protecting national security and that exposing secrets in open court would be too risky.

Fans Pushing Back Against File-Sharing Suits
The Electronic Freedom Foundation is reviving its efforts to ignite a lobbying movement among music fans and recording artists. An online petition has garnered over 80,000 signatures so far.

Options Pricing Scandal Could Hit Tech Vendors' Customers
Stock option backdating is tripping up more tech vendors. Their customers could pay the price from managers more focused on a plunging stock price than customer service.

EU To Cap Microsoft Daily Fine At $3.8 Million: Source
The fine will be backdated to run from Dec. 15 to the date when officials from national competition authorities meet to endorse the Commission's proposal. Some observers expect the meeting to happen on Wednesday, when the fine will officially be imposed.

EMC Says Quarterly Results To Miss Forecasts
Demand for the latest version of its top-of-the-line storage system, Symmetrix DMX-3, was better than expected, while sales of the previous Symmetrix generation fell short of internal estimates. This is the second consecutive quarter EMC has missed its own targets.

Data Brokers Draw Increased Scrutiny
As the buying and selling of consumer data becomes a giant business, legislators are taking a closer look and considering regulations.

BlackBerry Maker Comes Late To The Small-Business Game
Microsoft, Palm, and Nokia already offer similar services. Those who aren't using wireless e-mail may have security and IT-control concerns.

FBI Warns Job Hunters Of Online Scams
Be extra careful when looking for work in cyberspace. The FBI is investigating some cases that involve fake job interviews and offers of employment that are actually ways to lure people into helping crime rings.

Wi-Fi Cloud Of Hot Zones Planned For NYC
Subscribers to NuVisions' in-building broadband service at $24.95 per month can use the company's Wi-Fi service without charge at any of its hot zones in the city.

All Our Latest News

Watch The News Show

In the current episode:

John Soat With 'Microsoft Minute'
Microsoft faces off against the European Union this week, releases seven security patches, and adds a new privacy folder to Windows.

Ivan Schneider With 'Tools Of The Trade, Part 1'
New York Times Interactive Graphics provides a quick snapshot of stock performances.

Laurie Sullivan With 'Tools Of The Trade, Part 2'
Writer Barbara DeMarco-Barrett says her podcast has attracted many new fans to her books, Web site, and radio show.

----- The latest research, polls, and tools -----

Can you Hear Me Now?
Learn how security issues are affecting companies installing VoIP in this recent report by InformationWeek Research. Use this report to understand the challenges you may face in your deployment and how security concerns can affect your installation, network, and security.

A Personal Approach To The Web
InformationWeek's newest service is MyInformationWeek, a personalization engine that responds to your stated preferences and also uses your click behavior to refine your profile and serve you the most relevant information on every visit. Sign up now.

Download PDFs Of InformationWeek's Top Stories
Visit InformationWeek Downloads to get all of InformationWeek's biggest and best articles all in one place. Presented in an easy-to-read PDF format, they'll help you analyze and make purchasing decisions for today's technology solutions.

-----------------------------------------

4. Grab Bag

Apple's New iPod Nano May Sport Metal Jacket (Appleinsider.com)
The next generation of Apple Computer's iPod Nano digital music player may dip into iPod Mini's wardrobe, AppleInsider has learned. In an effort to reduce the player's susceptibility to scratches, Apple has been experimenting with aluminum-anodized enclosures similar to those used in the company's iPod Mini digital music players.

If You Have Something Worth Millions, Shouldn't You Back It Up? (techdirt.com)
It appears that a guy saved his screenplays to his desktop, but didn't bother backing them up. When a technician came to his house to install the DSL, he tried to "help" by cleaning up the "unused" items on the guy's desktop—which, of course, included the screenplays. While compensated, he wanted the millions he never got in a signed deal.

Who's Afraid Of Nathan Myhrvold? (Fortune)
The giants of tech, that's who. And they have a nasty name for the former Microsoft honcho: "patent troll."

The Resurrection Of AOL (Business 2.0)
CEO Jon Miller is betting that new ventures like social networking, VoIP, and video advertisements can make the once-mighty portal relevant again.


5. In Depth: InformationWeek's Annual Global Security Survey

InformationWeek Global Security Survey 2006: Controlled Chaos
On the one hand, IT feels safer than it did a year ago. But on the other, more than half of U.S. respondents acknowledge there are more ways to attack business networks now than ever before.

Outsourcers Fill Businesses' Security Gaps
One-quarter of U.S. companies surveyed in InformationWeek Research's Global Security Survey 2006 outsource at least some of their security functions to managed services.

Built-In Software Security Flaws Have Companies Up In Arms
More than half of those responding to InformationWeek Research's Global Security Survey 2006 say vendors should be held legally or financially responsible for products' security vulnerabilities.

Global Differences
Basic aspects of IT security may hold true everywhere, but there are differences in China, Europe, India, and the United States when it comes to protecting business data and systems.

The Fear Industry
Shameless self-promoters? Fear mongerers? Sure, security researchers aren't always model citizens, but business technology pros want them on the job.

Video: Larry Greenemeier Talks About The Love-Hate Relationship With Security Researchers

Reader Tool: Compare Your Security Practices 2006
Security attacks are evolving and growing in number, making it challenging to stay ahead of potential threats. We invite you to benchmark your company's approach to information security against those of its global peers with this fast, informative, and confidential tool from InformationWeek and Accenture.


6. Voice Of Authority

Down To Business: There's No Leader's Manual
The bold and the beautiful don't always make the best CEOs and CIOs. There's far more to leadership than meets the eye.


7. White Papers

Exploring Six Common Myths Of System i5 High Availability
When it comes to System i5 high availability, misconceptions abound. The common myths, which address lack of reliability, difficulty of use, and high expense, are addressed here. This paper also provides a comprehensive look at the key factors you'll need when evaluating availability solutions.


8. Get More Out Of InformationWeek

Try InformationWeek's RSS Feed

Discover all InformationWeek's sites and newsletters

Recommend This Newsletter To A Friend
Do you have friends or colleagues who might enjoy this newsletter? Please forward it to them and point out the subscription page.


9. Manage Your Newsletter Subscription

To unsubscribe from, subscribe to, or change your E-mail address for this newsletter, please visit the InformationWeek Subscription Center.

Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.

Keep Getting This Newsletter
Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list:
InfoWeek@update.informationweek.com

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.

We take your privacy very seriously. Please review our Privacy Policy.

InformationWeek Daily Newsletter
A free service of InformationWeek and the TechWeb Network.
Copyright (c) 2006 CMP Media LLC
600 Community Drive
Manhasset, N.Y. 11030

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 24, 2014
Start improving branch office support by tapping public and private cloud resources to boost performance, increase worker productivity, and cut costs.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.