This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."
Download it now to read this article plus other related content.
NOWHERE TO HIDE|
Yesterday's tattered system or network administrator, or Web site operator, fought back with signature-based defenses, or sometimes hid in the weeds hoping they'd plugged the latest Windows hole and prayed the latest mass-mailing worm would skip on by. That kind of security by obscurity is fatal today to many business models.
"Coupled with [the changing threat landscape] has been the transformation of attack tools, going from largely self-propagating attacks or hacker tool-kits to automated, sophisticated blended threats with a high reliance on social engineering," Spafford says. "Botnets and rootkits are prominent. For those of us looking at trends, we see a similar evolution of viruses--stealthy, widespread, automated, organized criminal activity, coming from where we were 10 years ago."
Donn Parker, a longtime computer crime observer and prominent researcher with SRI International, says the cat-and-mouse game between criminals and those paid to keep them in check followed business' migration to the Net--and he doesn't expect it to abate any time soon.
"I've said time after time, the problems associated with the use and misuse of computers is a one-upsmanship problem. The bad guys figure out new ways to beat the newest security, and good guys increase security again," Parker says. "Used to be in
| the 1960s, '70s, '80s, it was amateur criminal activity where the criminals were motivated to solve their own personal problems by malicious acts against computers. Gradually...it has grown into a very large-scale organized criminal activity where motivation is for financial gain."
This was first published in January 2008