• Skip Navigation |
  • Accessibility 
Supply Chain Risk Management Summit 2008 - 3/4 November, Rotterdam
IT-Director.com Logo
  • SOA governance and data governance - separate or one in the same?
  • Ten things I learned about Citrix… and a little history lesson
  • HP raises the green bar
 

Main navigation - go to a section of this website:

  • ARCHIVE
  • PAPERS
  • RESEARCH
  • EVENTS
  • NEWSWIRE
  • BLOGS
  • POLLS

  

Member Login | Become a Member

 
DOMAINS
  • Enterprise
  • SME
  • Business Issues
  • Technology
  • Services
  • Channels
FEATURED EVENTS
  • Virtual Worlds Forum Europe 2008
    6th October - 8th October
    London, United Kingdom
POPULAR PAPERS
  • The New Europe by Quocirca
  • Comparative costs and uses of Data Integration Platforms by Bloor Research
TRANSLATE PAGE



USEFUL LINKS
  • Last 7 Days
  • Archives
  • Market Place
  • Top Articles
  • Hall of Flame
INTERACT
  • Advertising
  • About IT-Director.com
  • Site Feedback
  • Newsletters
  • Contact Us
  • Registration
CONTENT FEED

Sitewide
RSS Feed:

RSS Icon

What is RSS?

RANDOM QUOTE
Famous Slights - "Don't point that beard at me, it might go off." - Groucho Marx

ADVERTISEMENT
Blogs > Alastair Revell

Internet Attacks: It Won't Happen to Us...

Alastair Revell By: Alastair Revell, Managing Consultant, Revell Research Systems
Published: 11th February 2008
Copyright Revell Research Systems © 2008
Logo for Revell Research Systems
Page Tools

Request Reprints
Tell A Friend
Contact Author

Recent Blog Posts
  • Bletchley Park
  • Do Young IT Professionals Deserve a Career Track?
  • Microsoft: What does the future hold?
  • Web Compliance? It is often simply unbelievable!
  • A Contentious Lunchtime Thought?
  • EMail: The Beginning of the End?
Blog Archive
  • September, 2008
  • June, 2008
  • May, 2008
  • March, 2008
  • November, 2007
  • October, 2007
  • September, 2007
  • August, 2007
Syndication
  • Delicious Icon Delicious
  • Digg Icon Digg
  • reddit Icon reddit
  • Facebook Icon Facebook
  • StumbleUpon Icon StumbleUpon

The lack of understanding of IT-related security issues in many small-to-medium sized businesses that I encounter as a management and technology consultant often worries me.

There seems to be a mindset amongst senior managers (often at partner and director level) that security breaches are only perpetrated by external human hackers and that their firms are not sufficiently important enough to attract attention.

These senior managers miss the fact that almost all initial external attacks are automated and that although many of these attacks may be unsuccessful in compromising their organisation’s data security, they may nonetheless seriously damage their internal infrastructure, resulting in significant costs in order to rectify the damage.

It would be a lucky organisation indeed that did not have its Internet defences probed at least once every couple of minutes. The most recent log I inspected for a small organisation was receiving an attack per minute in what appeared to be an attempt to swamp instant messaging clients with spam. The log also revealed port scans and other nefarious activity once every 10 minutes. These more serious attacks are often scanning for weaknesses through which to inject malware.

We have conducted occasional exercises in assessing just how bad this type of wanton vandalism is by simply connecting an unprotected set of newly built PCs to the Internet. Our somewhat primitive research shows that it takes around 15 minutes before machines in this condition are crippled with malware. Much of the malware also seems to be aimed at stealing credit card details and the like; and could cause enormous damage to an organisation’s reputation.

I’m often confronted by SME senior managers that argue that they have nothing of value on their networks, but my immediate retort is that neither did the machines mentioned above, but the cost of putting them back together again was expensive. It is clear from the subsequent discussions with these managers just how valuable having an operating computer system actually is to their organisations.

The irony is, of course, that the sort of dubious activity I see time and time again in firewall logs is the equivalent of a criminal gang casually walking down the road trying the doors and windows of each building they encounter for weaknesses, with a view to coming back later to investigate the weaker buildings further. I have little doubt if our streets were full of such marauding gangs then there would be huge public concern. The problem for IT is that this kind of behaviour is literally “out of sight, out of mind”.

I believe, like many other observers in the profession, that there is a discernible shift away from writing viruses for the sheer devilment of it to one of seriously making money out of it.

Indeed, Joe Telafici, vice president of operations for McAfee’s Avert Labs, recently said in a BBC interview that he felt 2007 had effectively seen the extinction of young hackers who wrote viruses and other malicious programs for fun and that writing Windows malware was now all about money.

Reader Comments

We are no longer accepting comments against this item. We suggest contacting the author directly.

15th February 2008: 'João Paulo F. A. Carvalho' said:

Mr. Revell does have a point. Being also a management and technology consultant, specialized in crisis management, I am too often called after the burglars entered the premises, or the information systems that support the business.

The lack of a proactive attitude towards security is the basis for the growing numbers of these attacks. The upside is that leaving your door open to these persons and organizations keeps me paying my bills.

Reply to João Paulo F. A. Carvalho?

15th February 2008: 'Alastair Revell' said:

Many thanks for your feedback.

Reply to Alastair Revell?

19th February 2008: 'Duncan' said:

Excellent and insightful blog by Mr Revell. Keep up the good work.

Reply to Duncan?

The messages above were all contributed by IT-Director.com readers. Whilst we take care to remove any posts deemed inappropriate, we can take no responsibility for these comments. If you would like a comment removed please contact our editorial team.

  • Site Map
  • | Terms of Use
  • | Privacy

Published by: IT Analysis Communications Ltd.
T: +44 (0)203 051 5760 | F: +44 (0)870 345 9922