Admins stuck between a hack and a zero-day

Summary:The world of IT security is in chaos, with CSOs seemingly on the front lines of a full scale global cyberwar being fought out by government hackers, botnet-controlling criminal gangs and compromised Web sites. Can we ever hope to keep networks safe in such an environment?

The world of IT security is in chaos, with CSOs seemingly on the front lines of a full scale global cyberwar being fought out by government hackers, botnet-controlling criminal gangs and compromised Web sites. Can we ever hope to keep networks safe in such an environment?

Accusations of government-sponsored hacking have been flying in recent weeks with the US, UK, Germany, and most recently, New Zealand, claiming to have been attacked by hackers that allegedly work for the Chinese government -- charges denied by the country itself.

Meanwhile, Storm worm has also been in the news with security researchers debating whether the botnet controlled by the worm, which is estimated to contain between one and five million infected PCs, could be used by criminals as a massive distributed supercomputer, potentially packing the power to deliver massive spamming campaigns, knock out targets with a DDoS attack and even use a SETI@home-style operation to crack very strong encryption, very quickly.

It is not just the hackers, spam and DDoS activity we need to worry about. These days it isn't even safe to simply surf Internet because there is no way of knowing if a Web site has or hasn't been compromised -- take the IE-exploiting Facebook ad, for example, or the Sydney Opera House Trojan.

These are legitimate sites and yet people have most likely put themselves at risk by simply visiting them.

So how do you go about protecting your organisation in such a hostile environment? According to Graham Andrews, the CIO of PricewaterhouseCoopers, the task is "a nightmare".

Andrews believes a company cannot be truly secure if the responsibility for security is pinned on one person or one department.

"Security is everybody's problem. The core ownership of security is throughout the organisation. Not just within the IT group but in the user community so they are fully appreciative of the risks out there," he said.

When security is the responsibility of just one department, "you have already lost the game," said Andrews.

Andrews is spot on. Ensuring everyone in your organisation -- from the developers to the doormen -- are aware that the only way to reduce the chance of a security breach is for everyone to play their part.

Topics: Security

About

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.Munir was recognised as Austr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.