Hacking's not just for geeks

Blended security threats are increasing, meaning that chief information officers have more to worry about than just hackers

As the term hacking has broadened to encompass a wider group of people, chief information officers will see more and more blended security threats within the next couple of years, according to one security researcher.

There will also be increased activity from people in countries that are just starting to come into the globally connected world, warned senior research fellow Sarah Gordon, who works in Symantec's security response team in the US.

Gordon said the term hacking now included a wider group of people. "Hacking was once the domain of the computer geek, who pushed software to the limits and beyond," she said. "It's done for a variety of reasons too -- from technical challenge, power, fun, excitement -- to for-profit getting, specific, and in some cases to do damage."

IT departments are increasingly grappling with protecting the company's IT systems, within budgetary constraints. Released last month the 2002 Australian Computer Crime and Security Survey, conducted by Deloitte Touche Tohmatsu, AusCERT and the NSW Police, outlined security threats being faced by Australian businesses.

Gordon advises administrators and security staff within organisations that they need to keep in mind that it's an ongoing process. "Managers need to remember it's important for their technical people to have the funding and authority to do their jobs," she said. "Businesses should continually examine and assess the value of their IT and IT-related assets, and the consequence should there be a problem."

Employee education is also something which Gordon highlights. "Users need to know it's not a good idea to experiment with viruses on their corporation's computers," she said. "More importantly, as many viruses and hacking threats use social engineering -- preying on the goodwill of employees to compromise systems -- users need to be educated regarding these types of threats."

A survey released by the Computer Security Institute (CSI) in the US earlier this year found that the most serious financial losses of respondents related to theft of proprietary information and financial fraud. Among the attacks respondents suffered, 40 percent had detected system penetration from the outside and denial of service attacks.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.