Security challenges take toll

The increased use of videoconferencing and Internet collaboration technologies, the rush toward Web services, and an emerging class of malicious code that blends virus and wormlike capabilities represent some of the biggest security challenges for 2002, according to analysts.

As was the case last year, users can also expect to see a sharp increase in the number of macro and script viruses that emerge. But major antivirus software programs should be able to handle most malicious software relatively easily.

“The bottom line of malware prevention remains the same: Filter, patch strategically and update your antivirus software. Use common sense to protect your network’s vulnerabilities,” said Roger Thompson, an analyst at Herndon, Va.-based security firm TruSecure Corp.

The rush by corporations to set up videoconferencing and Web seminar capabilities after Sept. 11 presents a particularly serious security risk for companies that aren’t careful, said John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc.

Users this year can expect to see at least one widespread attack that tries to exploit openings in enterprise firewalls created during the frantic push to set up these capabilities, Pescatore said. Corporations’ accelerating efforts to link their internal applications with those belonging to external partners and suppliers using technologies such as XML and Simple Object Access Protocol are another source of concern, Pescatore said.

Increasingly, companies are opening new ports on their firewalls to let outside applications talk with inside applications, “even though the security aspects of doing so are totally unproven,” Pescatore said.

“The rush toward Web services will result in glaring holes,” he cautioned. “2002 is not the year to jump on Web services.”

Malicious code that blends virus and wormlike features and is designed to take advantage of multiple software vulnerabilities also poses a major threat, said Thompson.

One example of this emerging class of threat was last year’s Nimda worm, which wreaked havoc on enterprise networks around the world. Unlike previous malware, Nimda spread both via the Internet and e-mail, taking advantage of multiple vulnerabilities.

Expect to see more sophisticated variants of Nimda this year, Thompson warned. Dealing with them will require constant attention to patching, intrusion monitoring and updating antivirus suites, he added.

The wireless security industry will also receive significant attention in 2002, said David Lelievre, a project manager at Clinton Township, Mich.-based application service provider Tweddle Information Services Inc. “The wireless Internet will emerge as the leading trend for the next three to five years. Security will have to be defined and established before the market hits full force,” Lelievre said.

Also expect to see a lot of vendor consolidation this year, especially in the managed security services arena, said Eric Hemmendinger, an analyst at Boston-based Aberdeen Group Inc. Corporations entering first-time relationships with security vendors need to pay special attention to the financial stability of the companies and their customer bases, Hemmendinger warned. “We are going to see some very public debacles in the security space this year,” he predicted.

“The caution here for users is you can’t afford not to do due diligence” before choosing a security vendor, he said.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now