Wednesday, April 02, 2008
The State of IT Security
The state of IT Security is probably at a transition point. It used to be easier to defend than attack. Right now it's easier to be an attacker than a defender. The antivirus companies are being overwhelmed. The bad guys are making newer variants than the AV companies can make definitions for their engines. With drive-by downloading, you almost can't trust any web site now. Or at least, you are trusting the web sites you go to to monitor their own content that they serve you. If it's this bad in the private sector, it's likely worse in the public sector. Expect the government to be able to attack other countries' cyber infrastructures easier than it can defend our own. When one disgruntled person can bring Estonia to its knees, that means that the Internet is the great equalizer allowing the individual or small groups to have an overwhelming advantage over larger groups of less savvy, vulnerable people. This has to make professional soldiers and security professionals nervous. The disparity exists pretty much at all levels. It may take 5 minutes to compromise and hide a trojan on a system and make it a zombie. It might take 40 hours for a forensics expert to analyze the attack and figure out exactly what happened. The good guys are currently losing due to a lack of political will, intellectual ignorance, and economic disincentives to secure computers and networks.
Labels: IT Security