Welcome!

Linux Containers Authors: Liz McMillan, Yeshim Deniz, Pat Romanski, Elizabeth White, Stefana Muller

Related Topics: Linux Containers

Linux Containers: Article

Experts: Worry more about insiders than cyberterrorism

From the Gartner IT Security Summit 2003 in Washington DC

(IDG News Service) — Enterprises worried about cybersecurity should pay more attention to their own employees than to the as-of-yet unrealized threat of cyberterrorism, two cybersecurity experts warned a group of IT professionals Tuesday.

Speaking at the Gartner IT Security Summit 2003, representatives of Gartner Inc. and the Center for Strategic and International Studies (CSIS) suggested that enterprises should worry more about their intellectual property leaking out through employees or small-time hackers than their entire networks crashing from attacks of organized cyberterrorists.

The threat of cyberterrorism to enterprises may be overstated, but the threat of less organized attacks may be understated in current discussions about cybersecurity, said CSIS director James Lewis.

While a host of security experts have called on the U.S. and its allies to be vigilant against cyberterrorism, think tank director Lewis said he's seen no evidence of large cyberterrorist attacks yet.

The U.S. has counted more than 1,800 physical terrorism attacks since 1995, Lewis noted, but no major cyberterrorism in that time frame. "Kinetic weapons are much more effective right now," Lewis added.

However, enterprises should be worried about attacks, whether they are from inside employees or outsiders because they have more property than individuals do, and fewer ways to protect themselves than nations do. Enterprises are where the money is in cyber attacks, whether it be intellectual property, extortion or financial data, Lewis said, with loss of intellectual property and sensitive data the fastest growing cybersecurity loss.

"You get a lot of attention on cyberterrorism and Osama bin Laden sitting in front of a keyboard, but you ought to be more worried about insiders," Lewis said to close to 1,000 attendees of the Gartner conference. "The primary target is companies, and we probably put not enough effort into thinking about how to protect them."

Individual hackers will increasingly become another threat to both security and privacy because of their access to ever more powerful technology, added Richard Hunter, a vice president at Gartner and co-chairman of the conference. By 2008, Gartner estimates home computers will have 40-GHz processors and 1.3T bytes of storage, he said, leading to both beneficial and dangerous uses of home computers.

"That's enough to do data mining at home," Hunter said. "When we think about an environment that involves governments collecting information, that involves enterprises gathering information, we now have to think about an environment in which individuals are going to have significant power to gather and analyze and use information."

An enterprise's greatest strength and greatest weakness are often its employees, whether they make mistakes in not following security best practices or they have malicious intent, added Casey J. Dunlevy, project lead at the CERT Analysis Center at Carnegie Mellon University. Because of that, it's difficult for companies to come up with accurate threat models that can show them where to put their resources.

Companies need to prioritize their critical assets and should look into creating multidisciplinary teams that consider other security challenges such as physical security when drawing up a plan to protect critical assets, Dunlevy recommended. No company has enough money to "take the fortress mentality and protect everything," he added.

Dunlevy agreed with Lewis that cyberterrorism on its own may not be the top worry of most enterprises, but he suggested that cyber attacks could be a way for terrorists to supplement physical attacks. For example, shutting down a major city's traffic lights would be an effective way to create gridlock and multiply the impact of a physical attack.

"We're not necessarily looking for the 10-foot-tall cyber hacker to come out of the basement," Dunlevy said. "We're talking about people that know enough about technology to utilize it for different ends."

David M. Perry, the global director of education for security vendor Trend Micro Inc., said in an interview that small businesses and individuals should look for the same security protection and attention from vendors that enterprises get. Small- and medium-sized businesses should demand that their Internet service providers act as their enterprise when getting deals with large security vendors, he recommended.

Separately, Gartner released a study Tuesday saying that 2003 will be the first year in history in which most industries will spend 5 percent of their IT budgets on security. Security spending will have grown at a compound annual rate of 28 percent between 2001 and the end of 2003, Gartner said, while IT budgets overall will have grown only 6 percent during the same time.

It's in security vendors' best interest to focus on selling their products to enterprises, not to individuals or smaller businesses, Perry added. "They say (enterprise security) is where the danger is, but what they mean is that's where the money is to sell their products," Perry added.

More Stories By Grant Gross

Grant Gross is a Washington Bureau correspondent for the IDG News Service, a Linux.SYS-CON.com affiliate.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of managing cloud applications. Determining how to automate cloud security compliance is critical...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound e...
"MobiDev is a Ukraine-based software development company. We do mobile development, and we're specialists in that. But we do full stack software development for entrepreneurs, for emerging companies, and for enterprise ventures," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...