Predictions for What IT Directors Will Be Saying in 2007 Computer-tracking company points to even more organized network crimes, security concerns SecurityInfoWatch.com
[Editor's note: Vancouver-based Absolute Software, which produces a firmware solution for tracking stolen computers, has ventured a guess at what the top security concerns for IT directors will be in 2007. Over here at the SecurityInfoWatch.com offices, we find it somewhat interesting what Chairman/CEO John Livingston and the Absolute Software team have come up with, and we think they're "dead on" with their #2 prediction that some IT directors will be numb to the fact that large amounts of personal identity data will be or are being stolen.]
Absolute Software's nine predictions for what IT directors will be saying in 2007:
1. "Give me back my data!"
2. "If 10,000 employee identities are stolen, well, who cares?"
3. "Hey, who stole my IP address?"
4. "If it's not required by law, it's not in my job descriptionâ€¦"
5. "How did your virus get in my video?"
6. "Keep your hands off my files."
7. "Spam me baby one more time."
8. "Can we implant RFID chips in all of our employees?"
9. "Please leave your cell phone, Blackberry, digital camera USB-key, voice recorder and any other digital device at the security desk!"
"Give me back my data!"
According to the Privacy Rights Clearinghouse, more than 100 million records with sensitive information have been affected by data breaches since early 2005. These incidents will continue to increase as companies are forced to make them public knowledge. Corporations will need to implement programs for data protection in addition to computer asset recovery. Often the information stored on stolen or lost computers is more valuable than the device itself. In addition, fear of liability, penalties or other negative repercussions will drive data recovery or remote data deletion technologies to mitigate risks associated with data security breaches.
"If 10,000 employee identities are stolen, well, who cares?"
Identity theft will rise and become more organized in cyber crime rings in 2007. However, the worst enablers of identity theft are often employers with lax security for data or sensitive information stored on computers. Although consumers often fear putting credit card information into forms on an unknown website for a transaction, it is more likely that someone they know or work with will actually use their identity or credit cards illegally. As more corporations are exposed in public for having put their employees or clients at risk, consumers and government regulators are starting to become outraged at the lack of protections in place for personal information and records.
"Hey, who stole my IP address?"
Although hacking into someone's computer or using someone's Internet connection for nefarious purposes is not new, 2006 saw the rise of the "Joe job" (an e-mail spam designed to tarnish the reputation of an innocent third party) which raised the stakes to new heights. As cyber criminals become more sophisticated, they can hijack an IP address, computer network or server farm not just to hatch their own evil plans but specifically to implicate the party that has been victimized. This can cause innocent individuals and companies to find themselves "blacklisted" with all of the e-mail emanating from their domain automatically marked as spam and obstructing them from conducting legitimate business.
"If it's not required by law, it's not in my job description."
IT directors are often caught in the struggle between good vs. evil -- otherwise known as best practices vs. budget. Although IT directors are often able to identify security risks and potential liabilities in their networks and practices, budgetary constraints often restrict them from patching the holes or strengthening their security forces. Worse yet, management often doesn't realize the threats could truly damage the company's reputation and livelihood. (According to the Los Angeles Times, the cost of this year's data breach from Veterans Affairs could top $500 million.) Therefore, if the government or other regulators do not require specific measures or legal protection, management ignores the risks and refuses to empower IT directors with the means and the resources to secure the company's physical and digital assets.