John Livingston is chairman and CEO of Absolute Software, a firm specializing in computer asset protection.
Predictions for What IT Directors Will Be Saying in 2007 Computer-tracking company points to even more organized network crimes, security concerns SecurityInfoWatch.com
[Editor's note: Vancouver-based Absolute Software, which produces a firmware solution for tracking stolen computers, has ventured a guess at what the top security concerns for IT directors will be in 2007. Over here at the SecurityInfoWatch.com offices, we find it somewhat interesting what Chairman/CEO John Livingston and the Absolute Software team have come up with, and we think they're "dead on" with their #2 prediction that some IT directors will be numb to the fact that large amounts of personal identity data will be or are being stolen.]
Absolute Software's nine predictions for what IT directors will be saying in 2007:
1. "Give me back my data!"
2. "If 10,000 employee identities are stolen, well, who cares?"
3. "Hey, who stole my IP address?"
4. "If it's not required by law, it's not in my job descriptionâ€¦"
5. "How did your virus get in my video?"
6. "Keep your hands off my files."
7. "Spam me baby one more time."
8. "Can we implant RFID chips in all of our employees?"
9. "Please leave your cell phone, Blackberry, digital camera USB-key, voice recorder and any other digital device at the security desk!"
"Give me back my data!"
According to the Privacy Rights Clearinghouse, more than 100 million records with sensitive information have been affected by data breaches since early 2005. These incidents will continue to increase as companies are forced to make them public knowledge. Corporations will need to implement programs for data protection in addition to computer asset recovery. Often the information stored on stolen or lost computers is more valuable than the device itself. In addition, fear of liability, penalties or other negative repercussions will drive data recovery or remote data deletion technologies to mitigate risks associated with data security breaches.
"If 10,000 employee identities are stolen, well, who cares?"
Identity theft will rise and become more organized in cyber crime rings in 2007. However, the worst enablers of identity theft are often employers with lax security for data or sensitive information stored on computers. Although consumers often fear putting credit card information into forms on an unknown website for a transaction, it is more likely that someone they know or work with will actually use their identity or credit cards illegally. As more corporations are exposed in public for having put their employees or clients at risk, consumers and government regulators are starting to become outraged at the lack of protections in place for personal information and records.
"Hey, who stole my IP address?"
Although hacking into someone's computer or using someone's Internet connection for nefarious purposes is not new, 2006 saw the rise of the "Joe job" (an e-mail spam designed to tarnish the reputation of an innocent third party) which raised the stakes to new heights. As cyber criminals become more sophisticated, they can hijack an IP address, computer network or server farm not just to hatch their own evil plans but specifically to implicate the party that has been victimized. This can cause innocent individuals and companies to find themselves "blacklisted" with all of the e-mail emanating from their domain automatically marked as spam and obstructing them from conducting legitimate business.
"If it's not required by law, it's not in my job description."
IT directors are often caught in the struggle between good vs. evil -- otherwise known as best practices vs. budget. Although IT directors are often able to identify security risks and potential liabilities in their networks and practices, budgetary constraints often restrict them from patching the holes or strengthening their security forces. Worse yet, management often doesn't realize the threats could truly damage the company's reputation and livelihood. (According to the Los Angeles Times, the cost of this year's data breach from Veterans Affairs could top $500 million.) Therefore, if the government or other regulators do not require specific measures or legal protection, management ignores the risks and refuses to empower IT directors with the means and the resources to secure the company's physical and digital assets.
We predict that consumer concern over privacy breaches will force the government to enact more information privacy laws in corporate environments. The 2006 Data Accountability and Trust Act approved by the House of Representatives may shame companies by forcing them to disclose security breaches, but without some real repercussions in penalties, fines or prosecution, it won't be enough.
"How did your virus get in my video?"
Viruses, trojans and worms are going multimedia in '07. We have been trained like Pavlov's dogs not to open executable attachments from people we don't know, but what harm will an innocent video of a talking cat do? A lot. This year we are going to see the rise of multimedia malware. In addition, Web 2.0 will create new security vulnerabilities. As we enable anonymous users to interact and post messages and files on our websites and servers, we are offering new platforms for their malicious intent. Downloading a free ringtone may be giving someone a free pass to your address book. Viewing an "uplifting" PowerPoint may enable someone to "lift" the passwords from your desktop
"Keep your hands off my files."
Protections have long been in place to theoretically prevent unauthorized access to files. However, passwords and server access restrictions are grossly inadequate when files are being sent over unsecured networks or stored on mobile devices. When the CEO's laptop is stolen, encryption and remote data deletion are two of the more effective methods for protecting information and securing files.
"Spam me baby one more time."
Spam shows no signs of slowing down. For every new tool there are ten new tricks to circumvent the spam filters and junk mail settings. In 2006, these tools have done little more than hold back a flood with a paper cup. Without effective law enforcement in this arena, the spammers are making too much money to worry about being a little unethical in their business practices. Rumors of international mafia rings and organized crime behind the lucrative business of spam are rampant. Unfortunately, we see no end in sight to the onslaught of offers for prescription drugs, adult toys, hot stock tips and an inheritance from the royal family of Nigeria. IT directors will continue to deploy filters, third-party services, firewalls and other feeble defenses in the vain hope that the next great product will actually work.
"Can we implant RFID chips in all of our employees?"
RFID is all the rage in logistics, shipping and warehousing for cargo and equipment. After Walmart pushed the envelope in 2005, forcing its suppliers to use RFID tags, retailers across the mall have taken the leap. Even corporations have started to smarten up, tagging valuable equipment on corporate campuses. In 2007 we'll see the next generation of RFID implementations for workforce management. Although a few brave/questionable companies have implanted glass-encased RFID tags in fearless employees, (see Financial Times story), we don't expect employers to adopt this methodology in the near future. We do expect to see RFID enabled ID tags to provide an additional layer of security for facility access, emergency services and human resources and payroll. Employers can leverage RFID to automate and streamline functions that were previously done manually and were labor intensive such as tracking hourly employees, equipment operators or facility access.
"Please leave your cell phone, Blackberry, digital camera, USB-key, voice recorder and any other digital device at the security desk."
With micro and nano technology generating a plethora of digital devices that can quickly capture, store and disseminate images and files, opportunities abound for security breaches and sensitive data leaks from corporations with the tightest security. We have already seen bans on camera phones in the gym locker room or classroom (because teens are notoriously crafty at exploiting technology in ways we never imagined.) In 2007, we'll start to see more IT directors tightening the reigns on the use of mobile and digital devices. As files move from a secure server to a Blackberry or a photo at the office Christmas party is posted on the Internet, new risks arise as sensitive information travels outside the walls of corporate headquarters. The very devices that are meant to be productivity tools for a mobile workforce have become liabilities and security vulnerabilities that need to be addressed.
About the author: John Livingston has served as Absolute Software's Chairman and CEO since 1995. Under Mr. Livingston's leadership, Absolute (www.absolute.com)has evolved to offer a full range of business solutions encompassing physical, data and network security as well as IT asset management.