Symantec's security guru finds IT's "next big threat" in the pages
of Alice in Wonderland
One of the more entertaining members of the UK's IT security
community is Symantec's security theoretician in the UK, Jeremy
Ward. Ward used to be with the Cabinet Office before he moved to
the private sector. These days he is busy saving the world from the
constant threat posed by computer viruses and hacking.
This month will see the Infosecurity Europe show taking place at
London's Olympia and I asked Ward, who will be making a
presentation at the conference, what he viewed as this year's "big
threat" to IT security.
"It is the 'pool of tears'," he said, quoting from Lewis Carroll.
"'The pool was getting quite crowded with the birds and animals
that had fallen into it'."
"You've lost me," I said. "Alice in Wonderland?"
"That's right," said Ward. "The big problem facing us all is the
always-on, constantly connected pool.
It is something that Dick Clarke, the US cyber threat guru has
already warned about."
Clarke said recently that we need to rethink the unwritten rule
that everything on the Internet is automatically connected to every
single place on the planet.
Continuing with his Alice in Wonderland theme of wireless disaster,
Ward added, "It is the Mad Hatter's Tea Party out there - but much
worse, particularly when you consider the explosion in wireless
networking.
"In much the same way as that tea party, we are going to see
networks increasingly plagued by the sudden arrival of unwelcome
guests - from hackers, to hacktivists and cyber-terrorists. That is
unless business wakes-up and takes the danger from the spread of
uncontrolled wireless networks as seriously as it should."
With the amount of press coverage it has received, it is easy to
believe that everyone must know all know about wireless and the
danger posed by drive-by hackers wielding Pringles tins. However,
just the other day I walked into one of the more sensitive offices
in the country and heard it "suggested" that the wireless network
probably wasn't secure, as if the topic was a fairly unimportant
one.
"Of course, this situation has everything to do with policy and
responsibility, rather than technology - something that appears to
have escaped most of us in the head-long rush down the rabbit hole
of innovation," said Ward.
"The time has come to pause, take stock, and get down to some
serious security risk assessment and risk management. We must all
be involved in developing a culture of security, where security is
built in to all new systems and becomes an intuitive part of the
behaviour of all users of information systems and networks."
That, of course, is voice of reason, and most informed IT directors
agonise over the spread of wireless networks only a little more
than they worry about personal digital assistants. And while a firm
policy can be set at the top of the organisation, the increasingly
consumerised technology, the Palms or IPaqs or Cisco Aeronets, has
an unwelcome habit of creeping in from the outside.
Wonderland may be coming to an office near you whether you wish it
to or not.
Simon Moores is chairman of the Research Group
www.zentelligence.com