They call it maskirovka

As Microsoft picks up the pieces, security experts are queuing up to tell us: no one is safe. Now might be a good time to convey...

As Microsoft picks up the pieces, security experts are queuing up to tell us: no one is safe. Now might be a good time to convey that message to your skinflint financial director - or, if you work for a dotcom, your hapless chief exec.

The Microsoft hack shows that the costs in business confidence of a security breach can be incalculable.

There is one concrete lesson to be learned, however. If, as reported, the hack was perpetrated using the QAZ trojan, which found the passwords and mailed them back to St Petersburg, this was a preventable crime.

QAZ was discovered in June, and the anti-virus industry issued protection software as early as August. Security experts are speculating that, given the number of hacking attempts Microsoft suffers each week, the attackers deliberately chose a low-level attack: something that would be lost amid the "noise" of similar attempts and would not ring alarm bells.

Security specialists are constantly telling us that information security is primarily a question of human systems - not hardware and software.

You can program and build systems to resist most attacks: but no system alone can combat what the Russians call "maskirovka" - the devastating blow hidden behind a calculated facade of mundanity.

So read our lips: you need a security policy and the human expertise to back it up.

Read more on Microsoft Windows software

SearchCIO
SearchSecurity
SearchNetworking
SearchDataCenter
SearchDataManagement
Close