The Need for Collective Security Agreements

Michael Vizard

In the bad old days before the Internet, they used to ask criminals like Willie Sutton why they robbed banks. The answer, of course, was always because that's where the money is.

A new survey of 132 operators of major network service platforms conducted by Arbor Networks indicates that a similar scenario is starting to take place online. As evidenced by recent attacks on Google and others, an increasing percentage of the security attacks on the Internet these days seem to be aimed directly at large service providers with big online presences, namely well-know social networks, banks and travel services. In fact, 35 percent of the operators surveyed by Arbor Networks said sophisticated service and application attacks are now the number-one threat, compared to 21 percent who identified botnets as the biggest threat.

The reason this is happening is because these are the places online where there is valuable data. Creating security breaches on sites where data has little value is pretty much a waste of time for most criminals. Unfortunately, as the ecosystem of Web services continues to expand on the Web, it's only a matter of time before a major security breach on a popular Web site affects not only the users of that service, but hundreds of other companies that are linked into that service.

This is why chief technologists of all stripes and sizes need to start a serious dialogue about their collective security. There are some attempts in this direction in the form of a Cloud Computing Security Alliance, but that effort at this point would best be described as nascent.

When it comes to ultimately defeating hackers, the odds are long. Just like terrorists, they only have to be right once. The people defending against them have to be right every day. And the only way that can really happen is if they all work very closely together to leverage each other's collective strength.

Add Comment      Leave a comment on this blog post
Feb 25, 2010 7:02 PM Norm B. Norm B.  says:
Mike Vizard is "spot on" with his blog post on The Need for Collective Security Agreements. His last paragraph was telling, one that I tell my clients all the time:"Just like the terrorists, they (Hackers) only have to be right once." Unfortunately,corporate America and government agencies don't have to lend a helping hand, or open the door to their information treasure trove for the hackers. Too often, I have personally found the most basic principles of a sound Information Security program violated on a daily basis:user passwords and hardware default passwords left unchanged;vendor patches not kept current or ignored; and daily interaction with social network sites like Facebook and Twitter from business PCs and networks. What we REALLY need is "Collective Common Sense". Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.