Computer Weekly Editor's Blog

Oct 5 2010   1:45PM GMT

Data security is more than just an IT problem

Bryan Glick Bryan Glick Profile: Bryan Glick

Tags:
'Virus`
Barclays
Cloud Computing
Encryption
Phishing
Security
Stuxnet
WORM

There was a coincidental, but important, thread running through the articles in this week’s issue of Computer Weekly magazine. Take a look: Barclays encrypting software applications; the EU boosting its cyber defences; the debate over security in the cloud; and the challenge of tackling phishing

It is entirely by coincidence that so many security-related stories have made it into this issue – and equally timely as the world witnesses what has been called the first ever cyber weapon attack, the Stuxnet worm.

According to virus experts, Stuxnet is the most sophisticated malware yet created, targeting industrial control systems in a way that genuinely raises the prospect of a Hollywood movie-style covert attack on a strategic facility. The worm has the potential to alter equipment settings such as temperature controls. It has been suggested that Iran’s nuclear processing plant is a possible target, and now it seems Stuxnet has reached China.  

If those experts are correct, Stuxnet represents a serious escalation in the fight against cybercrime. It has been suggested that the virus required significant financial and technical resources to create – on a scale only available to governments or major international organised crime groups.

If it all sounds a bit apocalyptic, then it is also easy to be cynical and point to cyber-scaremongering from the security software industry who can only benefit from such heightened fears.

Nonetheless, the threat is being taken very seriously – a US cyber security chief has even suggested in the past that the next international war will be in cyberspace.

For IT leaders, security is of course a top priority, an ever-present in strategic planning. It is unlikely that situation will change.

But what the emergence of new threats such as Stuxnet means is that information security cannot be seen as an IT issue – it has to be taken as seriously by the CEO as by the CIO. IT security is not an insurance policy, it is a strategic prerequisite for every modern internet-enabled organisation.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • jackmarsal
    Although Stuxnet contained some new twists, it was detectable long before it was "discovered" by the mainstream security community. Stuxnet uses some of the same propagation techniques as Conficker. So, rather than think that the sky is falling, organizations should invest in some good layers of security. For more information about how ForeScout detected and blocked the Stuxnet worm even when it was a zero-day threat, see http://www.forescout.com/blog/
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: