The Bad News Is...

The bad guys are winning the information security war. F-Secure Corporation, a Finland based security provider of hosted security services and network security software, reported exponential growth in malware in its IT Security Threat Summary for the Second Half of 2008. (see the graphic at the left) The story is big enough that the New York Times picked it up.

According to the F-Secure report, the company is collecting so much data from malware on the internet (F-Secure monitors Internet traffic looking for bad stuff) that its labs are busy “enhancing the system infrastructure to handle the load.” Botnets are on the rise, and their communication and replication capabilities are getting more sophisticated.

Some progress has been made. In October, the Internet Corporation for Assigned Names and Numbers (ICANN) decetertified EstDomains as a domain name registrar. EstDomains was the favored domain registrar for online criminals, and was the world’s largest provider of domains used for criminal purposes. Also in October, the FBI arrested 56 individuals and forced the shutdown of DarkMarket, known to be the largest English-language online forum for cyber criminals.

But the criminals seem to stay one step ahead of InfoSec Pros. F-Secure believes that the trend will motivate governments to establish a world-wide Internet policing organization along the lines of Europe’s Interpol. Don't expect a slowdown in malware, scams, and online theft soon, though. It's tough to catch the perpetrators because they’re operating out of nations with lenient or insufficient penalties and enforcement of computer crime.

►

C-level is Still in the Dark

This article from CFO is a bit dated—April 1, 2008) —but if you haven’t read it then I advise you to do so. It’s frightening! While data breaches and system compromises continue to escalate and litigation stakes get higher and higher, senior management remains asleep at the wheel. Note the graph at right for evidence. If you require further evidence, read the 8/11/08 post GAO: Data Loss Is Pervasive and Of Rogue Employees and Internal Control from 9/8/08.

►

Dot-Com History Captured

Let’s take a trip back in time to the dot-com-to-dot-bust, high flying, risk taking nineties. David Kirsch, a professor of strategy and entrepreneurship at the University of Maryland, began a project in June to document the stories of early Internet startups. His hope is to capture what worked and what didn’t so that new entrepreneurs will avoid the mistakes of early Internet pioneers, or “at least make new mistakes”.

But Mr. Kirsh’s Dot-Com Archive offers lessons for auditors, too. Startups aren’t the only firms that can lose sight of reality in turbulent and emotional times. Mr. Kirsh’s archives are full of management lessons that your company would do well not to repeat. It’s also an insightful look into the psychology of risk taking and market behavior from the perspective of people who were there.

The Dot-Com Archive was recently featured in a New York Times business article.

►