Former White House security adviser Howard Schmidt has warned that businesses of all sizes face an increased threat from cybercriminals, who now have the power to attack key parts of the Internet.
Industrial espionage by foreign governments, attempted fraud and internal threats all need to be taken into account by IT managers, Schmidt said on Monday.
"Governments, to gain a competitive edge, 'acquire' or steal technology," said Schmidt, speaking at a House of Lords event on Monday. "Why pay US$25.8 million for research and development when you can spend US$6.5 million for the same result?"
While security issues such as identity theft are high profile, Schmidt said that human error is one of the major issues IT departments have to deal with.
"We have a tendency to focus on criminality, but human error has its place. Misconfiguring a DNS router will shut down major parts of a company's network. Internal threats play as much a part as external threats," said Schmidt.
With any computer downtime costing a company money, especially e-commerce sites and financial institutions, IT managers should take account of upcoming threats to their increasingly complex networks, according to Schmidt. High-speed broadband connections, the proliferation of established PC technology, PDA devices and Wi-Fi and WiMax access all mean hackers have increasingly complex interfaces to attack.
"Tomorrow there will be more vulnerabilities and points to defend. We all have colleagues with five computers, PDAs, two laptops, smartphones and home gateways. There are full metropolitan areas with free WiMax, and with that comes collateral damage," Schmidt warned.
Small enterprises in particular will find that they have more points to defend than before, leading Schmidt to recommend that SMEs either spend more on security or turn to managed security services.
With the majority of hacks financially motivated, identity theft was a major concern for Schmidt. This problem has been perpetuated by a recent surge in phishing spam.
"Spam is a threat, not just a nuisance. A surge in the last three months has raised its ugly head," said Schmidt.
Criminals are increasingly using botnets--large groups of hijacked computers--to send out spam and conduct distributed denial of service (DDoS) attacks where they bombard a computer system with data.
Schmidt said that whereas five years ago an attack might consist of 800Mb per second of data, now hackers have the ability to launch 2 or 3GB attacks that could potentially take out large areas of the Internet itself.
"There are sustained attacks against top level domain (TLD) servers, which if successful could make a large section of the Internet unavailable for two to three hours," said Schmidt.
Detective Constable Bob Burls, who heads botnet crime investigations for the Metropolitan Police, said the last botnet they had cracked had been 20,000 PCs strong. While he could not give any details of the investigation, Burls said that a fast international response was essential when dealing with the problem.
"We use our international law-enforcement contacts. It needs a quick response and someone savvy at the other end [to deal with botnets]. We've established a network of like-minded colleagues who are aware of differences in jurisdiction. You have to be aware of how colleagues operate in different jurisdictions," said Burls.
The Metropolitan Police also link in with the Interpol botnet taskforce, according to detective inspector Charlie McMurdie of the Metropolitan Police.
Schmidt, Burls and McMurdie spoke to ZDNet UK on Monday at a House of Lords event organized by managed security services company Claranet.
Play video
Advanced features: 
» Blades for mission-critical operations
In just about every breach story I've come across is that factor of human error in both private and private. It seems to happen at all levels too (web link)
From 1,100 laptops missing in the Commerce Department (web link) to those 26.5 million veterans affected by this summer's VA laptop theft -- people have to be accountable and aware of these threats. Threats can be as little as USB-drives, accidentally hitting send or forwarding information to the wrong person.
Posted by Marilee Veniegas, Essential Security Software on Thursday, November 23 2006 02:56 AM