CHARLOTTETOWN — IT security weighted heavily on the minds of the more than 200 IT professionals from across the country who gathered here for Informatics 2003, the Canadian Information Processing Society’s annual professional development conference.
Conference presenters offered attendees insights
on how to deal with one of the most challenging issues facing enterprises today: Successfully securing their information assets in an era of pervasive technology.
IT crime is one of the fast-growing crimes around the world, according to Tom Keenan, a professor and dean in the University of Calgary’s continuing education department, and a widely regarded expert on the topic of security. But most organizations, including law enforcement agencies, don’t have a good handle on addressing it, he said.
“”Information security is a lot like teenage sex,”” Keenan told a standing-room only crowd. “”Everybody is talking about it, everyone thinks everyone else is doing it, almost no one is doing is very well and everyone hopes it will be great when they finally do it.””
Keenan highlighted a number of recent incidents to illustrate the threat posed by today’s sophisticated cyber-criminals. Sixteen-year old Jonathan Lebed of New Jersey manipulated NASDAQ stocks from his computer by communicating false information about corporations in online chat rooms. In Russia, two young hackers were breaking into corporate servers and extorting money — anywhere from $15,000 to $100,000 — from those same companies when they knocked on their doors to offer their expertise as security consultants. The two also invaded banking computers in Texas, gaining access to all the bank’s customer files as well as cracking an online auction site.
“”Threats can come from anywhere and anytime,”” Keenan said, noting that the motivating factors for cyberthugs are typically greed and bravado. Keenan offered attendees some of his predictions of what cyber-crimes of the future will look like. For example, although no laws exist today to prevent the electronic impersonation of a human being, Keenan predicted it’s something that could happen down the road, based on the questionable online initiatives of some organizations. Popular teen TV show Degrassi: The Next Generation, for instance, has a Web site that promotes interaction with viewers and even offers them what appears to be personalized e-mails from the show’s characters.
“”This is mind manipulation for children,”” warned Keenan, noting the site also contains an e-store where visitors can purchase Degrassi merchandise.
Security is the No. 1 priority for chief information officers, according to a recent survey of 1,500 CIOs by Gartner. The issue has moved out of the back office and leapt into the foreground of most organizations, said Greg Young, associate director of Gartner in Ottawa.
“”But one of the challenges is that spending hasn’t kept up,”” Young said. On average, companies spend about four per cent of their IT budgets, including personnel and infrastructure, on IT security.
If security is so important for CIOs, why aren’t more resources dedicated to it? Young said a lack of return on investment is impeding companies’ willingness to invest in this area.
“”Security is always a cost centre so it tends to be a nice area to shave down when you’re looking to trim costs,”” he said.
Another challenge organizations face today is the rapid pace of change in technology developments, which makes it difficult to keep security in step with those developments.
“”In the old days, it was easy to have good control over one monolithic system,”” said Young. “”Today we have LANs, client/server, distributed computing — all of which makes it so hard to maintain a level of adequate care.””
To begin to address enterprise security in a comprehensive fashion, companies need to look at where the funding for security comes from, said Young.
Organizations that rely primarily on the IT department’s budget to address security are very much in the early stages of comprehensively addressing
In other conference events, former New Brunswick premier Frank McKenna marked CIPS’s 45th anniversary by reassuring CIPS members that despite the current economic challenges, the “”technology revolution”” has only just begun and those in the IT sector have a promising future.
“”I used to sit in my office and wonder what the hell we were going to do to save the province from technology,”” said McKenna. “”But this revolution is for real and those of you who are concerned are so because we’re only at the base of the mountain.””
McKenna pointed to prosperity in the Atlantic region as a direct result of technology, including the development of more than 100 call centres, the creation of more than 250 IT companies in N.B. and a complement of about 40,000 people in the region working in the IT sector.
“”We are so much better off today than 10 years ago.””