Hughes sees peer-to-peer software, such as KaZaA, as being particularly troublesome in 2004. After analyzing hundreds of the most popular files shared on KaZaA -- including 'cracks' that allow users to break copy protection on commercial software -- he discovered that 45 percent actually contained viruses, worms, or Trojan horses.
"Unfortunately, P2P is almost impossible to block," Hughes said. "They're actually designed to get past firewalls."
He recommended that companies not only implement policies restricting P2P use on the enterprise network, but audit the enforcement of those policies and spend time educating workers about the danger this software poses. "It's not just the security concerns companies should worry about Recording companies are also coming after corporations for illegal file sharing." The fact that exploits using P2P as an exploit vector climbed by 133 percent during 2003 is an indication that file sharing is a developing security threat, Hughes said.
Spyware, although under the radar at most enterprises, will also be of concern in 2004, Hughes said. "Some users see spyware as an okay tradeoff for getting free software," he noted, "but we're seeing spyware today changes home pages, changes DNS records." Spyware, he said, is only marginally more benign than viruses, and with the lines between the two continuing to blur, companies should be on the watch in 2004 for even more malicious tweaks by this kind of behind-the-scenes software.
Bad in 2003? Worse in 2004? There is a glimmer of hope, said Hughes. He pinned his on the partnership between government and the private sector in bringing virus writers to justice. "The government is getting more and more serious and Microsoft is putting out bounties on hackers," he said. "If they catch someone important, like the author of Blaster or Sobig, they're going to make an example and throw the book at him."
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
