The problem will get worse and continue to eat up substantial amounts of companies' IT budgets. More than half of those surveyed by the Yankee Group expect their security budgets to increase during the next three years, while only 8% expect security spending to decline. Some of that money will be used to patch security holes in desktop software. Patching a desktop can cost from $189 to $264, the survey says.
Security analysts and vendors predict that 2004 will bring thousands of new viruses and worms and a huge increase in the use of spyware. They also say that spammers will increasingly adopt tools used by virus writers, adding to the volume of spam and the problems it causes for corporate networks. In addition, few security experts expect to see anything close to a letup in the 50 or more security-related software vulnerabilities discovered each week.
Spyware ranges from software that collects information on a user's Web-surfing habits (called adware) to more insidious applications that hackers use to collect every keystroke--passwords, credit-card numbers, financial data, and other personal information--that a user types. Often, adware is installed when users download freeware or shareware from the Internet but don't bother to read the license agreement that states the snooping software is being installed. The more dangerous kinds of spyware can be clandestinely inserted into a victim's system.
Even the most security-conscious businesses can find themselves at risk if, for example, a mobile user's notebook is infected with spyware and then the user logs on to the corporate network. "The issue gets serious when it comes to telecommuters using home PCs, which may not have antivirus and firewalls installed," says Scott Blake, VP of information security at security firm BindView Corp. "The corporation has no control over what software they install on their home PC."
The bad guys are getting very sneaky, says John Pescatore, VP and research fellow at Gartner. Increasingly, employees may log on to their corporate networks from a coffee shop or a hotel room and see a screen pop up that appears to be a legitimate message from the hotel or coffee shop they're patronizing. But it's not. It's a fake message designed to get users to download a malicious Trojan or spyware application. "Is it spyware or just a pop-up ad? How will you know?" Pescatore asks. "This technique of collecting financial information, passwords, and being part of identity theft is going to be a growing problem. We're going to see more real spyware attacks."
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
