baldysblog.co.uk

Perhaps one of the most outrageous and yet ever continuing events is Government Agencies, including the Military, losing laptops and data containing all kinds of personal, even classified information. Perhaps the most ridiculous being an “Intelligence Officer” leaving classified documents on a train that should not have left Downing Street in the first place, just how intelligent was that ?

However it doesn’t just stop there because there are other “security issues” to consider such as keeping IT Systems free of virus and malware attacks which means keeping them fully “patched” and in this regard, the private sector seems to do as badly as the public sector does.

My Mate Nick…

Nick Lane is a true “highly gifted IT Technician who I worked with for some years both in the UK and abroad, his ability to deal with the whole IT environment is exceptional. Oddly enough some weeks ago, we were discussing virus and malware attacks on the servers and data centres of large organizations and came to the conclusion that most companies and their staff, just weren’t up to doing the job.

From a purely security aspect, you have to realise that the biggest threat to any organisation comes from the inside through malice, as in an employee deliberately stealing corporate data, typically using a USB key or, just sheer carelessness through adopting slack methods of handling data and kit such as company laptops.

There is also the need for every level of management to take it seriously too which is too often not the case with senior managers often being the worse offenders. On one site I worked at as an IT contractor, they had a major security leak just before I joined them and I was told to “do something about it”. All networks have a lot of in built software tools to aid security, too often they are not used and the security regime not enforced, in the end it was the ‘Management’ of that business who refused to go “all the way”.

Virus Attacks

Every now and then, there will be a “new virus” or derivative ‘released into the wild’ that catches people out initially but, there are Operating Systems vendors like Microsoft and the Anti-Virus software people, who are working flat out to counter these threats as they arise and issue up to date software ‘patches’.

Currently there is a virus out there called Conficker or Kido that has spread to around 9.5 million PCs since Christmas pretty much all of them sitting inside corporate networks. Thus far this ‘worm’ just infects a PC and then goes dormant doing nothing however, this does not mean to say it is harmless because likely when it has reached a critical number of PCs, it will activate to form a ‘botnet’ (robot network), to form some kind of concentrated attack on other systems.

What is really disturbing about this ? This virus is attacking a flaw within Windows Server software that is known about and which Microsoft issued a service patch for last October so, why wasn’t it applied ?

It Gets Worse

It was revealed last weekend that both the French Navy and 75% of the Royal Navy had suffered the same virus infection of their front-line ships, aircraft and bases, they were told not even to switch on their computers until it had been eradicated. Because of this virus infection, aircraft couldn’t download their flight plans and mission details, their military effectiveness was compromised at a stroke and all because they didn’t patch their servers back in October.

Clearly this is very serious from a Defence perspective but it is also a clear indication that we have a major cultural problem to overcome both in Government and in Commerce and this needs to happen as a matter of priority – National Priority.

It is likely that over familiarity with digital technology in all its forms has led to this slackness, people need to be taught and to understand that “data” is a valuable commodity that needs to be adequately protected. This attitude makes any holding of personal data by any Government Department as wholly undesirable and guarantees that the ID Card Scheme for one, will be a total disaster.

As part of our National Defence effort we need to set up a highly specialised Military Computer Defence Unit to evolve offence as well as UK defence operations. They would also need to be able to enforce and monitor “best practice” standards right across the Public sector. It really is high time people woke up to the threats they are causing themselves.