Alan Calder on IT Governance, information security & ISO 27001

Some encouraging words about what is becoming a very depressing problem for most people. MessageLabs’ chief security analyst is turning the spotlight on ISPs as the organisations best placed to arrest the rising tide of spam. Particularly as spam acts as a conduit for dangerous malware it is vital that ISPs start to play a constructive role in this. The smart ones will realise that they can win business by acting quickly; the others may very well deserve to go out of business.

Following the news a while ago that some Apple iPods had been shipped complete with a malware infection comes the story that your satnav system may also be a risk. TomTom has allegedly shipped devices that contain a Trojan virus that can jump to an owner’s PC when the two are connected. Happily, there’s no suggestion that this creates hazards for drivers on the road, but it clearly generates a most unwelcome intrusion when they get home. With consumer electronics so integral to our lives paying customers should expect – and will soon demand – that manufacturers have such vulnerabilities locked down. I predict that not long from now ISO 27001 will become a far more mainstream concept.

I have blogged previously about how simple USB storage devices pose a serious threat to corporate IT security. This article from Computerworld shows how the issue is escalating with the advent of the iPod as THE must-have accessory. Not only is an iPod a neat way to store you music, it is potentially also a great way to remove other data without permission and to introduce malware (knowingly or otherwise).

Unsurprisingly, Apple were not prepared to comment on whether they would be stepping up iPod security in light of this. It naturally falls to companies to make sure that they have policies and procedures in place to address this gaping vulnerability. However…

Eric Ouellet, vice president of research for security at Gartner Inc. in Stamford, Conn., said that only about 10% of enterprises have any policies dealing with removable storage devices.

Oh dear.

Alex Scoble at Computerworld flags up an interesting item in Whitedust’s paper on Future Trends of Malware. This is a worthwhile - if lengthy - read and brings home to any doubters just how pernicious and rapidly evolving the IT security threat is. The article does quite a nice job of summarising and in part quantifying the current malware situation. Its predictions for 2006 and beyond include a major rise in mobile malware, open source malware and various other new developments.

Not too surprising that Computerworld’s recent survey of 338 IT executives found that security is their number 1 project priority for the year ahead!