Monthly Research Update

Experton Group Weekly IT News

Wireless Broadband Access and Web 2.0 Security Issues

By: Jerald Murphy

British Telecom (BT) broadband networking customers have been discovered to be at risk for security breaches due to wireless networking systems it has installed for end user access. In other news, IT security professionals are increasing their focus on alignment with the business, while new security threats are found in Web 2.0 technologies.

Focal Points:

• Security researchers have found large security vulnerabilities in BT's Broadband Networking service. This is due to a bug found in its Home Hub wireless networking systems. While the newest version of BT systems are not vulnerable, simple scripts have been built that can allow hackers to gain access to a Wi-Fi hub in as little as five minutes. Once access is obtained, hackers can further steal personal information off of individual computers connected to that access point. BT officials have stated that they understand certain scripted attacks will breach their network, but they do not believe this vulnerability will affect most of its customers.
• In a recent survey conducted by over 1000 security professionals in 83 countries, the Information Systems Audit and Control Association (ISACA) found a significant shift in the focus on security managers in the companies for which they work. The main shift has been an increase in focus on the business needs of business as opposed to a technological focus. Over forty percent of the respondents said their next career move was into an executive management role. A similar percentage planned on moving into chief information security officer (CISO) positions, with 27 percent going into chief security officer (CSO) jobs. Officials from ISACA said there is a clear shift in security to using security technology to solve or prevent business problems. The survey found the most common activities performed by security managers include data security, policy creation, program management, regulatory compliance, and risk management.
• Security analysts are finding more security exposures related to using Web 2.0 technology. Analysts are finding more exposures to external malware with these applications. Recent published reports have found over 2.5 billion devices that are now connected worldwide. This number is expected to grow to 3.3 billion by 2011. One of the big problems with Web 2.0 is its use of widgets, which can be designed to retrieve both system and end user information. Over two thirds of companies polled at a recent security conference said they were using at least one Web 2.0 application. Experton Group suggests companies increase their focus on security data, as new loosely coupled applications will make it difficult to lock down every new application variation.

Experton Group believes security managers should have a primary focus on the business impact of security, since this will make it more likely that proper security priorities are established based on the business risks associated with threats. IT executives should work with security personnel to establish protections built around corporate information, including the use of data loss prevention (DLP) technology.