The IT world has been turned upside down in the past three years. When the Y2K terror died down, the economy tanked and chief technologists reevaluated their priorities. To jockey for a place near the top of IT’s short list, software vendors and service providers took advantage of customers' fear and insecurity, literally, to boost sales of everything from desktop anti-virus software to integrated security appliances. But don't demonize security innovators -- IT leaders are justifiably grateful to the vendors that helped cut their enterprise security burdens down to size, an effort that has seen rousing success.
The 2003 InfoWorld Security Survey of more than 500 IT executives and strategists found that almost half -- 49 percent – of reader respondents are very confident that the solutions they have in place are doing their job effectively. Some exposure is an inevitable cost of operation, but the frightening predictions of the past three to four years have not panned out -- neither thrill-seeking hackers nor terrorists have inflicted significant damage on businesses and infrastructure. To the contrary, survey respondents report experiencing a small number of break-ins. Fifty-two percent saw fewer than 100 attempts against their networks in the past year, and another majority -- 63 percent -- said that fewer than 10 attacks breached their defenses over the previous 12 months. Also, old myths about the role operating systems play in security have died out; our survey shows that OS vendors Microsoft, IBM, Sun, Red Hat, and other Linux suppliers are trusted throughout the network, suggesting that IT has learned that security isn’t a feature of an operating system (see In Bill we trust? If only it were that easy). The consensus of readers is that security is a combination of technology, policies, and education. It does not require major investment year after year.
A Sign of the Times?
IT's recent concentration on security certainly helped stem the tide of intrusions, but corporate technical staffs can't take all the credit. Destructive hacking is quickly going out of style -- the superheroes of the black-hat movement either have respectable jobs or are on their way to prison. The ones who are working are annoyed to be the local gunfighters, enduring time-wasting duels with would-be tough guys who want to take down a celebrity. Renowned cybercriminal Kevin Mitnick got caught, did his time, and upon his release counseled youngsters that the rush from breaking and entering does not compensate for years spent in the can. Law enforcement now takes computer crime seriously, and agencies are loaded with stellar talent who will doggedly pursue and prosecute cybercriminals. Perhaps most persuasive is that success as a black-hat hacker now earns far less respect than having your name on a successful open source software project; the latter will eventually score you a job, while the former is more likely to land you in jail than get you hired.