Security study: You will be owned

Editor's note: The following story is from InfoWorld’s 2008 April Fool's spoof-news feature package. It is not true. Enjoy!

Enterprises seeking a modicum of certainty in the ever-evolving threat landscape finally have it: No matter how much human, technological, and financial resources you commit to securing your enterprise, you're hosed.

According to a research report published by a syndicate of IT security research labs, enterprises finally have something to plan their security implementations around -- namely, that exploits, like death, are a surefire occurrence worth betting on.

In a recent paper published by the Foundation of Underground Developers (FUD), an all-star team of high-ranking experts assembled from a collection of the industry's leading anti-malware labs contends that despite continued investments made in a wide range of security technologies, nearly all businesses remain utterly helpless in defending themselves from external attacks.

From botnets to spear-phishing, to cross-site scripting and DDoS (distributed denial of service) threats, there are no shortage of attacks that will "summarily exploit companies' ubiquitous vulnerabilities" and "expose their most sensitive data to any half-baked thieves with Internet access," said the FUD researchers who authored the paper.

[ April  Fools! Click here for more InfoWorld April Foolery. ]

"It's actually pretty comical. Every major business in the world is spending millions on IT security, and basically, they're still just sitting there like wussies waiting to get owned by all sorts of attacks," said Marcus David, head of the Alert Labs Group at anti-virus vendor McAvoid. "Essentially, the malware authors are making way more money than the good guys, so they're working much harder; the cops and the courts clearly don't care about prosecuting the bad guys, so the white hat community is pretty much just going through the motions."

Based on the group's inaugural survey of 509 IT security professionals, most of those people paid to defend their companies' data and IT assets from external assault feel that the "game is already over," David said.

However, some 87 percent of respondents indicated that they would continue to encourage their employers to spend money on point products, despite characterizing the technologies as "woefully useless" (79 percent), "overpriced and underengineered" (64 percent), or "shameless vaporware" (58 percent).

Companies may be working to adopt top-down IT risk management and data governance strategies to help foster a more holistic approach to security, but those academic concepts were labeled as "consultant-bred mumbo-jumbo" (82 percent), "vendor marketing jargon" (73 percent), and "totally made-up hogwash" (69 percent) by those professionals responding to the FUD survey.

Experts have long evangelized the need for executive support for security projects, but getting business people involved in the process has only made the situation more dire, FUD researchers said.