Analysts at Gartner have warned that security threats on the Internet were being exaggerated. They have also compiled a list of five IT risks that they believe were being magnified by security experts.
Gartner has released the following list of the supposedly grave risks at the IT Security Summit in Washington, D.C.,
* IP telephony is unsafe
* Wireless hotspots are unsafe
* Regulatory compliance equals security
*'Warhol' worms will make the Internet unreliable for business traffic and VPNs
* Mobile malware will cause widespread damage
Lawrence Orans, principal analyst at Gartner, explained why the firm considered that these risks were overblown, "Many businesses are delaying rolling out high productivity technologies, such as wireless local area networks and IP telephony systems, because they have seen so much hype about the potential threats," he said.
Gartner believes that this perceived threat to IP telephony is minimal and that preventing attacks targeted at the IP telephony was similar to the way data-only environments are secured. Gartner feels that telephony eavesdropping is the most exaggerated threat, since eavesdropping requires the compliance of local area network (LAN)-based access to the intranet.
Commenting on the supposition that wireless hotspots were unsafe, Gartner analysts pointed out that by seeking out 802.1X protected access points, mobile users can ensure adequate safety since these points facilitate encryption between the mobile endpoint and the access point. John Pescatore, vice president and Gartner Fellow, said, "Mobile uses in hot spots should utilize their corporate VPN connection to protect traffic as it travels through the Internet. Mobile users in hotspots should use personal firewalls and turn off file/print sharing to protect their endpoints from data theft."
Coming to the point that regulatory compliance was considered equal to security, Gartner felt that most regulations only lead to increased reporting rather than any security enhancement, "Regulations generally take more static looks at issues and generally don't lead to higher levels of security in proportion to the spending required to meet the latter of the law.
The best way to increase enterprise IT security is to buy and build software that has fewer vulnerabilities, but there has been no regulatory focus on this area. Companies should focus on building stronger security processes, then document these processes to demonstrate regulatory compliance," Mr. Orans said.
Gartner analysts said that a "Warhol Worm" had the capacity to infect all vulnerable machines on the Internet within 15 minutes. But the only time this happened was in 2003, when the "SQL Slammer" worm had hit the Internet.
And mobile malware was to be treated as a niche nuisance in the immediate future, "Anti-virus vendors see huge potential profit opportunities in selling security solutions to billions of cell phone and PDA users. In particular, the anti-viral industry sees cell phones as the way to grow sales outside of a flat, commoditized PC market. However, device-side anti-viruses for cell phones will be completely ineffective. The most effective approach to blocking mobile malware will be to block it in the network," Mr. Pescatore asserted.
If you want a detailed Hype Cycle report on a variety of IT industries, visit the Gartner website at http://www.gartner.com/Init
