The Friday Interview: Simon Perry, CA

19 Jan 2007

This week’s interviewee is Simon Perry, security strategist with CA

There’s been a lot of talk recently about cyber terrorism. What’s your take on this?

For a start, I object to the term “cyber-terrorist” and sincerely wish that it will drop out of the IT spokesperson’s lexicon.

The reality is that if those people with philosophical and organisational links to terrorist organisations attempt any of the techniques like launching spyware, a virus or distributed denial of service attack, the attacks themselves will look like all the other major attacks launched by the organised criminal and amateur hackers.

Most importantly, businesses are already doing their best to defend themselves against such an attack anyway.

So-called ransomware is also supposed to be a growing threat. Do you agree?

Let’s look at this – pretty much all virii carry a payload of some sort. Ransomware differs only in that the virus’ payload is different than a straightforward mass mailer or data-deleting attack of a few years ago.

Sure, we’ve seen a few examples and we’ll see a few more but actually the number of viruses with any payload effectively getting through to the desktop seems to be firmly on the way down.

Will company boards “get” IT security in 2007 as some have predicted?

We as IT professionals continue to spend too much time wondering how this new feature will make our IT run faster or better but not enough time recognising a clear line of sight between how any given IT moving part delivers bottom- or top-line change to the business or how it supports the business’s competitive strategy.

For example, for a retailer, how does security sell more tins of beans? For an airline, how does security fill more seats profitably? Closing this disconnect is a slow journey.

Microsoft Vista is likely to be a big target because of its profile. Are you expecting lots of security vulnerabilities to exploit it?

Vista will prove to be harder to attack than any other previous Microsoft operating system and demonstrably harder to attack, when properly installed, than some other operating systems too.

By year end of 2007 we should see a net reduction in successful serious attacks that are unique to Vista.

You’re not suggesting that security threats this year are going to be marginal?

That certainly isn’t the case. The important thing to take away is that much of the hype around security is exactly that – hype.

There is a need to take a more realistic approach to security, realising that at the same time as being aware of new threats and issues there needs to be a grown-up evaluation of what this actually means to the business.

By Gordon Smith

Loading now, one moment please! Loading