This has been a pretty good year for infosec. Although some old problems, notably viruses and patching, have not seen nearly as much improvement as we would have liked, security awareness is making its way up the corporate agenda and into the boardroom.
Compliance is pushing a lot of that: nothing focuses attention in a CEO's mind like the prospect of being hauled off to jail. And on the back of compliance, no expense is being spared to get the ship in order. Wily IS managers are using this to their advantage, meaning that while the compliance process is a chore, it is also a handy driver for new budgets.
Unsurprisingly, compliance is the top worry for our readers looking ahead to next year. We conducted a survey of magazine subscribers, asking about the state of play within their organisations. You can read all about the results in this issue.
One of the most interesting results was the shift in focus that has occurred in the past couple of years. Spam was a major worry two years ago, but today it barely sneaks in at fifth place, with four times as many people highlighting viruses as a top concern. Also interesting is the evolution of that shift that our readers are expecting to see next year, with compliance at the top.
Increasing frustration with malware is also very much on everyone's mind. And while spam seems to be slipping in terms of priority, it is still a significant problem. So much so that some consider vigilante justice a viable option. Although the internet is often compared to the Wild West, the analogy breaks down in practice, as one internet portal discovered the hard way.
It was Lycos making the headlines, starting when it announced its "Make love not spam" campaign, encouraging internet users to download a screen saver which would then conduct a co-ordinated DDoS attack against sites belonging to spammers. Not a great idea, if you ask anyone who cares about such matters as collateral damage, liability or due process.
To no one's surprise, the second time Lycos made the news was when www.makelovenotspam.com was defaced and then taken offline, merely days after launching. And then, predictably, a spam site targeted by the botnet (to call a spade a spade) pointed its homepage back at Lycos, which was then effectively attacking itself.
But the underlying frustration that drove Lycos to try the scheme cannot be ignored. Users are losing patience with ineffective anti-spam laws, technological limitations and mail abuse, and are willing to cross the line to tackle it. Would you? And would you do the same for the zombie networks, viruses, spyware, DDoS attacks and phishing?
Write to firstname.lastname@example.org to tell us the limits of your patience, or share your expectations for 2005.
Jon Tullett is UK editor of SC Magazine