Eye On IT: It’s A Mad, Mad World Out There

by Talk Business & Politics staff ([email protected]) 109 views 

In the arms race for the latest in technology, threats to businesses and individuals are increasing and the future may make us all more productive yet vulnerable.

Doomsday scenarios where criminal hackers seek to bring down web sites, company servers, or large international computer networks sound like story lines for comic book superheroes and the villains they relentlessly pursue.

It’s like the Justice League versus the Legion of Doom for control of the world.

Those comic book fictional battles between good and evil are played out in real life nearly every minute of every day on the cyber-battlefield in the Information Age.

“If you’ve been reading science fiction for the last five or ten years, this has been an increasing theme where people envision how trends are going to play out,” said John Burgess, CEO of Little Rock-based Mainstream Technologies.

With open source software, cloud network computing, and more and more emphasis on mobile devices, Burgess says his work is never-ending.

“A lot of our customers have gotten into this technology world. They rely on it for their day-to-day operations, and then they’re confronted almost continuously with something else they need to be thinking about other than what it is that they do,” he said. “Our clients are telling us that they need protection. They’re finding themselves in this increasingly risky world.”

UNDER ATTACK
Attacks like the Heartbleed malware or the data breach at retail giant Target Corp. are examples of high-profile incidents where millions of consumers were impacted, or potentially impacted, by cyber-criminal work.

There are a number of ways your personal or company computers can be affected.

DDoS (Distributed Denial of Service) attacks attempt to crash servers or web sites by sending massive amounts of traffic to overwhelm systems. The servers crash under the load, taking websites and services down with them.

There are also hacking attacks where sophisticated coders with bad intentions manipulate software to gain access to data for illegal purposes, such as stealing identities or using personal financial information to abscond with bank accounts.

In both instances, the motivations for these attacks are wide-ranging from political to revenge to blackmail to pure and simple malicious criminal intent.

Just like Superman saving the planet from a diabolical Lex Luther master scheme, Burgess said there’s a constant race against the clock to find problems before they can be exploited.

“We’re at the mercy of: do the bad guys find it first or the people who wrote the software or does a user of the software find it first?”

A number of government and private resources exist for IT professionals and the companies they work to protect.

The U.S. Department of Homeland Security operates a clearinghouse for defects and attacks, and regularly dispatches CERT bulletins — CERT stands for Computer Emergency Readiness Team — to provide early alerts for problems either in existence or on the horizon.

The CERT web site issues alerts on current activity such as malware attacks, security advisories and updates, and incident summaries. Often, these notices and summaries highlight events that may have happened in New Zealand or Europe underscoring the international nature of threats.

While the acronyms and code words may be confusing – OS X Lion v10.17.5, OpenSSL 1.0.1, Seamonkey 2.26 – these notifications affect your everyday computer and smart device usage. You can sign up to receive notifications daily by email.

If you use Microsoft Windows XP, you’ll likely find something once a week that could impact your programs. The same could be said for iTunes, Google Chrome, or Adobe Reader, Acrobat, or Flash Player. In short, if you listen to music, surf the Internet, download and app, watch videos on your smart phone, or type a Word document, you have some vulnerability.

When the Heartbleed flaw garnered headlines earlier this year, it had actually been in existence since 2012.

Heartbleed wasn’t discovered for deep exploitation immediately, but by the time it did, it rose to the level of “catastrophic” with its worldwide reach and financial impact on commerce.

“Catastrophic is the right word. On the scale of 1 to 10, this is an 11,” noted Bruce Schneier, an independent security expert in a Bloomberg report earlier this year.

The flaw allowed for the revelation of information being processed by web servers, such as usernames, passwords and cryptographic keys. Nearly 500,000 web sites around the world were deemed vulnerable and one e-commerce company estimated that the disruption caused by Heartbleed may have compromised or curtailed as much as a half-billion dollars in trade.

While many of the updates and notices that are sent out may not reach Heartbleed magnitude, they can still be crippling. Truth be told, there’s no guarantee that a seemingly innocuous bug might not be the next Heartbleed. That’s how treacherous the new world can be.

STAYING VIGILANT
The threats mean big business for companies like Mainstream.

One of the larger, more established programming providers in the state, Mainstream writes custom software or can help clients find the right software solution for their needs.

Years ago, the company embarked on developing a best practices model, which included constant certifications to deal with the rapidly evolving world of information technology. Many of its competitors do the same.

Through the Great Recession, Mainstream had grown to a large enough scale to survive the roller coaster of business downsizing and closures. It picked up business as smaller IT players fell by the wayside.

In recent years, the company has also capitalized on managed services, which includes the ability to serve as a cloud-hosting center. Burgess sees more cloud adoption on the horizon as the financial model for firms to turn a capital expense into an operating expense “just makes sense.”

That paradigm shift plus the exploding world of mobile technology is going to increase business reliance on IT companies like Mainstream.

Burgess says that he sees many companies — particularly smaller and mid-size firms — looking at their IT departments through two different lenses. Their IT staff can provide stability within the company or be innovators.

Mainstream can do either.

“It’s hard to staff for both innovation and stability. Our message is pick which way you want to go, and we’re happy to play whichever role you want,” Burgess said. “If you want your in-house staff being responsible for maintaining the stability of what you have, then do that and we can assist you as the agents of change. If you feel like you have the agent of change in-house or you want to be in control of your innovation, then turn your day-to-day stability issues over to us.”

WORKFORCE WOES
Tracking Arkansas’ information technology workforce is tricky.

If you look at pure-play IT employment in the state’s Monthly Survey of Employers, the labor force has been shrinking. Ten years ago, there were an estimated 19,800 Arkansas workers in the information field. As of May 2014, only 13,800 workers are classified as information-related jobs. That’s just 1.1% of the state’s overall non-farm employment.

However, in the new digital age and with the democratization of technology, many tech employees might not show up in the survey report.

An office manager may be a small company’s IT department. Many firms now outsource IT management to independent consultants and those solo operators are unlikely to show up in the statistics.

Another factor limiting the true identification of IT workers is that they may be reflected in other sector numbers. For instance, “professional” and “scientific” jobs may be heavily IT-related but they’re recorded in their respective categories. Likewise, a bank or trucking company IT worker will generally be categorized in the “financial services” or “transportation” sector. The same could be said for Dillard’s or Wal-Mart, whose IT employees are more likely to be counted in the “trade” category.

Ask around and employers will tell you there are a dearth of workers with formal IT skills and that’s limiting to recruiting tech companies with which economic developers hope to score big. The attitude is pervasive from large employers to startup entrepreneurs who single an IT skills shortage as problematic for growth.

The conversation has caught the attention of the two major party candidates for Arkansas governor, Republican Asa Hutchinson and Democrat Mike Ross.

Hutchinson has been talking for months about the need to teach computer coding at the K-12 school level. He thinks Arkansas could become a national leader in education by adding “coding and programming” courses to its curricula. He says his plan is crucial to “creating the job skills used in an information-based economy.”

He’s offered specifics, such as making computer science courses available in every high school in Arkansas, as well as making them count toward core graduation requirements. That’s a shift from current state law which does not give math or science credit for computer science.

“Arkansas should lead the nation in producing students with the knowledge and technology skills demanded by our current economy. The high demand for these skills will translate to more jobs, more entrepreneurs and ultimately greater sustained economic growth for Arkansas,” Hutchinson said when discussing his proposal at greater length in January of this year.

He also wants to improve technical training in high schools in a way that will enhance the curricula in both two-year and four-year colleges.

While he hasn’t embraced Hutchinson’s call for computer science in every high school, Mike Ross has laid forth ideas for improving education with the technical and skilled jobs of tomorrow.

Ross contends that nearly half of the jobs in today’s marketplace didn’t exist 25 years ago.

“A worker today will need to learn a new set of skills several different times throughout his or her life and will have to match those skills to jobs. In previous generations, a typical worker would only have two to three jobs in a lifetime,” Ross said in rolling out his jobs plan in June. “Now studies tell us that today’s young people will have between 10 and 15 jobs throughout their lifetimes.”

Both candidates seem focused on closing gaps in education to bridge technical skills to jobs in waiting or yet to be imagined.

Their plans may not be the panacea to the problem, but they can’t hurt.