CIO Jury: ISPs blamed over corporate security threats

Internet service providers (ISPs) are failing to do enough to stem the tide of denial of service attacks, phishing scams and spam email bombarding corporate networks and websites, according to UK IT chiefs.

Compromised 'zombie' PCs are often used by hackers to launch a wave of internet traffic at websites and corporate networks in denial of service attacks, while just this week Yahoo! was criticised for failing to take down thousands of phishing websites hosted on its domain.

Ten of silicon.com's 12-man CIO Jury IT user panel voted that ISPs should be forced to take more responsibility for stopping many of these attacks at their source by cleaning their networks of fraudulent websites and alerting police when they find large numbers of compromised customer PCs.

Christopher Linfoot, IT director at LDV Vans, slammed Microsoft for failing to do anything to stop the flood of 419 spam emails from domains hosted by Hotmail servers and said ISPs generally need to do more.

"Most ISPs seem to regard the provision of IP connectivity to be the end of their responsibility. As the mean survival time of an unpatched system is less than 20 minutes this means that huge numbers of home systems have been taken over by remote abusers. Novice users cannot really be expected to handle their own security and the ISPs have a moral duty to protect them. Most fail," he said.

Mark Foulsham, head of IT at esure, said ISPs should look at the marketing advantages of selling the fact that they cleanse their networks of these security threats to customers.

"This will no doubt continue until successful litigation forces ISPs to do otherwise. The irony is that the ISPs don't want to lose customers but in fact they should be using a 'cleaner' marketing message to attract more clients," he said.

Luke Mellors, IT director at the Dorchester Hotel, said ISPs need to do more on security but acknowledged it is also a case of "damned if you do and damned if you don't" for them.

"The more we make ISPs responsible for these types of issues the less privacy we have over our information. I agree that these issues are more and more a problem but am unsure that it should be the ISP that should be held accountable," he said.

But not all pointed the finger of blame at ISPs and Chris Broad, head of IS and technology at UKAEA, said: "Do we blame the Post Office for carrying spam letters?"

Today's CIO Jury was...

Les Boggia, head of IT, Carole Nash
Chris Broad, head of IS and technology, UKAEA
Mark Foulsham, head of IT, esure
Tony Johnson, IT director, Virgin Megastores
John Keeling, director of computer services, John Lewis Partnership
Andrew Leaning, IT director, Dod's Parliamentary Communications
Christopher Linfoot, IT director, LDV Vans
Nick Masterson-Jones, IT programmes director, Voca
Luke Mellors, IT director, The Dorchester
Rory O'Boyle, head of IT, The Football Association
Peter Pedersen, CTO, Blue Square
Andy Pepper, director of business information systems, Tetley

If you are a CIO, IT director or equivalent at a large or small company in the private or public sector and you want to be part of silicon.com's CIO Jury pool, or you know an IT chief who should be, then drop us a line at editorial@silicon.com