Successful e-businesses need security watchdogs
Pikramenos, Maria.
Multi - Housing News
36. 10 (Oct 2001): 1.
36. 10 (Oct 2001): 1.
So what exactly should be done to protect an e-business from these security breaches and other threats? According to [Ken Beyer], the first step is dedicating a fulltime staff to monitor a company's computer systems. For an e-business, constant Web site availability is essential as clients turn to this medium for its speed and time efficiency.
Full text
For those operating the thousands of enterprises found on the Internet, however, the process entails a bit more than a few mouse dicks and some typing on the keyboard. Besides fulfilling orders promptly and efficiently, e-business owners must make sure their customers are provided with a safe and secure purchasing environment-one free from the hassles of computer hacking, viruses and fraud.
"Today almost every business has become an e-business. Everyone has a Web site and so in some ways they've opened themselves to the outside world by putting [that] Web site up," says Ken Beyer, chief technology officer of Atlanta-based MortgageRamp.
Inevitably, as use of the Web has grown more frequent, crimes aimed at companies operating Internet-based businesses have also grown abundant. The Code Red Worm and the "I Love You" bug are just two of thousands of viruses repeatedly launched to invade and debilitate the servers of e-businesses nationwide as hackers regularly break into computer systems to wreak havoc within companies. And of course, the new business medium has also made it simpler for anonymous users to commit fraud using stolen credit card numbers, social security numbers and other personal information.
For these reasons, many within the industry claim it is essential for e-businesses to devote much more to the security of their companies than the one-time installation of firewalls or anti-virus software.
"You can't invest [in security] once and think you're done," Beyer says. "It's something [that] you have to get up every morning and do every day."
According to the 2001 Computer Crime and Security Survey conducted by the FBI and the Computer Security Institute, 85 percent of survey respondents, which included a number of large companies and government agencies, encountered computer security breaches in the previous 12 months. In addition, 64 percent-about 168 respondents-- acknowledge there have been financial repercussions due to security breaches and report a total loss of approximately $377.8 million.
MortgageRamp, which provides an online commercial finance platform that offers everything from online borrowing and lending to back-office solutions, handles significant amounts of data provided by its various clients on a daily basis. "Our clients have a vast amount of their competitive advantage in their data and we want to make sure that that data does not leak out to anyone else," says Beyer.
So what exactly should be done to protect an e-business from these security breaches and other threats? According to Beyer, the first step is dedicating a fulltime staff to monitor a company's computer systems. For an e-business, constant Web site availability is essential as clients turn to this medium for its speed and time efficiency. And as numerous viruses and hackers don't just destroy data but also strive to completely disable Web sites, Beyer says it is important for e-businesses to remain on constant alert for security threats. "We've dedicated a full-time staff to monitor not only the latest viruses that are out there, but also to monitor intrusion detection for hackers and other people that are trying to tamper with systems," he says. Beyer admits the "I Love You" e-mail virus did penetrate the company's system earlier this year, although it was quickly taken care of so that no damage was felt by MortgageRamp's clients. As for the infamous Code Red Worm, Beyer says MortgageRamp successfully patched all of its servers before the worm found the opportunity to squirm its way in.
Al Decker, director of security and privacy services for EDS, a global services company headquartered in Plano, Texas, says security has become a predominant issue in the e-business world. Without it, a company's e-business initiative will likely suffer greatly, he says. "You need to build trust in that e-business vehicle before it's going to be used by consumers" Decker explains. Furthermore, a strong security system includes everything from good infrastructure, firewalls and anti-virus software to administrators willing to grow and change with technology. "Security is not a point solution. It's a thorough plan and complete architecture that really needs to be assessed, planned, designed, implemented and maintained," Decker notes. "You can't set it and forget it. Today's solution needs to be updated constantly."
And an important catalyst to achieving that, says Decker, is raising issues of security needs to the very senior levels of the organization-including the CEO. "If the CEO is not behind appropriate security and privacy measures, they are likely to not be as effective as they should be."
As for EDS, the company operates by helping clients manage business and technology complexities encountered in the digital economy. In April 2001, EDS launched its Cyber Security Institute (CSI)-a computer security curriculum designed to arm IT professionals and consumers with skills to battle hackers, security breaches and viruses. "The Cyber Security Institute will provide courses all the way from what we call Security 101, which is a very entry-level course that talks about the basic concepts of confidentiality, availability, integrity and protection of information to some very technical courses on the implementation of technologies and building of security architectures," Decker says.
Also an option in strengthening security protocol within e-businesses is hiring audit firms, such as KPMG, which help organizations measure performance, manage risks and leverage knowledge. Larry Street, leader of the technology department and head of the real estate and lending technology group of the Atlanta-based law firm Morris, Manning & Martin, LLP, explains that companies such as KPMG look into the security systems of e-businesses to determine the obvious and not so obvious ways of gaining unauthorized access to corporate servers and sites. "There are risks," says Street, "but there are also solutions to protect against most of the risks."
According to Street, auditors and security consultants work with an "automated hacker" that tests numerous methods of breaking into a computer. If the hacker is successful, the company is notified via an extensive report and the system's administrator is told exactly which "holes to plug."
Street says he and other lawyers within the firm are frequently involved in drafting agreements between e-businesses and audit companies. "It's important to make sure that those people don't hurt your system in the process of helping it" he says. "They are going to be trying to break into the system... to see if you're secure. So in many cases, we need to make sure that companies aren't harmed by the people they are hiring."
What's more is numerous insurance companies now offer e-businesses customized insurance coverage. "Another way of protecting against [security threats] is by buying insurance," says Street. "A lot of companies are now offering insurance to protect against loss resulting from unauthorized access.
Perhaps the most unnerving fact regarding e-business security issues is that one of the most eminent threats to a company comes from within its own ranks. Street and others maintain a company's own employees pose a great threat to security. In fact, both Decker and Beyer assert that 80 to 90 percent of computer break-ins or violations occur internally.
"Either employees are a security problem because they become disaffected, they inadvertently give out information that allows people to break in or they keep information in an unsecure form that people can easily get access to," Street says.
And yet the biggest threat, Decker asserts, most often stems from companies' utterly lax viewpoints on security.
"The greatest threat [to a company is] the feeling that it is not going to happen to them," he says. "Security tends to be put on the back burner as something we'll get around to. The rapid pace of the e-business environment today just cannot be left to chance."
Reference:
Maria, Pikramenos, 2001. Successful e-businesses need security watchdogs. Successful e-businesses need security watchdogs, [Online]. vol. 36. 10, pp. 1. Available at: http://search.proquest.com.ezproxy.uws.edu.au/docview/236942941?accountid=36155 [Accessed 25 May 2012].
Reference not reachable. Appears to be copied from an article
ReplyDelete