Slowly but surely companies, vendors and governments around the world are starting to take notice and acknowledge that information security is one of the biggest crises facing business today.
The combination of high-speed access and escape, difficulty of intrusion detection and wide open systems due to corporate carelessness adds up to huge trouble for all of us.
Ian Melamed, Chief Technology Officer, SatelliteSafe
Why we`re in so much trouble is best explained through an analogy that I`ve come across in a book, "Crimewarps: The Future of Crime in America", which notes that with the introduction of the car in the US in the early 20th century, the number of crimes doubled. The reasons are obvious, and current indications are that the computer, and the Internet, will have a greater impact on law and law enforcement than that created by the invention of the car.
Again, the reasons are obvious. The Internet provides easy access to corporate resources and rapid escape and difficulty of tracking and detection. And organisations have simply not paid enough attention to this crucial aspect of their business, ensuring the cyber-criminals have free reign, much as the real-world criminals can do as they please in SA today.
Take a deep breath and consider these findings from the 1999 Computer Crime and Security Survey, conducted by the Computer Security Institute in conjunction with the FBI International Computer Crime Squad:
- 62% of organisations had a computer security breach in the preceding 12 months.
- 30% reported system penetration by outsiders.
- 57% pointed to their Internet connection as the point of entry for outside intrusion.
- 32% reported denial-of-service attacks.
- 19% experienced sabotage of data or networks.
- 14% were victims of financial fraud.
- 90% had incidents of virus contamination.
- 55% had incidents of unauthorised access by insiders.
- 97% reported abuse of Internet privileges by their employees.
- 69% lost notebook computers to theft.
- 26% had experienced theft of proprietary information.
New York market research company Datamonitor says despite e-security breaches, which cause $15 billion damage a year, more than half of global businesses still spend less than 5% of their IT budget on security.
So, the combination of high-speed access and escape, difficulty of intrusion detection and wide open systems due to corporate carelessness adds up to huge trouble for all of us.
Two new viruses have raised their ugly little heads. The W32/Navidad@m worm is the first of the Christmas season`s viruses and the Hybris worm, which disappeared after a quiet debut some months ago, has returned in malevolent guise. Navidad arrives as an e-mail attachment. If the attachment is opened and executed, it places an evil eye in your system tray. In the background Navidad sends itself to everyone who sends you an e-mail. At least 10 Fortune 500 companies have been infected. Hybris is nastier, and propagating rapidly. It has a set of plug-in modules it can retrieve from the Web, and Kaspersky Lab has dubbed the worm as "possibly the most complex and refined malicious code in the history of virus writing". I reviewed its activities on the alt.comp.virus newsgroup where it wrought spam havoc, infected PCs posting over 3 000 plug-in messages, and it could be grabbing headlines in the next while. Remember those updates!
Imagine if we tried this in SA - we wouldn`t have enough storage capacity or bandwidth! Japanese police are sending pictures of suspected and wanted criminals to users of Wireless Application Protocol and i-mode phones. The idea is that police will involve the man on the street in catching felons. First up: the mugshots of 25 suspected criminals. Dodgy resolution on small screens must surely limit the chances of identifying and catching the bad guys; but the sheer volume of criminals in this country would surely mitigate against such a service here.
Believe it or not, the CIA has discovered a secret chat room on its network. It had existed for five years without the agency`s knowledge. Management has been severely embarrassed by the disclosure; not that the staff members were necessarily doing anything wrong in the chat room, but rather that it had been in clandestine existence in their midst for so long.
The UK government has shown a bit of resolve on the topic of information security by investing some 28 million pounds in a cyber crime task force. The unit will have 80 members whose main target is online criminal activity, including extortionists, Internet paedophiles and hackers. Reports have it that 60% of the UK`s online businesses have been cracked, so this is a welcome development.
Credit card giant Visa has taken a strong stand on security, creating a new set of standards, and it`s saying that e-commerce sites which do not comply with them will not be able to accept Visa transactions. This could translate to significant loss of revenue for Visa, especially if other credit card firms don`t follow suit. Who`ll blink first?
Sources: CNN, Newsbytes, CNET and ComputerWire.
Share
