Web site defacements and other Internet security breaches are often seen as trivial irritations which don`t really harm the business. But, says the UK-based Institute of Directors (IOD), they`re costing businesses around the world a staggering R3 780 billion.
No one and nothing is inherently secure.
Ian Melamed, Chief Technology Officer, SatelliteSafe
Say it quickly, and it doesn`t sound like real money, but to put it into perspective, that`s 252 times the value of SA`s IT industry. Not so trivial, is it?
Whatever methodology the IOD used to arrive at this breathtaking figure, it numbs the mind to consider the scale of online security breaches.
If you`d like to validate the scope just of Web site defacements, I`d urge you to visit www.alldas.de, a German defacement archive, where up to 260 defacements are registered each day. Many of them are South African Web sites (ballooning.co.za, adcpl.co.za and development.co.za were three recent defacements I noted), and many are extremely high-profile companies which should in all theory and conscience not be hacked.
The fact of the matter is that the hackers who are causing havoc out there seldom do significant damage, but they undoubtedly embarrass companies and erode brand equity.
What should be keeping management awake at night is the fact that if Web sites can so easily be breached, what of other online systems? The IOD notes correctly: "Any organisation that operates online is now no longer in control of the boundaries to its business." Chilling words.
The IOD drills in on the crucial issue of trust. It says self-protection will drive companies first to achieve "trust status" by demonstrating they have taken all reasonable steps to thwart e-mayhem. It warns that companies "will have no dealings with organisations that either do not try for or have lost trust status. Once lost, trust status will be almost impossible to regain".
The IOD invokes the well-worn, but worth reciting statistic that more than 66% of breaches of company security come from within. These can be as simple as an employee unknowingly bringing in a virus-infected disk and using it on the network, or as cynical as vandalism or theft. Regardless, the IOD cautions that misuse of e-mail or the Internet can leave you open to prosecution and directors at risk of imprisonment. The message is clear and unequivocal: the responsibility for and the consequences of Internet security begin and end on management`s desk.
* I reported last week that ITWeb had been hacked and briefly defaced. What is less well known is that Moneyweb, Alec Hogg`s financial portal, was also hacked and defaced: an amazing three times in one day! My understanding is that the site has since been resecured, but it reinforces my stated belief that cyberwar has landed in SA, as we are now simply part of the broader global connected community. No one and nothing is inherently secure. Microsoft`s central Web site was defaced in this same period, mere days after several international Microsoft Web sites were cracked and defaced by Brazilians Prime Suspectz, who also took down a server in Microsoft`s .com domain at streamer.microsoft.com. Prime Suspectz left an angry message: "Microsoft Owned! Where is the security?" The server was running Microsoft`s own Web software, Internet Information Service 5.0.
* The issue of Web site defacements reached red-hot status with the "war" between American and Chinese crackers following the US spy plane incident. The two groups initiated an all-out war, beginning 1 May, and by 9 May more than 1 100 Chinese Web sites and 1 000 US Web sites had been defaced. The battle was called off, with the Chinese conceding defeat.
* In line with all this intrusive activity comes a report that the Pentagon`s computers have been under sustained attack for more than three years. Amazingly, with all the modern intrusion detection equipment the Pentagon must have, it has no idea who is responsible for the attacks.
* Lastly, another social engineering virus briefly reared its head last week. The Homepage virus, VBS.VBSWG2, wrought brief havoc around the world before disappearing. It used similar code to February`s Kournikova worm. It simply said "this is cool", and took users to porn sites. Here`s some worthwhile advice: you can easily block VBS attachments from entering your site, and Microsoft has had patches available for 11 months. There`s no excuse for being hit!
(Sources: Cnet and Silicon.com.)
Share