Cyber
Crime Bleeds U.S. Corporations,
Financial Losses From Attacks Climb For Third Year In A Row! - CSI/FBI 2002
By Mike Fitzpatrick
President
NetConnX Technologies
----------
Every year, companies lose millions because of Cybercrime / Information Security
related issuses. As a veteran in the information security industry, Mike Fitzpatrick
offers some shocking facts and some very serious questions.
----------
Based on responses from 503 computer security practitioners in U.S. corporations,
government agencies, financial institutions, medical institutions and universities,
the findings of the "2002 Computer Crime and Security Survey" confirm
that the threat from computer crime and other information security breaches
continues unabated and that the financial toll is mounting.
Ask Yourself These Questions:
What would be the impact on your company with a serious security incident or
catastrophic event?
Have you assessed the risk of receiving a reputation for being slack with your organizations security?
What would the impact be on your company's Reputation, Revenue, Legal, Operational Performance and Investor Confidence?
What steps have you taken to satisfy yourself that a well-intended (or not) third parties will not or have not compromised the security of your organization?
Has your company conducted independent assessment of your IT Security? Is Data Security being managed effectively in your organization?
Small Business Has Just
As Much, If Not More Too Loose:
There are multiple impacts of not properly securing your company's network.
First and foremost are costs that directly impact the bottom line: The annual
security related damage more than doubled last year to 2M$ per respondent according
to a recent study funded by the FBI.
The broader impact of NOT securing the network includes not only revenue loss and direct costs associated in cleaning up the effects, but also lost credibility and productivity. Imagine a healthcare provider whose network has been penetrated, and patient information stolen. Or a financial institution that is breached with the loss of client account data. Both organizations would face litigation, and a huge loss of customer credibility and trust. Alternatively, what's the legal liability of your company if it becomes the launching pad for a DDOS attack on other companies? This type of collateral damage can far outweigh any immediate financial loss caused by an attack.
For many businesses today, one of the biggest considerations for setting security policy is compliance with the law. I don't have to tell you that we live in a litigious society. If I'm an Internet service provider and hundreds of e-Businesses rely on me to run their Web sites with 100 percent uptime, I'm potentially liable should a hacker or a virus take down my operation. The last thing I want an attorney to discover is that I didn't take enough precautions, or I wasn't current, in securing my network against internal or external threat!
I'm not aware of such lawsuits
yet, but experts say it's only a matter of time.
Legal liability in such cases is likely to depend on what prevention technologies
and practices are available and on whether these technologies and practices
are reasonably cost-effective to implement.
As a result, showing due diligence will mean everything from implementing technologies such as firewalls, intrusion-detection tools, content filters, traffic analyzers and virtual private networks to having best practices for continuous risk assessment and vulnerability testing.
Everything Starts With
Planning:
Napoleon once said, "planning is everything, the plan is nothing"
It's the process of planning and the execution that results from it that are
important. In security, it's not so much the development of the policy or plan
- but the wheel of activities that follow.
The first step in securing your data and developing your plan is to find out were you are vulnerable, what are the exposures in your data security network. As the Owner, President or C.E.O. of your business it is critical that you work with a third party professional data security consultant in conducting an Independent Data Security Assessment for your organization. The Data Security and the ultimate financial wellbeing of your company or organization cannot be left in the hands of your IT Department, remember this is your responsibility.
Taking this step will provide several benefits to your organization. A Data Security Assessment will provide you with a complete report that will highlight your High, Medium and Low Vulnerabilities, while also providing a complete remediation timeline and plan for addressing those critical needs. As a result of implementing this plan you will also receive improved accountability from your IT Department, improved IT Management, reduced IT expenditures and most importantly you will have minimized your overall risk, while reducing your liability.
Effective Security Solutions
Are Much More Than Anti-Virus:
Today, Data Security and Business Continuity are very complicated subjects that
involve complex solutions. With the attacks of September 11th 2001 we must look
at data security & business continuity more seriously. In the past, the
use of a firewall was enough to detour most would-be hackers. That is not the
case today, simply put, a "Firewall is not enough." Today, the hacker's
offense is getting better; we (the business community) must develop a better
and evolving defense to protect your company's assets. As a result we must deploy
security and business continuity solutions that use a layered approach. In this
layered approach you would use Firewalls, Virtual Private Networks, Intrusion
Detection Scanners, Content Filtering, Anti-Virus, Security Management Software
and Data Integrity Software all working together to provide the necessary checks
and balances for your organization. The idea is to make each layer more difficult
than the one before, then if they do get through or damage your systems provide
the proof necessary to find and prosecute the criminal.
The Bottom-Line:
Data Security is an evolving practice in which you must be diligent in order
for it to be effective. It requires the leadership and participation of the
Ownership, President/C.E.O. and should not be left to your IT Department. Decide
on acceptable use policy and enforce the policy, after all it's your company.
With the increased need for improved data security and business continuity planning it is paramount that you align your company/organization that is very experienced in Data Security and Business Continuity Planning. Using an Independent Data Security Assessment will make a significant impact on minimizing your company's liabilities, overall risk, while increasing IT Accountability and decreasing IT expenditures.
Protect your IT assets, by closely monitoring and auditing the environment with Intrusion Detection Scanners, Firewalls, Virtual Private Networks, Content Filtering and Log Management Tools. Make sure that you have a plan to react to security breaches, and partners lined up to help you should you need it. Finally, the key is to operationalize the process of continual implementation, monitoring, and reacting, so that it is a repeatable cycle.
Mike Fitzpatrick
President
Netconnx Technologies, Inc.
http://www.netconnx.com
Please explore our other
menu options for more information on NetConnX and the services that we provide.
NetConnX 888-411-1699 24hrs
Copyright © 1996 - 2009 NetConnX Technologies