Investors call for action to curb hackers
Cyber attacks can damage a company & send its market value plummeting
Demands for better security are growing
DoS Attacks & the FBI, Yahoo, eBay, Amazon
It could also be a film script – the FBI is attacked by hackers who wreak havoc by flooding its website with false requests and bring it to a standstill. Yet this is what happened earlier this year.
Denial-of-service (DDoS) attacks have become a real threat to some of the world’s biggest online names. Between February 8 & 22 Yahoo lost $17.2 billion in market value after it ground to a halt during a DDoS attack. The share prices of the e-commerce companies eBay and Amazon dropped by almost a quarter after Cyber attacks. And observers say hacking is becoming prevalent in Britain.
A widely reported case is that of 18 year old hacker Raphael Gray, using the alias Curador to download 26 000 credit card numbers from financial companies. Then he posted 6 500 of them on the internet. He said he did this to highlight how weak information security is in Britain.
CSI & FBI Survey reports 90% of respondents have been cyber attack victims
The annual Computer Security Institute Survey of American computer crime, conducted with the FBI and published in March found that 90% of respondents had been victims of cyber attacks. A total of 273 organisations said they had lost $266m but this figure represents only the 42% of those surveyed willing to quantify their losses.
The American government has been a supporter of concerted action against hackers, and President Clinton published a plan for this year to tighten up critical infrastructure in partnership with the private sector.
Business advisors have been quick to answer the challenge. As the management of company risk is most often dealt with by internal audit departments, the White House called on the Institute of Internal Audit, which has branches across the world. It has plans to go to Canada and France and is looking for sponsorship to come to Britain and other European countries.
What action are British companies taking?
The risks a company faces in its market should already be uppermost in the minds of directors of quoted companies after the release of the Turnbull code on corporate governance last year.
The code, which has become part of the Stock Exchange’s listing requirements, calls on directors to put in place systems that can deal quickly and effectively with risks, and information security should be high on the list.
Deloitte & Touche’s European e-business partner, Yag Kanani, believes Britain is on the way to getting it right. But, he says, even with the Turnball code there is wide divergence in attitudes to tightening up on security. E-commerce sites and regulated companies such as banks tend to be much more active in this area. Other companies seem less concerned.
‘ We could not afford to wait for a disaster before establishing security procedures’,
say Abbey National
Andrew Newell, Abbey’s internal audit head, says customer information lies at the core of the business and account holders expect it to be confidential.
All information must first be categorised to comply with the Data Protection Act. This means Abbey must say why the information is held and how it will be used.
Newell says,'The vast majority of information is held on computers and this is where we are most at risk. The information department will define standards that need to be applied, depending on how critical the information is’.
Yet, for financial- services provider such as Abbey National, information access is becoming far more of a headache as customer data must be open to account holders in new ways such as over the net. Newell says the onset of e-banking has made protection imperative and part of the role of his security division is to monitor overall activity and look for any potential dangers.
The department also undertakes the preventative activity such as using external consultants to try to break the firm’s systems. But abbey admits that with about 10 new viruses cropping up every day, staying on top of security is a round-the-clock job.
At the moment stock market analysts do not take security too seriously when they value shares, but most believe the time is approaching when firms will suffer if they do not put money into protection.
West LB Panmure’s technology analyst, Jonathan Crozier, says: ‘Most companies in the UK see the internet as an embellishment to the business and I do not think security is yet recognised by the analytical community as a huge issue’. He says the largest cyber attacks have been in America so analysts there see it as more of a problem.
However, with most security violations coming form inside rather than outside companies, he expects large companies to spend more money on improving their systems.
Crozier, who is doing research on the types of security on offer in the market, says the number of websites with no security has gone up rather than down in the past three years.
One analyst says it is just a matter of time before investor’s demand more for their money than promises. And with America’s Institute of Internal Audit on the verge of launching its offensive, company directors may start having to see the FBI’s experience as more than just a good plot for a blockbuster film.
Source: The Sunday Times Business Section – 9 July 00
Please feel free to email us - firstname.lastname@example.org
Images and content are copyright to Cipher-IT Ltd
Site designed by Cipher-IT Ltd