A new study indicates that e-commerce operations are 57 percent more likely to experience a security breach than other online sites, and 24 percent more likely to be the target of a hacker/cracker attack. E-commerce companies involved in the study have been impacted by most examined breach categories.
“The 1999 Information Security Industry Survey” — published by ICSA, Inc., through its Information Security Magazine — collects data from a survey that took place between April and May of this year, polling 745 administrators, managers and executives working in the data management, IT, networking and security fields.
For Your Consideration…
“A recent white paper published by International Data Corp. (IDC) proposes an interesting formula for determining the most vulnerable points of your enterprise IT infrastructure,” said an ICSA statement. “The number of vulnerable points is equal to the number of critical enterprise resources multiplied by the number of users who have access to those resources. For example, if an NT server has 10,000 files and 100 users, that’s 1 million access points — to that server alone.”
$23.3 Million In Security Breach-Related Loss
According to the survey, the number of companies that have been hit by a hacker/cracker attack increased ninety-two percent from 1997 to 1998. With regard to financial losses that have resulted from all security breaches, the average amount was $256,000 (US$), with 91 respondents, however, indicating a total of $23.3 million.
“Employee access abuses continue to be the most common security breach, but it’s clear that the growth of e-business has intensified the threat of computer attacks from outside the company’s walls,” commented Andrew Briney, Information Security’s editor-in-chief.
Norwood, Massachusetts-based ICSA, Inc., a Gartner Group affiliate, provides independent Internet-related security assurance services.
Ninety-three percent of the survey’s respondents have experienced at least one type of security breach, while sixty-five percent have experienced multiple types of breaches. Where there’s a problem, there’s a solution provider hot for the scent of your money. Good grandfatherly advice that holds true, particularly in the area of computer-related security issues.
Network Associates, Inc., (Nasdaq: NETA) one such provider, announced last week the release of its CyberCop Monitor, a second-generation intrusion detection product.
Features of the new product include detection of network and system attacks on high-speed networks, detection of attacks on encrypted and switched networks, an “autorestore” feature to utilize after an attack and centralized enterprise management and reporting.
The new server-based product is being introduced by way of a free offer. Users of Network Associates’ NetShield antivirus product will be shipped a free, fully functional 90-day evaluation copy. All other interested parties can obtain more information at the company’s Web site.
Security experts are asking companies to examine their policies and consider more comprehensive solutions. “With the rapid increase in new hybrid threats such as Explore.zip and Back Orifice 2000, the ability to detect both viruses and hacker attacks on the same system is becoming an increasingly important advantage,” stated Jim Ishikawa, director of security product management for Network Associates.