News
Commentary
9/23/2004
02:23 PM
Commentary
Commentary
Commentary
50%
50%

SmartAdvice: Consider Long-Range Vision For IT When Upgrading ERP Systems

Get users on board early and incorporate company strategy when planning an ERP upgrade, The Advisory Council says. Also, adopt cybersecurity policies to head off cyberthreats and consider getting a technology-risk insurance policy; plus, measure a project's business value before it gets started.

Question B: What can we do to protect ourselves from cyberextortion threats?

Our advice: Cyberextortion is just one of the many forms of cybercrime proliferating through the Internet. The CERT (Computer Emergency Response Team) Coordination Center recommends that businesses:

  • Recognize the real problem is crime, not hacking. The criminal intends to make money, rather than to just disrupt the business being attacked.
  • Business intelligence needs to include criminal-intelligence analysis. In addition, risk assessment needs to incorporate criminal threats, and cybersecurity needs to be conceptualized as part of a broader security problem that cannot be understood or dealt with in strictly technical terms.

  • Related Links

    Organized Crime and Cyber-Crime: Implications for Business

    Extortion Online

    How Are You Managing Technology Risk?

    RiskWorld insurance Web site links


  • Beware of infiltration. Know your customers, your partners, their clients and associates, and so on, especially if you are involved in cross-border trade or transactions where cyberlaws may be different from those in your own country.
  • Develop partnerships and information-sharing arrangements. Develop a working relationship with government and law-enforcement agencies. There is broad agreement that cybercrime is under-reported.
  • In addition to the tactical advice above, there are a number of strategic maneuvers that companies, and the industry as a whole, can make to circumvent the growth and impact of cyberextortion:

  • Seek and obtain corporate buy-in at every level of the organization. Use such techniques as scenario training to demonstrate the impact of cyberextortion on the company and the industry as a whole. Empower the IT department to take preemptive steps to safeguard systems.
  • Set the tone starting at the top. Regardless of the size of the company and the relative size of the cyber-threat, respond and react to it as if the very life of the company depended upon successfully circumventing it (in some cases, it actually may depend upon it).
  • Work closely with and support both industry and government bodies, including local law enforcement and federal agencies, in developing measures to prevent and respond to cyber attacks.
  • Adopt a "do whatever it takes" attitude to prevent and respond to cyber attacks, using such technologies as firewalls, cyberattack defense systems, real-time intrusion-detection systems, and preemptive scanners.
  • Control who has access to systems and when. Access to information systems should be provided on a "need to know" basis, and stringent controls must be put in place to prevent unauthorized access. These controls include:
    1. A system for assigning access to data resources for various stakeholders.


    2. A system for creation, suspension, and deletion of user IDs and passwords.


    3. Open communication between the IT and Human Resources departments.


    4. Define the "need to know" based on job function.


    5. Establish formal information-security policies, and have employees sign agreements to comply with those policies.

    One final piece of advice: If you don't already have one, get a technology-risk insurance policy that covers cybercrimes such as extortion, as well as the consequences of such crimes. These consequences include security breaches, denial of service, loss of intangible property, and business disruption.

    -- Sanjay Anand

    Previous
    2 of 3
    Next
    Comment  | 
    Print  | 
    More Insights
    Register for InformationWeek Newsletters
    White Papers
    Current Issue
    InformationWeek Tech Digest, Dec. 9, 2014
    Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
    Video
    Slideshows
    Twitter Feed
    InformationWeek Radio
    Archived InformationWeek Radio
    Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
    Sponsored Live Streaming Video
    Everything You've Been Told About Mobility Is Wrong
    Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.