The Threats Get Nastier - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
11:25 AM
Connect Directly

The Threats Get Nastier

IT threats are growing in number, sophistication, and ill intent. Think you've got them under control? Just wait till tomorrow.

"I think we have a posture in dealing with the threats that face us that's working," says Kent Podvin, director of IT with Capital BlueCross. "We have a good proactive scenario ... whereby we keep things properly patched."

The last major virus outbreak at Capital BlueCross was three years ago, prompting the health-insurance provider to sign up for Cybertrust Inc.'s security services. More recently, the company invested in encryption software from Pointsec Mobile Technologies AB to protect its laptops, PDAs, and cell phones, as well as identity- and access-management software from Sun Microsystems.

chart: Security Hurdles

What are the biggest security challenges facing your company?

Managing the complexity of security

User awareness
Preventing breaches

Note: Multiple responses allowed.

There are hundreds of stories like this across the business landscape--companies accelerating security spending, plugging holes, and reinforcing their network perimeters. Environmental consulting firm Geologic Services Corp. has deployed access-management software from Positive Networks Inc. to authenticate and verify security settings and users before allowing network access, along with antivirus software from Kaspersky Lab Inc. "I think it's manageable," Sean Lawless, Geologic's technology systems manager, says of the security threats. "I don't see it spinning out of control."

But it may be a false sense of information security. As evidenced by this month's Windows 2000 worm outbreak and an alarming series of customer-data breaches, including backup tapes lost in transit, the bad guys are laughing at the business community's efforts at improvement. Compromised databases, especially those involving customer records, represent a worst-case scenario. "Our biggest concern is someone accessing customer data and fear about the company's reputation," says Bob Graham, senior VP at Farmers and Merchants Bank, a $3 billion bank with 120,000 customers. "Our tagline is that we're 'California's strongest bank.' We wouldn't want an article about lost customer data."

Is your organization more vulnerable to malicious code attacks and security breaches than it was a year ago?


What type of security breaches or espionage have occurred in your organization in the past year?


chart: Security Fallout

Dollar Losses

Companies struggle to estimate losses attributed to information-security breaches or espionage.

A third of respondents say they don't know the total value of losses they suffered because of attacks in the past 12 months. Two in five sites report losing less than $100,000 to information-security breaches in the last 12 months. Another 6% of respondents estimate financial losses in the $100,001 to $500,000 range and 3% put losses at $500,000 or more.

The first half of 2005 has seen too many headlines on that very problem, ranging from Bank of America Corp.'s embarrassing admission that it lost backup tapes with the Social Security numbers of 1.2 million federal employees to a security lapse at CardSystems Solutions Inc. that may have exposed data on millions of payment-card accounts. From January through June, there were more than 50 serious data breaches at businesses, government agencies, and universities, affecting more than 50 million identities, according to data compiled by the Privacy Rights Clearinghouse.

Our survey shows that relatively few companies, only 6%, say customer records have been compromised, which pales in comparison with those encountering viruses (67%) and worms (49%). But that's assuming companies are aware that breaches have occurred and are honest enough to admit it. The real number may be higher. And businesses need to get on top of the situation. California law requires companies doing business in the state to disclose any security breaches that involve personal information, and similar measures in other states and at the federal level are likely.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 3
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll