.COMmentary: Corporations–Get a clue
By Mike Lotz
CorporationsGet a clue
By Mike Lotz
Companies are paying more attention to safeguarding their digital assets, but the overall state of corporate data security is still poor, said hackers and security experts attending the CanSecWest conference last month.
The conference, whose speakers include creators of open-source security tools as well as security specialists, has brought together the people who create and break network security for a living. The evaluation of current Internet security is grim.
Awareness is growing, said Lance Spitzner, a security engineer at Sun Microsystems. But so much stuff is being placed on the network that we cant keep up with securing it.
With automated scanners and Internet-aware worms searching for vulnerable machines and increasing in number, the average computer placed on the Internet can be hacked in about eight hours. The hackers are ahead of the security experts, and data is leaking out of networks everywhere.
The need for education is a must. System administrators, management and users have to start realizing how important security is and educate themselves. The major problem is, corporate management generally pushes security onto the back burner.
With attacks on such well-known companies as Microsoft, Egghead and The Associated Press, however, Internet security has moved to the top of the list at many high-tech companies.
The Computer Security Institutes 2001 Computer Crime and Security Survey found that cyber crime tallied up $378 million in losses among 186 companies that were able to quantify their damages in 2001. That average of $20 million per company doubled the average of the 249 businesses that responded in 2000.
Its going to take a couple more serious meltdownsa few more Code Red or Nimda virusesthen people will start taking the problem more seriously.
Part of the problem with those who think computer security isnt a bad issue and a waste of your time dont realize how pitifully unsecure some networks are. Companies are running servers without a firewall; end-user systems have hard drives open to the Internet; they dont run anti-virus software; the administrators save their passwords to insure .PWL files on the shared C: drive. I could go on and on.
Just think of it as your house with the windows and doors open: anybody can walk in, look around and take what they want. You wouldnt want that, and you dont want it with your companys network, either.
If you have any questions or comments, please email at email@example.com.