|
||
Research and retrieval of news articles by: SPECIAL NOTE TO ALL VISITORS: |
HIGH-PROFILE COMPUTER BREACHES DRAW ATTENTION TO SECURITYSource: Des Moines Business RecordPosted on May 3, 2006 In December, when an intruder breached the security of two Iowa State University computers containing encrypted credit card numbers of athletics department donors and Social Security numbers of more than 3,000 university employees, it prompted a swift investigation and immediate notification of those whose personal data may have been obtained, and caused many worries along the way. An investigation determined that the intruder hacked into the computers not to steal personal information but to store and distribute pirated movies or music. Nevertheless, the incident prompted efforts over the past four months to tighten security around sensitive information and a greater awareness among students, faculty and non-information technology staff that the threat of an attack exists and it is up to the entire university community to prevent another incident. "Until something happens, people don't always believe that it can happen," said Maury Hope, associate chief information officer in Information Technology Services at Iowa State. Incidents such as the one at Iowa State have created greater awareness nationwide of the widespread threat of computer security breaches. According to a recent FBI survey of more than 2,000 businesses in Iowa, Nebraska, New York and Texas, nearly nine out of 10 suffered from a computer virus, spyware or other online attack in 2004 or 2005. Though most companies use security software, computer hacking techniques are also far ahead of what they were 18 months ago, according to Loras Even, managing director of RSM McGladrey Inc.'s Integrated Technology Solutions. "If you block them, they're going to try to find a way to bypass it," he said. Federal legislation such as the Gramm-Leach-Bliley and Sarbanes-Oxley acts, as well as mandatory reporting legislation in several states, has brought more attention to the issues surrounding security and provided those in the security industry with more leverage in approaching and addressing these issues in the corporate sector, according to Kip Peters, enterprise information protection vice president for FBL Financial Group Inc. He now considers computer security an essential part of doing business. "It's raised the level of consciousness in the everyday person, and hopefully they're starting to ask questions when these things happen," he said. A computer security breach presents any organization with serious consequences, Even said. Customers and other outsiders may begin to question how safe and secure the organization and its information-protection systems may be. Businesses often face significant expenses in correcting the damage. According to the FBI study, the reported attacks inflicted an average of $24,000 in damages. Businesses may also face regulatory issues in correcting the problem. Many companies have addressed computer security by taking an "outside-in" approach Ð first building up a secure perimeter before turning to insider security threats, which accounted for 44 percent of the attacks documented in the FBI study. But changes in the corporate culture, such as an increase in telecommuters, make it nearly impossible to function with a heavily armored perimeter. "The perimeter is less defined, so now we're starting to look at what's going on inside (the company) a little different than in the past," Peters said. The best response, he said, is to use multiple layers of security to protect those lines of communications as much as possible without impairing communication. Even stresses the importance of educating people at all levels of an organization about computer security threats, and advises employees at all levels to be alert to suspicious e-mails or phone calls. All organizations should have some sort of incident response procedures, he added "As much as you train people and as many technology-based security measures you have in place, eventually an incident of some sort is going to occur, and it's better to have a planned response," Even said. But Hope and Peters say one of the greatest threats to corporate computer security today is the home computer. Most individuals today have broadband Internet access, which leaves home computers far more vulnerable to hackers. It becomes particularly worrisome for security specialists when people take their work home for the night or weekend, either on a laptop, disk or CD or by sending it via e-mail, sometimes leaving protected information, such as private client data, vulnerable to hackers. "You put that on a home computer and that, to me, is one of the things I really worry about because we have no control over it," Peters said.
E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes. |
ALERT WebTrust Is Your Best Defense Against Privacy Breaches. Get WebTrust Working For Your Site. |