Worming out the viruses
28.02.2003
A Manufacturing Ltd is a hypothetical small engineering firm that supplies turnkey solutions to large computer companies. The firm receives orders from these firms through either electronic data interchange (EDI) or email and orders are anticipated on a just-in-time basis by its customers at any point within 24 hours.
Employing 30 people, the firm doesn't have a dedicated IT manager, instead relying on a local services firm that sends an individual in once a week. Once in a while, a mild virus might get through and a patch is quickly put in place to fix the problem. However, one of the salespeople has a friend who is spending a year in Australia who occasionally sends her some joke attachments with her email. One day, an email from her friend comes in and she opens it. Within a minute the entire company receives the same email and within 10 minutes it has spread to the networks of the firm's vital customers causing thousands of euro worth of damage. Within hours, apologies and warnings have been issued to key clients, many of whom insist that if the legislation was in place, they would happily sue the company.
The above scenario is one that increasingly is becoming a reality for firms. In the past, an email virus or worm attack on an email network would have elicited sympathy and understanding, but today elicits frustration and anger as questions about the measures and methods taken to protect the firm and its customers from virus attacks come under the spotlight.
Legislation recently passed in the US, but yet to be tested in a court case, grants firms the right to sue a company or individual that infects another company because the appropriate security measures had not been taken. Similar legislation is being currently drafted in the UK.
But the real question is, apart from the individuals who create the virus or worm in the first place, are firms who fall victim to a virus attack also to blame? Newer, more intelligent viruses and worms are hitting the scene and even firms that take the utmost care to update their defences are often outwitted.
"There is no such thing as 100pc security," says Fran McGowran, a senior consultant at Deloitte & Touche. "The best you can do is assess the risk and reduce it to an acceptable level." In this case, he says, A Manufacturing should have ensured that it had continuously updated its anti-virus software and had done everything in its power to ensure that its firewall was also impregnable. As well as this, the firm should have had a set of reactive procedures in case of an attack – principally to lock down its systems, disconnect from the internet and warn its customers so they too could prevent damage to their networks and computers.
The lack of preparation and sheer vulnerability of all firms to virus and attacks by worms was highlighted in recent weeks by the SQL Slammer worm, which infected more than 90pc of vulnerable computers within 10 minutes, announcing the dawn of an age of fast-spreading viruses on the net. The worm caused about US$1bn worth of damage and was responsible for shutting down most of Bank of America's ATMs, as well as hitting software giants Siebel and Microsoft.
The general consensus amongst experts is that no matter what protective measures have been taken, no network can be considered secure. And with a worm like Slammer, a small crack in the security surrounding a company can mean days, if not weeks, of cleaning the infection from internal systems.
McGowran believes that the firms at most risk to virus attacks are firms with part-time IT managers, particularly small to medium-sized enterprises (SMEs) such as A Manufacturing who don't have the budget to employ a full-time manager and yet need to stay aware of new anti-virus software, patches and alternative security methods.
He also believes that the arrival of digital subscriber line (DSL) means that firms are even more vulnerable because they are always-on, unlike with dial-up where the onus is on staying online for as short a time as possible in order to cut down on phone costs.
Maurice Harty, an IT security consultant with Sysnet Ltd, believes that the growth in wireless local area networks (WLANs) also poses considerable security problems for SMEs that have limited knowledge, time and financial resources to spend on protection. "Big organisations often have the procedures to combat the worst effects of a virus hitting the system, but smaller firms tend to be slower to be proactive or reactive to an attack. In the UK and the US, legislation is being prepared to make firms liable if a virus gets inside their system and in turn damages another company. In Europe, there is talk of making firms install multiple anti-virus engines to combat attacks," he says.
Harty concludes that whilst it has been proven that prevention may not necessarily work, the best form of defence is vigilance. In A Manufacturing's case, a proactive and responsible attitude to the use of email within its firm as well as a good procedure for dealing with disasters as they happen could have made all the difference between continuing in business or being excluded from the customer's supply chain.
The above scenario is one that increasingly is becoming a reality for firms. In the past, an email virus or worm attack on an email network would have elicited sympathy and understanding, but today elicits frustration and anger as questions about the measures and methods taken to protect the firm and its customers from virus attacks come under the spotlight.
Legislation recently passed in the US, but yet to be tested in a court case, grants firms the right to sue a company or individual that infects another company because the appropriate security measures had not been taken. Similar legislation is being currently drafted in the UK.
But the real question is, apart from the individuals who create the virus or worm in the first place, are firms who fall victim to a virus attack also to blame? Newer, more intelligent viruses and worms are hitting the scene and even firms that take the utmost care to update their defences are often outwitted.
"There is no such thing as 100pc security," says Fran McGowran, a senior consultant at Deloitte & Touche. "The best you can do is assess the risk and reduce it to an acceptable level." In this case, he says, A Manufacturing should have ensured that it had continuously updated its anti-virus software and had done everything in its power to ensure that its firewall was also impregnable. As well as this, the firm should have had a set of reactive procedures in case of an attack – principally to lock down its systems, disconnect from the internet and warn its customers so they too could prevent damage to their networks and computers.
The lack of preparation and sheer vulnerability of all firms to virus and attacks by worms was highlighted in recent weeks by the SQL Slammer worm, which infected more than 90pc of vulnerable computers within 10 minutes, announcing the dawn of an age of fast-spreading viruses on the net. The worm caused about US$1bn worth of damage and was responsible for shutting down most of Bank of America's ATMs, as well as hitting software giants Siebel and Microsoft.
The general consensus amongst experts is that no matter what protective measures have been taken, no network can be considered secure. And with a worm like Slammer, a small crack in the security surrounding a company can mean days, if not weeks, of cleaning the infection from internal systems.
McGowran believes that the firms at most risk to virus attacks are firms with part-time IT managers, particularly small to medium-sized enterprises (SMEs) such as A Manufacturing who don't have the budget to employ a full-time manager and yet need to stay aware of new anti-virus software, patches and alternative security methods.
He also believes that the arrival of digital subscriber line (DSL) means that firms are even more vulnerable because they are always-on, unlike with dial-up where the onus is on staying online for as short a time as possible in order to cut down on phone costs.
Maurice Harty, an IT security consultant with Sysnet Ltd, believes that the growth in wireless local area networks (WLANs) also poses considerable security problems for SMEs that have limited knowledge, time and financial resources to spend on protection. "Big organisations often have the procedures to combat the worst effects of a virus hitting the system, but smaller firms tend to be slower to be proactive or reactive to an attack. In the UK and the US, legislation is being prepared to make firms liable if a virus gets inside their system and in turn damages another company. In Europe, there is talk of making firms install multiple anti-virus engines to combat attacks," he says.
Harty concludes that whilst it has been proven that prevention may not necessarily work, the best form of defence is vigilance. In A Manufacturing's case, a proactive and responsible attitude to the use of email within its firm as well as a good procedure for dealing with disasters as they happen could have made all the difference between continuing in business or being excluded from the customer's supply chain.
Categories:
Tags:
E-security,
worm
