Keeping a tight lip

27 Feb 2003

Ironically, at a time when war is looming, the old wartime slogan of ‘loose lips sink ships’ is apt when describing security measures of Irish firms at the dawn of the 21st century.

For your average small to medium-sized business anywhere in the world, the risk goes far beyond loose lips, whereby threats from inside and outside the company are on the rise and are becoming harder to detect. Traditional e-security problems such as the threat of hacker attacks and the proliferation of viruses and worms have taken on an even more sinister visage as the tools, technologies and culprits rise in sophistication.

But it goes much further than that. The growth in new fields of technology such as instant messaging (IM) for collaborative working, remote working using handheld computers or laptops and the growing popularity of wireless, or Wi-Fi, networks means that the perimeter of a company has expanded beyond the physical sense, leaving more opportunities for attack available.

Hacker attacks, virus attacks and the use of technology within and outside firms for malicious purposes are going to cost unprepared and unsuspecting Irish firms dearly. According to a SANS Information Security Breaches survey last year, an average 60pc of firms worldwide have suffered a security breach in the last two years. It is estimated that unchecked viruses could cost businesses €907bn worldwide by the end of this year in terms of lost productivity and fixing and preventing damage.

There is evidence that Irish firms are blissfully ignorant of the dangers cyber crime present, but a growing number is learning the price of ignorance. A recent survey of 1,000 Irish firms by Rits Information Security revealed that 70pc of Irish firms leave their databases open to abuse and misuse, while hacking attempts on Irish firms doubled in the past year to 66pc. It also showed that one in four Irish companies does not scan for viruses on email servers and 42pc of employees disregard company policies in relation to internet use.

Failure to take security incidents or breaches, such as hacker and virus attacks, seriously is costing companies an average of €120,000 per incident. A recent global survey carried out by KPMG revealed that 80pc of firms with a turnover of €55m have experienced such attacks. Over 30pc of the companies surveyed by KPMG have a presence in Ireland.

The major threats on the horizon come primarily from the implementation of wireless networks by 43pc of the surveyed firms. Over a third using these new wireless local area networks does not protect them, leading to a new phenomenon of ‘drive-by hacking’ whereby an individual sitting in his car located near the wireless network could actually access the network.

Another 43pc of firms provide their firms with personal digital assistants, with remote access to key corporate databases, email, documents, address books and servers.

Security has been one of the biggest concerns facing the growing market for Wi-Fi. Nearly all Wi-Fi equipment uses wired equivalent privacy (WEP) to protect the information sent over the networks. But beginning two years ago, hackers have been able to crack WEP and hitch a ride on to WEP networks, prompting fear amongst security-conscious companies. What’s worse again, according to Exodus Communications, an estimated 85pc of installed Wi-Fi networks have their security settings turned off.

The dangers of having open Wi-Fi networks in businesses was highlighted recently when hacker sabotage at global media giant Vivendi Universal led to an embarrassing flop in a shareholder vote on a new stock option plan for company executives. The vote took place using wireless devices. However, when an uncharacteristically high abstention rate of 20pc in the vote was clocked, the company became uneasy and concluded that an intrusion “could have been carried out by a small team armed with a transmitter receiver and detailed knowledge of the procedures and technical protocols of electronic voting”.

Another looming threat that seems to get very little press attention is the problem posed by the growing use of IM. This type of messaging is becoming the tool of choice for promoters of collaborative working over the internet, where teams in the same building or spread across different geographies can work together as a team.

However, before IM becomes the tool of choice, security remains a problem. The instantaneous and widespread use of IM could lead to serious conflicts between IT managers’ need for security and control and users’ demands for convenience and ease of use. In recent months the problem was highlighted when Microsoft issued a critical security update after the discovery of a vulnerability that allows attackers to execute malicious code against MSN Messenger. Similar flaws have been exposed in AOL Time Warner’s and Yahoo’s IM applications.

At the end of the day, it remains for Irish firms to be mindful of the threats posed by longstanding threats such as hacking and virus attacks and be prepared to offset these threats. However, newer technologies such as Wi-Fi and IM are great in theory, but with a growing danger of new threats from drive-by hacking or technological loose ends that even the most experienced IT manager has yet to grasp, the threat is more significant. Old-fashioned vigilance is what’s needed.

By John Kennedy