State of the hack

[William Knowles <wk () C4I ORG>]

http://www.upside.com/Ebiz/39bd676a0.html

September 23, 2000 12:00 AM PT
by Suzanne Northington

> From the October 2000 issue of UPSIDE magazine

A hack attack is big news these days, especially when the target is
America Online (AOL), Microsoft (MSFT), Nike (NKE), NASA or Yahoo
(YHOO). The idea that some teenage techno-geek in horn-rimmed glasses
can bring down a corporate giant is a great modern myth -- a David and
Goliath story.

But whether the threat to corporate America is as serious as these
well-publicized attacks would suggest is questionable. Sure, there are
more hack attacks than ever before in absolute numbers. But there is
also a vastly larger number of websites out there.

Says John Pescatore, director of network security at GartnerGroup
(IT), "The rate of hacking incidents went up by a factor of 4, but the
rate of new domains increased by a factor of 10."

Yet the drive to "Webify" virtually every business process has put
information at risk. The exposure of financial, resource planning,
competitive, employee and customer data is a huge vulnerability, which
is instilling a Y2K-styled fear in corporate America.

In fact, according to Para-Protect's CEO, Mike Higgins, Y2K was the
event that awoke businesses to the vulnerability of their information
assets. "We've seen a dramatic increase in the security posture of
corporations since Y2K," he says.

Corporations clearly feel more vulnerable than ever. "With so much
business information connected to the Internet now, the potential
damage from a successful hack is much higher than before," Pescatore
says.

Para-Protect flaunts a heavy military marketing image, using "SWAT
team" metaphors to intensify the fears associated with information
risk. Based in the CIA capital of the world, Alexandria, Va., the
company is frank about its close ties with the security and
intelligence establishment.

"We have a pretty dynamic relationship with them. We share information
with them about new vulnerabilities, new techniques and new threats,"
Higgins says.

He acknowledges that corporations should not exaggerate the risk of
hacking, given its low probability. But he believes that investments
in data security are as reasonable as investing in locks for your
doors. "We equate it with a corporation's normal protective measures,"
he says.

Suzanne Northington is a freelance writer.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".