In this free-flowing digital world, economic espionage and organised crime are a reality, and many criminal groups are turning to hacking for illicit financial gain in a big way.
We allow our computers to make decisions with minimum human intervention, and that’s a recipe for potential disaster. But perhaps the greatest security threat is through mobile devices – like cell phones that are capable of transferring data. New technology is always susceptible, and already there are viruses that attack next generation cell phones.
With so many suppliers, vendors and customers linked together, there are breaches to be exploited. The tools of cybercrime are increasingly sophisticated and available to anyone who can access the Internet.
Many big companies now enlist ‘white hackers’, people who test their vulnerability of their systems, who find the weaknesses and block them.
The head of an FBI center has warned about the menace to e-commerce – and society – pleading for business and government to work together to fight cybercrime. At the World E-Commerce Forum in London, Michael Vatis, director of the US National Infrastructure Protection Center (NIPC), said the threat of crime through the Internet was real and growing.
The NIPC investigates threats to the USA’s infrastructures, including electronic threats, and repels actual attacks – part anticipation, part reaction. It issues warnings when computer viruses are in circulation or likely corporate targets are identified.
Vatis agreed that the online environment provides many new opportunities, but warned that the bad guys can get access to your system from anywhere in the world, and that even governments are at risk of attack.
“If the electrical power company that provides your power is knocked out, you are not going to be able to engage in business. Your security is dependent on all your providers,” said Vatis.
Most young hackers just enjoy showing off, but there can be more serious motivations – and money is now one of them – along with anti-industry feelings, and jealousy of other countries’ achievements. The so-called hacktivists, who send political messages, are another cause of disruption.
Employees are a company’s greatest resource – and threat.
Many electronic attacks on businesses come from disgruntled ex-employees, and if people don’t look after their passwords or download suspect files, then they undermine security.
The huge security breach starts with the tiniest leak. The notorious, world-famous hacker, Kevin Mitnik, often started his attack on companies by coaxing one password from one employee. That’s all it takes.
Terrorists who wish to intimidate a government or business can threaten to reveal sensitive information gained electronically. There is also the possibility of information warfare – attacking a nation and disrupting essential services and industries by manipulating information across computer networks.
Companies are starting to take the message on board, as they realize that the big corporate firewalls that keep out unauthorized users are becoming less effective. When you build an e-business and invite people into your system, your have to smash a hole in the firewall.
Governments needed to work together and put appropriate laws in place to ensure a rapid response to cybercrime, said Vatis.
“We cannot do this alone. If we have an investigation that leads us abroad, we are dependent on our foreign counterparts. We do not want to create safe havens around the world where criminals know they can act with impunity.”
David Rose, who organized the London conference, summed up the escalating problem: “In the 10 years up until last year there were 34,000 hacking incidents. This year alone there have been 50,000.”
In July, the UK Government announced it would be setting up an agency dedicated to fighting cybercrime. The unit will open in April 2001 and will co-ordinate information from Customs & Excise, the National Criminal Intelligence Unit and the National Crime Squad.
British businesses have also set up an early warning system to protect against viruses. Several regional and global security networks now exist, some government-funded, that send out security alerts. The Enterprise Virus Alert Community (Evac), for instance, informs member companies when one of the group gets hit by a computer virus.
After the Melissa virus caused colossal damage worldwide, companies added more sophisticated scanners to the e-mail gateways to head off trouble before it starts, but they are not foolproof.
Virus threats should always be forwarded to security, but not to colleagues, as hoaxes are very disruptive. Employees must learn to develop a sixth sense for things that don’t seem quite right. The best protection is not to open messages that look suspicious, and to make sure that machines always have anti-virus updates.
Due diligence by employees, and good infrastructure are our greatest safeguard.