Top Enterprise e-Security Threats For 2003
Every business faces various security threats. The majority
of these threats fall into two categories: physical and electronic.
Each of these categories are presented on two fronts: external and
internal. This requires at least four different approaches to
securing our enterprises.
Physical Security Threats
These threats exist when someone can gain physical access to
information. This includes people breaking into a business or an
office, people "snooping" at information left on desk tops, and
"dumpster diving" (this is where someone goes through trash to get
sensitive information). Amazingly, many businesses do not have
adequate amounts of physical security.
Electronic Security Threats
These threats are more difficult to manage than the physical threats.
Any equipment plugged into a network is vulnerable to electronic
threats. These days almost all equipment is plugged into networks.
What Kind of Damage Can Be Caused?
The damage caused varies from inconvenience to monetary damage to jail
time. The general categories of damage are:
- Business Image Damage
- Criminal and Civil Court Actions
- Business Interruption
- Infrastructure Damage
Businesses have closed their doors, been heavily fined, and have lost
customer credibility due to security breaches. Ziff Davis was ordered
to pay their customers $500 each when their security problems caused
personal data to be exposed on the Internet.
The Top Enterprise e-Security Threats for 2003
- Protecting Intellectual Property. Annual losses to
U.S. businesses due to the loss of trade secrets may be as high as $1
- Instant Messaging. Many of these systems were poorly designed
from a security standpoint, and each open networks to numerous attacks and
- P2P File Sharing. We've covered the myriad
of problems with Peer-to-Peer technology. The bottom line is don't
use it, don't allow employees to use it, and make sure it isn't in use
on your networks.
- Improper Firewall and Intrusion Detection. This includes the
choice, configuration, installation, ongoing monitoring, and continual
upgrades and reconfiguration of these systems. These systems are a
long way from being easy to use.
- Wireless LAN inSecurity. Thousands of people make it a hobby to
break into wireless LANs. The ease at which its done should make any
business think twice before installing a wireless LAN.
- Identity Management. From "dumpster diving" to seemingly innocent
phone calls, identify theft is growing in leaps and bounds. MSNBC
reports that banks have lost at least $1 billion in 2002 due to
identity theft. 10,000 people had a total of $300 Million in home
loans taken out in their names in 2002 -- but not by them.
- Server Security. With the rash of world-wide Microsoft server
security compromises, server security has become a major issue. Keep
a close eye on anything connected to a wire, particularly when it is
intended for outside use.
What To Do
For most businesses, it means that the CEO needs to take a direct
interest in security. Larger businesses should have a Chief Security
Officer who reports directly to the CEO. In almost all cases a
party should be brought in to examine the systems and help with