Skip to main contentSkip to menu

IT Services Business Solutions and Consulting across UK and Europe

  1. Home >
  2. News >
  3. Our Opinion and Insights >
  4. Customer Magazine >
  5. Information Security
Main contents start here

Information Security

Type ‘warez’ into a search engine and you’ll stumble into a nightmare world of brash, insistent pages offering porn and pirate software – everything from games to expensive business applications, complete with all the codes and reference numbers you need to operate them.

It used to be a cottage industry run by kids. Now it’s big business run by organised, unpleasant people. They employ underworld hackers (known as black hats) to frustrate the law by keeping their merchandise hidden on other people’s computers.

It’s perfectly possible that a black hat has breached your firewall, installed a backdoor (a secret entrance he can pass through at will) and is now using your system to assist organised crime. If you seem constantly to need more disk capacity, check whether you’re storing something more dangerous than loyalty card data. And if you thought your system was secure, think again.

PREPARE TO BE COMPROMISED The Internet is the problem. It has created a world with no secrets, no borders no effective jurisdiction, and we’re all connected to it. It provides huge benefits, but it’s an unlocked sweetshop for intruders. There’s also an enemy within. Your own people have opportunity and a small number may also have motive, especially if they’re disgruntled or short of cash. 78% of UK businesses surveyed by the DTI have experienced at least one malicious security incident and almost half of those happened in the last year. Some cost over £500,000 in lost revenue, lost time and the expense of system restoration.

THE GOVERNMENT UNDER ATTACK In recent months, the British Cabinet office has been getting about 40 hack attacks per day. The government as a whole reports 6,500 a year. In the US, business reported 53,000 successful break-ins and most believe the real number is much higher – the Computer Emergency Response Team in Pittsburgh reckons only 1/3 of incidents get reported, due to negative publicity fears. The only conclusion you can draw is this: if you haven’t yet had a security problem, you’re unusual. And it’s only a matter of time before you do.

WHAT TO DO Act now, and be aware that Information security is a business issue, not just a technological one, so don’t leave it to the IT department. The key is taking the time to understand the problem. If you know where you’re vulnerable, you’ll know what needs protecting and you can decide what level of risk is acceptable. Fujitsu’s Information Security Practice has 20 years experience at the highest level and can provide everything from a vulnerability assessment (where we behave like black hats and attempt to compromise your system) to policies, processes, hardware and software to keep your system safe. To find out more please visit our Security pages.

THE CUCKOO IN ACTION

Phillip Cummings was a Help Desk agent, assisting a US bank’s employees with computer problems. Using his knowledge of their system, he stole over $2.7 million.

20 people with mafia connections created a digital clone of the Bank of Sicily’s online arm. They planned to divert £250 million of EU money for Sicilian projects, laundering it through Switzerland and The Vatican.

A college student posted a fake press release about a quoted stock. A stockbroker posted it to their site. In 15 minutes, the stock dropped from $103 to $15, wiping out $2 billion in market capitalisation.

One online retailer lost 25% of its stockmarket value when black hats struck its customer information system and gained access to 3.7 million credit card numbers.


INFORMATION SECURITY. 10 THINGS YOU SHOULD KNOW RIGHT NOW

  1. It’s a senior management issue. Information security needs senior involvement from the outset. Gartner estimate that half the Global 2000 will have Chief Security Officers on the board by the end of 2004.
  2. Start at the top. Start with a clear security policy that sets the guiding principles for all subsequent work.
  3. Look at the bigger picture. It’s not only systems with external access that need protecting. Protect the ones that will cost you money if compromised or unavailable. Typically, these are workhorse back office applications.
  4. Be legal. Make sure you comply with statutory and legal requirements for the management of information. Develop procedures with legislation in mind.
  5. Take responsibility. Roles and responsibilities should be well defined. Responses to incidents must not be delayed by hierarchy or bureaucracy.
  6. Look beyond your boundaries. Consider weaknesses in your links with partners, suppliers and customers.
  7. Understand your enemy. High profile incidents hit the headlines, but the biggest threat to your business is inside. Make sure your staff follow security procedures.
  8. Know your limits. There is no such thing as zero risk. Treat security as you would an insurance policy – focus resources on risks that warrant the investment.
  9. Keep up to date. Evolve policies in line with prevailing threats. Make sure they’re regularly reviewed and penetration-tested.
  10. Act Now! Your business is already at risk – you just don’t know how much. Contact an expert organisation TODAY!


Top of Page

Related menu starts here

Main menu starts here
End of the page