Monday, February 28, 2005

The (Security) Hits Just keep on Comin'



Click here for AmazonThe hits just keep on coming. A flaw in the Paymaxx web-based W2 service may have explosed data on thousands of workers. The Bank of America may have lost control of more than a million customer records. And, of course, ChoicePoint permitted about 150,000 customer records to fall into the wrong hands, which will likely lead to a swarm of identity-theft cases.

And these are only the ones we're hearing about. What about the crimes that haven't yet been discovered by the victims, the companies, or the press? The ones that the crooks are still exploiting?

Rest assured, there are lots of them out there.

In each case, these situations could have been prevented. Some, as in the case of Paymaxx, may have been as simple as performing routine vulnerability assessment against a web application prior to rolling it into production.

These issues all boil down to combining processes, people and technology effectively: how are clients vetted before being permitted to tap into the corporate repository? Once they are vetted, is their behavior analyzed to determine whether it meets acceptable criteria?

These well-publicized cases, that translate into tens or hundreds of millions of dollars in market capitalization, point out a key facet of management in today's cyberworld of business: the security function is the cornerstone of today's business. If you try to operate any business, especially one tied to the Internet, without a serious approach to security, then you're driving around in the dark without headlights. Sooner or later, you're going to fly off a cliff or hit a bridge abutment.

Simply put, the CSO or CISO roles are paramount for businesses that link to the Internet. A pragmatic, not insignificant fraction of the IT budget needs to be apportioned to security each and every quarter. And assessments need to part of a regular process: vulnerability assessments, risk analyses, classification issues, process reviews, etc. The security organization needs to be stronger than ever. Because the risks are higher than ever.

Millions in market capitalization... and entire businesses... hang in the balance.

No comments: