Internet Trust and Security

Joe Farrar

4^th Position Paper

In the coming years, all companies conducting business via the internet will face security issues in one form or another. Security flaws and efforts on the part of hackers to gain access to sensitive data abound. Such attacks are increasing and continue to pose a serious threat to the integrity of sensitive personal and proprietary information held by unfortunate victims.

Attacks can come from a disgruntled employee inside an organization seeking to steal information from a company’s intranet or from outside an organization by hackers seeking to exploit any possible weakness a system has. As the volume of these attacks increase and the material stolen becomes more sensitive, businesses will be forced to pay a premium to ensure that their systems are secure. These threats will continue to produce sensational headlines each time a system is breached and its contents are opened up to unscrupulous individuals. If businesses cannot keep pace with the volume and variety of threats to their systems, they could stand to lose market share to scared consumers unwilling to risk doing business with a business that cannot protect their privacy.

The issue of internet security and trust also has some staggering dollar amounts attached to it. In a study conducted by the Ponemon Institute in 2005, companies lost an average of $14 million per breach when customer data losses happened. In some higher profile cases where significant data was compromised, the cost was as much as $50 million per incident because businesses opted to offer free credit reporting services to those affected by the breach. This figure does not even include the cost of denial of service attacks or factor in the cost of the disruption of business processes of internet-based businesses. In a study published in 2004, the Aberdeen Group found that the cost of disruptions to internet-based business is about $2 million per incident. These figures serve to illustrate the importance that these types of threats pose to a businesses’ bottom- line.

There are ways to prevent or minimize these types of attacks from being perpetrated. The hard truth is that the use of diligence by those involved in the handling of sensitive data could have prevented hackers from gaining access to private data. The watchful eye of security personnel and system administrators makes it much harder for such breaches to happen.

A sound security policy combined with compliance training for every employee should be a mandate that all businesses follow in the coming century. However, the truth is that employees and businesses alike choose to believe that their data won’t fall victim to the prying eyes of criminals. The naïve and misguided belief that one’s system is entirely secure will ultimately wind up costing companies and consumers billions of dollars.

In summation, risks associated with doing business online will continue to evolve in step with the technology that supports online commerce. Sensitive data about consumers and corporate proprietary information will always be a tempting target for criminals who understand how to circumvent security protocols in this age of interconnectivity. The security of information needs to be a top down mandate within corporations doing business over the internet. Aggressive and proactive measures must be implemented before an attack happens and contingency plans must be in place for quick and competent reactions not if, but when, attacks happen.