Martin Courtney
Martin Courtney

Dirty little security secrets

Publicising attacks could help fight hackers, so why do firms remain tight-lipped?

Martin Courtney

This year's Infosecurity conference in London showed that the issue of network security is as important as ever to corporates and IT vendors. It also showed the size and breadth of an industry that has grown faster in the last two or three years than at any other time in its history, thanks to companies' growing fears that they will fall victim to malicious attacks of one kind or another.

In many cases companies'concerns are well founded. The number of viruses, worms, Trojans and forms of denial-of-service (DOS) attack have exploded since the start of the decade.

Advertisement

However, it is difficult to say how many deliberate attempts there have been to hack into commercially sensitive databases in order to gain information, rather than simply to cause destruction, mainly because so few of these incidents are publicised.

One thing is certain, however - more items of malicious code than ever before have hit my inbox or have been reported in the news during the last 12 months. All of them have been created with the specific aim of causing disruption to business systems, and in some cases to reduce firms' profits.

However, the full extent of the damage caused by these attacks is always difficult to gauge with any degree of accuracy. Loose figures, usually in the billion-dollar category, are always bandied about, but in truth it is absolutely impossible to get any real sense of just how many firms lost just how much money from any one attack or spate of attacks over a year.

I always wonder how the financial community begins to compile these figures. A roll of the dice and random multiplier, perhaps?

The logical way to proceed would be to ask firms to volunteer information about the effects of an attack and how much money they reckon it cost them, detailing revenues before, during and after the assault in question. But exactly how much of this information is likely to be forthcoming?

And this of course is the big problem. How many companies are willing to admit that they have been caught with their pants down, that their existing security infrastructure has been compromised and vital information scrambled, lost or obtained by potentially dangerous factions?

Publicising a firm's failings could shake the confidence of its customers and business partners - assuming they have not already noticed something amiss when the company suddenly started to send a deluge of pornographic material to their electronic inboxes.

In days gone by, before the astronomical growth in demand for security products from all sectors of the IT industry, I would often attend product launches and ask the vendor what type of firm actually needed the relatively high level of security that their latest solution offered. They told me that security was a big issue for many companies, and that customers had, behind closed doors, admitted to coming under attack but did not want to go public about it.

Which presumably leaves shows such as Infosecurity full of people who perhaps deny they have a problem, but are looking out for new security tools as a precaution, or maybe for a friend.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Further reading

Vendors feel security heat

IT buyers are putting growing pressure on vendors to improve security

Related whitepapers

Related jobs

Most watched

Views from the Valley, 9 March 2010

Batteries, browsers and recognition for PARC researchers

Samsung talks up 3D TV

The next big thing, but it will take some time

Analysis and Reports

Continuous Availability for Microsoft SharePoint

This paper examines how to create continuous availability for Microsoft SharePoint by implementing high availability and disaster recovery solutions.

Database security: Preventing enterprise data leaks at the source

This report looks at the challenge of information protection and control (IPC) and how enterprises must adopt database security best practices

Poll

International Women’s Day poll

International Women’s Day poll

Have measures to encourage women into the IT profession been successful?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

National Digital Inclusion

Stephen Timms defends 50p landline duty

Labour minister claims investment in next-gen broadband is vital to...

Views from the Valley, 9 March 2010

Batteries, browsers and recognition for PARC researchers

Datacentre

Fasthosts offers customisable virtual servers

Customers can dynamically change CPU, memory and storage as needed

Nokia N900

Nokia smartphones 'failing to keep pace'

Reliance on old chip technology could cost market share, say...

Primary Navigation