- FBI warns Hit Man e-mail scammer back
- 20 tech habits to improve your life
- Industry mourns slain Cisco exec
- 10 Firefox add-ons for better browsing
- Wireless LANs face scaling challenges
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Last in a four-part series, looking at the toughest security issues facing corporate users.
Imagine a natural disaster the likes of Hurricane Katrina or a terrorist attack on a major U.S. city wipes out business operations. In the mad dash to get back online as quickly as possible, security protocols and procedures take a back seat to regaining business continuity. And that's when a second catastrophe occurs: Information systems are vulnerable to attackers, who see an opportunity in the chaos as companies are forced to rely on backup operations (or even pen and paper).
That's just one example of the worst-case security scenarios that emerged during recent discussions with customers and industry experts. Others include targeted cyberattacks in which precious corporate jewels, such as intellectual property, are held for ransom; biometrics and other identity-verifying techniques disrupting essential functions; and the emergence of a new type of denial of service that keeps companies from communicating with their customers and halts the flow of genuine information across the Internet.
A few of these security-disaster scenarios have happened, but the majority are exaggerations of current technology, processes and policies that probably haven't occurred yet but aren't out of the realm of possibility. Such scenarios and how to prepare for them will be a topic at the Security Standard event to be held in Boston next month (see "Security check").
When a natural disaster or terror attack halts business, for instance, security weaknesses emerge because people are distracted by what's happened or by the rush to get business running again.
"When bad stuff happens there's chaos and panic. Everyone has procedures [to follow], but it's not clear that people even know where they are," says Charles Palmer, CTO of security and privacy with IBM Research. "When you're in a hurry to get back online, especially if you're losing lots of money each minute, you're going to do what it takes to get online."
That period of lax security could open a back door to the same attacker or a new one. Or depending on the level of devastation, it could allow someone to walk out the front door with sensitive information.
"I wouldn't necessarily classify natural disasters as security issues, with one caveat - out of chaos bad actors seek to take advantage," says Paul Kurtz, executive director of the Cyber Security Industry Alliance, a public policy and advocacy group based in Arlington, Va. Such behavior happened in New Orleans in the aftermath of Katrina when nonvictims tried to benefit from government relief funding, he says.
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment