Last in a four-part series, looking at the toughest security issues facing corporate users.

Imagine a natural disaster the likes of Hurricane Katrina or a terrorist attack on a major U.S. city wipes out business operations. In the mad dash to get back online as quickly as possible, security protocols and procedures take a back seat to regaining business continuity. And that's when a second catastrophe occurs: Information systems are vulnerable to attackers, who see an opportunity in the chaos as companies are forced to rely on backup operations (or even pen and paper).

That's just one example of the worst-case security scenarios that emerged during recent discussions with customers and industry experts. Others include targeted cyberattacks in which precious corporate jewels, such as intellectual property, are held for ransom; biometrics and other identity-verifying techniques disrupting essential functions; and the emergence of a new type of denial of service that keeps companies from communicating with their customers and halts the flow of genuine information across the Internet.

A few of these security-disaster scenarios have happened, but the majority are exaggerations of current technology, processes and policies that probably haven't occurred yet but aren't out of the realm of possibility. Such scenarios and how to prepare for them will be a topic at the Security Standard event to be held in Boston next month (see "Security check").

When a natural disaster or terror attack halts business, for instance, security weaknesses emerge because people are distracted by what's happened or by the rush to get business running again.

"When bad stuff happens there's chaos and panic. Everyone has procedures [to follow], but it's not clear that people even know where they are," says Charles Palmer, CTO of security and privacy with IBM Research. "When you're in a hurry to get back online, especially if you're losing lots of money each minute, you're going to do what it takes to get online."

That period of lax security could open a back door to the same attacker or a new one. Or depending on the level of devastation, it could allow someone to walk out the front door with sensitive information.

"I wouldn't necessarily classify natural disasters as security issues, with one caveat - out of chaos bad actors seek to take advantage," says Paul Kurtz, executive director of the Cyber Security Industry Alliance, a public policy and advocacy group based in Arlington, Va. Such behavior happened in New Orleans in the aftermath of Katrina when nonvictims tried to benefit from government relief funding, he says.

Whitepapers

• Advancing the Economics of Networking
• Enterprise Data Center Network Reference Architecture
• Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch Offices
• File Integrity Monitoring: Secure Your Virtual and Physical IT Environments
• Boost Productivity While Cutting Costs with Next-generation Collaboration
• Deploying Virtualized NetWare on Linux Whitepaper

View more SECURITY whitepapers

Webcasts

• PoE Plus: Impact on the PoE Market
• Creating a high performance workplace with wireless networking
• Harnessing the power of communications to increase workplace performance
• Making data centers the IT strategic focus
• Protecting assets and employees with IP Video Surveillance
• Stay out of the headlines: Detecting and preventing network intrusions

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• IP address management in 2008 - six things to know
• The self-managed network

View more SECURITY special reports