Business

Inadequate risk management blamed for system hacking

The lack of a coherent strategy for managing the risk involved with using computers is most to blame for their vulnerability …

By JOHN CRADDEN
Sat Oct 28 2000 - 01:00

The lack of a coherent strategy for managing the risk involved with using computers is most to blame for their vulnerability to hacking attacks, according to security experts.

"There are a large number of companies in the UK and Ireland who are still ignoring the security risks," says Mr Aled Miles, vice-president and managing director of Symantec Northern Europe. "They are walking around with their heads in the sand, not facing the fact that they need to manage the policies inside their companies." The attack on Microsoft comes towards the end of a year that has seen a succession of high-profile hacking attacks and virus infections on computer systems throughout the world.

E-mail viruses caused extensive disruption to some of the biggest Internet sites, including Amazon, Yahoo! and Ebay in May. In May, the "Love Bug" virus caused e-mail servers around the globe to grind to a halt.

Closer to home, a 17-year-old youth was arrested by gardai on suspicion of hacking into Eircom's computer system in August, causing disruption to an estimated 30,000 users of its e-mail system.

READ MORE

The Microsoft attack has highlighted issues of security policy management, says Mr Miles.

Mr David Bolger, technology director of Internet security specialists Entropy, says that although most companies draw up policies regarding computer security and then implement security tools and software, it is the failure to actively manage and monitor these policies and tools that makes companies susceptible to attacks.

Simple steps like regularly updating passwords, being careful about outside e-mails that do not appear to be relevant to business, and keeping up-to-date with the latest news on computer security breaches and bugs should form part of the day-to-day management of security policies, he says.

According to Mr Bolger, companies should keep an audit trail of movements within computer systems going back two to three years so that any evidence needed to convict someone charged with causing an attack on the system can be provided.

Mr Paddy Holohan, executive vice-president of marketing with Baltimore Technologies, says companies should plan a security policy at the earliest stage possible and then start to form a framework for that policy before buying actual technology products. Failure to do this would likely result in a "bandaid approach" to Internet security.

Business Today

Business Today

Get the latest business news and commentary from our expert business team in your inbox every weekday morning