Internet Security Industry News
IT network insecurity draws hackers & lawsuits
August 11, 2003
When weighing the risks of not properly securing your firm's computer system, you probably think of hackers damaging files and viruses running rampant, not to mention the downtime involved.
Here's one more worry: the risk of someone suing you should a hacker break into your system. While they have yet to appear, the advent of such lawsuits is no veiled threat; it's a promise.
Computer security is something that too many companies just don't take seriously, but while you risk damage to your own systems in the event that you're hacked, your carelessness also risks my system.
The problem is that when you don't take commercially reasonable steps to properly secure your system, such as using firewall and antivirus software, you're likelier to act as an unwitting conduit and facilitator for things like viruses, Trojan horses and the denial of service attacks.
While the virus writer and original distributor may be a 16-year-old in the Ukraine and not an attractive target for a lawsuit, you may just be sitting there, looking every bit like a deep pocket waiting to get picked because of your own stupidity.
Moreover, stupidity -- or, more eloquently, negligence -- is actionable. Think that's unfair because the Ukranian kid is the ultimate culprit? I disagree. Often, the law has to allocate loss as between two innocent parties. It makes for tough policymaking, but it's done all the time. In Florida, leave a gun accessible to a child and you may find yourself criminally responsible for the harm that child causes. Or say you don't properly secure your parking lot and I'm the third robbery victim there in a year. You just may find that the law holds you responsible.
As a matter of fact, the hypothetical scenarios are endless. And what they have in common is that the law holds you responsible for the actions of others. Given a choice between the two innocent parties in that parking lot -- me, the victim, and you, the property owner -- the law will sometimes choose to shift the loss to the more negligent ''innocent'' party. Your computer system is no different, in that your negligent failure to properly secure it can open the door to something or someone that could cause me harm.
Yet a look at the statistics seems to show that security for a company's own sake isn't a good enough motivator to implement excellent security. According to the FBI's 2003 Computer Crime and Security Survey, overall financial losses reported by 530 survey respondents totaled over $200 million. Theft of proprietary information caused the greatest financial loss. The total: over $70 million for all respondents, with an average reported loss pegged at $2.7 million.
Virus incidents (82 percent) and insider abuse (80 percent) were the most cited forms of attack. Most respondents (78 percent) cited their Internet connection as a frequent point of attack. With all these attacks, only 30 percent reported the incidents to law enforcement and only 21 percent to legal counsel. We're starting to see Congress lobbied to get protections from liability lawsuits and exemptions under antitrust laws so that companies can share information about attacks among competitors. While I agree that such information sharing is important, I don't consider protection from liability lawsuits a good thing.
Why should a company that chooses not to have a firewall or antivirus software be protected when its system is hijacked and causes harm to others? An innocent party is going to ultimately take the loss, and I think the negligent one should. But, you may ask, shouldn't others also be held responsible? I agree that Microsoft, Sun and other hardware and software manufacturers should start bearing some of the responsibility for flawed products rushed to market.
Microsoft products, in particular, are legendary for their poor security. From its e-mail products to its word processors to its operating systems, Microsoft has historically rendered security an afterthought. Only now is that beginning to change. The law should begin to see computer products as it sees other products.
Were Ford to deliver cars prone to igniting after rear-end collisions, the law would have no problem saying who should pay. Similarly, I don't understand why Microsoft shouldn't have to pay if the security built into its products is deemed negligent. A threat of liability to firms that don't secure their systems and to software companies that build and market flawed products may be the impetus it takes to start getting a handle on this problem.
Source: Silicon Valley.com
Click here to order your Proxy Sentinel™ Internet security server today!
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing