Reproduction permitted for personal use only. For reprints and reprint permission, contact

Companies still neglect network security

Madison, Wis. - Cyber threats are becoming more sophisticated and are headed in new directions, but too many companies aren't acting on the threats, a panel of experts said this week.

In a panel discussion on the state of information security during the annual E-Business Best Practices & Emerging Technologies Conference, technology executives continued to emphasize the necessary balance between productivity and security, but said many businesses still aren't serious enough about striking the balance.

Pointing to recent faux pas committed by people on the Hewlett Packard board of directors, panelist Jody Westby, CEO and founder of Global Cyber Risk, said even world-class businesses lack security expertise at the highest levels.

"Companies just don't think about this at the board and CEO level, and they have to," Westby said.

They have to because hackers aren't writing malicious code for kicks, but for fun and profit, amateurs are doing their share of damage with rootkits, and internal sabotage remains the highest security risk.
In addition, cyber criminals already are targeting wireless communications, and the plaintiff's bar is paying more attention to corporate negligence in the area of computer security. If that isn't enough, compliance requirements are likely to speed adoption of security measures and products.

"Businesses think about security threats like they do an Earthquake," said Mudit Tyagi, senior engineer for Nevis Networks, Inc. "They should be thinking about it in terms of an ice storm in Wisconsin. Is it going to happen? Yeah."

Running the gauntlet

Practices such as establishing segregation of duties, identifying what employees can have access to sensitive information, and controlling what can be copied onto a USB flash drive should be spelled out and enforced. Sophisticated access and user-management controls go a long way to preventing internal threats, but building security into different pieces of the hardware and software is the new thinking with regard to external threats.

Available tools are mature enough, and they are constantly evolving. Self-healing memories, an increasing reliance on biometrics, and an emerging national defense posture that will treat cyber defense with the same seriousness as land, air, and sea defenses are likely to emerge over the next decade, Westby said.

Since it's a matter of time before really good hackers gain access to a system, Tyagi said the counter measures of the future are likely to include having employees log into each application.

Jeffrey Sippel, director of hotel technology for Orbitz Worldwide, said security is being driven into the applications, themselves, which will require businesses and third-party vendors to collaborate on data transfer and related issues.

The challenge will be maintaining operational simplicity while building security into each network product.

Cordell Crane, strategic security advisor for Microsoft Corp., said in their attempts to develop a more secure network "ecosystem," businesses should make compliance a value-added process.

Richard Thieme, principal of ThiemeWorks, said staying abreast of security threats will require constant attention. Ten years from now, there likely will be threats that now are unforeseen.

"Sometimes," Thieme said, "we can't see the asteroid coming."

Related stories

Darrell Pruitt: Careful with that electronic health record, Mr. Leavitt

Safe Internet requires total network security, prof. says

Ron Kral: The Big Picture of SOX 404

Are businesses getting what they need from IT?

Joseph Campana: Identity theft: The business time bomb


vpn responded 6 years ago: #1

If you love blogging then I am sure you heard about proxy . There are many companies offering you some protection service for your data in the online world. Make sure that you choose the trustable company for it so you can safe your data

-Add Your Comment


Comment Policy: WTN News accepts comments that are on-topic and do not contain advertisements, profanity or personal attacks. Comments represent the views of the individuals who post them and do not necessarily represent the views of WTN Media or our partners, advertisers, or sources. Comments are moderated and are not immediately posted. Your email address will not be posted.

WTN Media cannot accept liability for the content of comments posted here or verify their accuracy. If you believe this comment section is being abused, contact

WTN Media Presents