[ISN] E-Commerce Causes Security Woes

From: mea culpa (jerichoat_private)
Date: Tue Sep 01 1998 - 18:32:45 PDT

  • Next message: mea culpa: "[ISN] E-Commerce Causes Security Woes"

    Forwarded From: phreak moi <hackereliteat_private>
    
    http://www.news.com/News/Item/0,4,25906,00.html?st.ne.fd.gif.j
    
    E-commerce causes security woes
    By Tim Clark
    Staff Writer, CNET News.com
    September 1, 1998, 4:00 a.m. PT
    
    The spread of e-commerce applications within corporations is increasing
    the risks of losing revenue or vital information to attackers, a new study
    of IT professionals indicates. 
    
    In a survey of nearly 1,600 IT executives from 50 nations, 73 percent
    reported some security breach or corporate espionage in the past 12
    months, according to a survey by PricewaterhouseCoopers and
    InformationWeek. 
    
    But firms conducting business through their Web site or implementing
    electronic supply chains or Enterprise Resource Planning (ERP)
    applications are more likely experience a security breach that affects
    revenues and corporate data. 
    
    "You can control informational Web sites much easier than you can real
    live transactions," said Bruce Murphy, a partner at
    PricewaterhouseCoopers. "[For e-commerce sites,] you have to authenticate
    people, [and] real money is flowing with linkages to core technology
    environments supporting the business. Whole sales and marketing databases
    may be linked to transactions." 
    
    Not only is the data more sensitive, but also linking to back-end
    databases is more complex, potentially creating more entry points for
    attackers. 
    
    Of companies selling products or services on their Web sites, 59 percent
    reported at least one security breach in the past year. That compares to
    52 percent of companies that have Web sites but aren't using them for
    monetary transactions. 
    
    Survey respondents included 322 firms that conduct e-commerce from their
    Web sites and 1,118 that had Web sites but didn't sell from them, said
    Rusty Weston, managing editor of research for InformationWeek magazine,
    which jointly commissioned the survey with PricewaterhouseCoopers. Most
    responding companies have more than 100 employees. 
    
    For e-commerce sites, 22 percent reported loss of information, 12 percent
    experienced theft of data or trade secrets, and 7 percent lost revenues.
    For sites that didn't sell anything, the figures are 13 percent, 4
    percent, and 1 percent, respectively. 
    
    The biggest threats remain internal, the survey found. Respondents said
    authorized employees were believed responsible 58 percent of the time,
    unauthorized employees 24 percent, and former employees 13 percent.
    Hackers or terrorists comprised another 13 percent, while competitors
    accounted for 3 percent. 
    
    Although 56 percent of those surveyed said information security was a high
    priority, only 19 percent have a complete security policy. Just less than
    half (49 percent) admitted they don't know whether weak security caused
    them a monetary loss. 
    
    "The level of effort that people are expending on security continues to be
    underwhelming," Murphy said. "People still think it's going to happen to
    somebody else, not to them. What we found is that people aren't adequately
    up to the challenge.  Across the board, they are not consistently taking
    measures that they need to." 
    
    Often business pressures to get a transactional Web site running
    overshadow security issues. 
    
    "People will spend more to chase revenue than to protect revenue," he
    said. "Security is frequently a casualty of that." 
    
    The survey was conducted in June and July by British research firm Kadence
    UK, which asked survey questions from PricewaterhouseCoopers and
    InformationWeek five languages. The survey's margin of error is between
    3.8 and 8 percent. 
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:02:52 PDT