http://www.nst.com.my/z//Current_News/BT/Tuesday/Business/20010605014224 By MALCOLM ROSARIO 05 June 2001 STATISTICS from the National ICT Security Emergency Response Centre have indicated that hacking incidences are on the rise in Malaysia, averaging 400 new information and communications technology (ICT) security cases each year. The figures show that among the 70 incidences reported with the Malaysian Computer Emergency Response Team (MyCert) - Abuse Statistics, intrusion attacks topped the list at 39, followed by 21 hack threats. "The security breaches are due to a weak security policy and poor implementation (for example, sharing of passwords, failure to update latest anti-virus programs). "It can also be a result of human error as in placement of security equipment due to lack of enforcement and product understanding," said Biodata Information Technology AG senior vice president, Leonard Oh. Oh told Business Times that technologically obsolete equipment or insufficient security (single layer firewall when double layer is required), and the presence of Key escrows and backdoors (Key escrows capable of deciphering encrypted messages can fall into the wrong hands) also contribute to security threats although they are less likely occurrences. Biodata, a global provider of network, PC and communications technology products, says the rise in computer crime is a direct consequence of increased network traffic and electronic-commerce (e-commerce). "We don't live in a world any more where you can draw lines between the 'good' and 'bad' world. Company employees can download a Trojan while surfing at home and then infiltrate the company network when using the very same laptop PC in the office," Oh said. "Every new application brings a new threat. The market for e-security is growing because companies that use the Internet as a way of distribution realise the need to secure themselves against dangerous security threats," he explained. Biodata, a company that has seen it all when it comes to security breaches, said in most cases, system failures can be traced back to poor policies and insufficient network security. It is therefore advisable to install an intrusion detection system that gives real time alerts, once it recognises an attack signature on the network. "Technology such as Internet, Intranet, Extranet and e-commerce are closely linked to one another. This is why international companies, financial institutions and the Government have to secure their networks and the transfer of data," Oh explained. The protection of networks against inner and outer risks gains importance with the increasing use of e-commerce sales and e-mails," he pointed out. Research firm Datamonitor has indicated that worldwide market for network security will rise from US$5.8 billion (US$1 = RM3.80) in 2000 at a compound annual growth rate (CAGR) of 30 per cent to reach US$21.2 billion in 2005. "Based on this, even if there will never be a 100 per cent security, the present situation where the majority of users and companies have not taken appropriate security measures is irresponsible," Oh said. "It's like driving Formula One racers on the Internet data highways without any brakes and safety precautions," he said. Biodata, a company renowned for its data protection systems, says businesses simply cannot afford to ignore data protection. Today's businesses are drawn to e-commerce to provide better customer service, collaborate with partners/employees via Intranet /Extranet, reduce communication costs, improve internal communication and access valuable information rapidly. But the dark side of e-commerce and global connectivity is that corporate assets are exposed, data confidentiality and integrity come under attack, and there are security concerns with regard to online payments, and accountability of Internet transactions. "Companies have invested heavily in e-commerce infrastructure and hurriedly to get their systems online, but only now do they realised that they have built houses without any doors that can be locked to thieves and criminals," Oh said. ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribeat_private
This archive was generated by hypermail 2b30 : Wed Jun 06 2001 - 05:53:42 PDT