Planning for the Osama effect

by Simon Moores, © 2002 ComputerWeekly.com Ltd. All rights reserved

Business continuity should be a serious concern for the coming year

Thursday, 17th January 2002 - Before 11 September I called it "the Gabriel principle" but, in the wake of that tragedy, "the Osama effect" has crept into the vocabulary to illustrate the growing threat to business continuity presented by a single, random act of violence.

Ironically, the world appears to have become a safer place, for Web servers at least, since the first aircraft started its fateful descent towards the centre of New York. Figures compiled by the mi2g Intelligence Unit for 2001 show that there was a marked decrease in the number of Web site defacements after 11 September.

This may be a consequence of the US Department of Justice linking hacking to terrorism in its rushed Surveillance and Anti-Terrorism Bill. The UK's Terrorism Act 2000, which classifies the disruption of critical systems as terrorism, has also played a part in heightening awareness within the hacking community that probation and a judicial slap on the wrist, as in the case of Swansea's Raphael Gray, aka Curador, last summer, may no longer be an option.

2001 was a bad year for Web-site defacement. The number of sites defaced globally rose from 7,629 in 2000 to 30,388 at the end of last year. In September, however, the number of defacements fell sharply to 815 - in May there were 3,853 Internet defacements.

As Microsoft rushed to patch the security in Windows XP in the days before Christmas, it is worth noting that in 2001 63% of all Web site defacements involved Microsoft's Internet Information Server and 18% were attacks on the Linux/ Apache combination.

mi2g is correct in claiming that Web site defacements cannot be dismissed as electronic graffiti. Between 1999 and 2001, attacks on commercial sites have been rising steadily and in some instances where such defacement has become public knowledge there have been examples of declining share price, loss of earnings, damaged reputation and dented customer confidence.

mi2g's chairman DK Matai said, "The number of electronic attacks was restrained post 11 September as hackers realised the dangers of being implicated in global terrorism. However, there is little evidence to show that this menace has gone away - there were 79 overt hacking attacks in the first 24 hours of 2002."

The sad truth may be that September simply acted as an interruption to a growing problem which is not going to go away, regardless of new legislation. The technology remains vulnerable and people represent its greatest weakness.

Studies by the Research Group have revealed that a comprehensive information assurance policy still remains the exception rather than the rule in most companies. So perhaps the subject of business continuity should figure prominently among the new year's resolutions.

Information and people represent businesses' most valuable assets and every company should have a policy in place to defend against the threat.

Simon Moores is chairman of the Research Group www.zentelligence.com/

Renowned worldwide for the ATCA Briefings. Subscribe now.
Home - Profile - Values - People - Careers - Partners - Contact Us
D2 Banking - Bespoke Security Architecture - Digital Risk Management - Tools

Intelligence Briefings - Brochures - Case Studies -
SIPS Methodology FAQ (pdf)
Keynote Speeches - Articles - News Feeds - Glossary (pdf)
Terms and Conditions - Privacy Policy