I Read the News Today, Oh Boy

I-managers say security is their top priority. And for good reason.

I-managers say security is their top priority. And for good reason.

Many companies have yet to hire high-powered expertise to secure their Internet resources. Meanwhile, security problems continue to mount. Just take a look at some recent Interactive Week print and Web site headlines:

"Flaw Detected in Check Point Security." Holes were found in Check Point Software Technologies FireWall-1 — one of the most popular firewalls on the market — that could allow hackers to launch denial-of-service attacks.

"Oracle8i Found to Have Holes." Vulnerabilities were discovered that would allow hackers to mess with the Nets popular database software.

"Managed Security Deals Leave Networks Vulnerable." Some managed security providers, hired to monitor and manage everything from firewalls to detection systems, lack the expertise or personnel to do the job.

"U.S. Sites on Russian Mafia Hit List." This weeks issue reports that 40 e-commerce/financial sites have been identified by the FBI as "Russian Mafia" targets and 1 million credit card numbers have been stolen.

Whats going on? I dont want to get off on a Milleresque rant here, but without some expert help, things are only going to get worse for the business and technology executives overseeing corporate Net initiatives. Not only do I-managers have to put up with the same problems that have haunted them for years — brain-dead users who litter the tops of their notebooks with password-filled Post-It Notes, pimple-faced social misfits out for a little joy ride on the information superhighway and new viruses that attack with a vengeance that makes the bubonic plague of 1347 seem like a mild summer cold — they now have to concern themselves with key software and security products that have enough holes to make a Swiss cheese maker proud, incompetent service firms that render the term "security expert" oxymoronic and, oh yeah, Russian Mafiosos who make The Sopranos Valery seem as docile as the Maytag repairman.

But theres no punch line here. According to a recent FBI/Computer Security Institute survey, 85 percent of respondents — primarily large corporations and federal agencies — have detected breaches in the last year.

Security packages help, but the best tools are only as good as the people managing them. The trick, most experts say, is to get help.

Many firms have started to hire chief security officers — executives charged with battening down the corporate hatches. The position is gaining acceptance, particularly inside large multinationals, but still isnt common.

Another option is to partner with a security intelligence firm. As this weeks cover story points out, this new breed of service provider can find the vulnerabilities and risks that arent usually found. But this is a new offering and, says The Yankee Group, less than 100 firms have signed up.

Granted, salaries for good CSOs range into six figures. And prices for outside services vary, though none comes cheap. But consider the alternative.The FBI/CSI found that 64 percent of the respondents to its survey experienced a financial loss, some in excess of $375 million. And, if the upper echelon needs to be further convinced that the problems are real and growing, just show them some headlines.