Planning for the Osama effect
by Simon Moores, © 2002 ComputerWeekly.com Ltd.
All rights reserved
Business continuity should be a serious concern for the coming year
Thursday, 17th January 2002 - Before 11 September I called it "the
Gabriel principle" but, in the wake of that tragedy, "the Osama effect" has
crept into the vocabulary to illustrate the growing threat to business continuity
presented by a single, random act of violence.
Ironically, the world appears to have become a safer place, for Web servers
at least, since the first aircraft started its fateful descent towards the
centre of New York. Figures compiled by the mi2g Intelligence Unit for 2001
show that there was a marked decrease in the number of Web site defacements
after 11 September.
This may be a consequence of the US Department of Justice linking hacking
to terrorism in its rushed Surveillance and Anti-Terrorism Bill. The UK's
Terrorism Act 2000, which classifies the disruption of critical systems as
terrorism, has also played a part in heightening awareness within the hacking
community that probation and a judicial slap on the wrist, as in the case
of Swansea's Raphael Gray, aka Curador, last summer, may no longer be an option.
2001 was a bad year for Web-site defacement. The number of sites defaced
globally rose from 7,629 in 2000 to 30,388 at the end of last year. In September,
however, the number of defacements fell sharply to 815 - in May there were
3,853 Internet defacements.
As Microsoft rushed to patch the security in Windows XP in the days before
Christmas, it is worth noting that in 2001 63% of all Web site defacements
involved Microsoft's Internet Information Server and 18% were attacks on the
Linux/ Apache combination.
mi2g is correct in claiming that Web site defacements cannot be dismissed
as electronic graffiti. Between 1999 and 2001, attacks on commercial sites
have been rising steadily and in some instances where such defacement has
become public knowledge there have been examples of declining share price,
loss of earnings, damaged reputation and dented customer confidence.
mi2g's chairman DK Matai said, "The number of
electronic attacks was restrained post 11 September as hackers realised the
dangers of being implicated in global terrorism. However, there is little
evidence to show that this menace has gone away - there were 79 overt hacking
attacks in the first 24 hours of 2002."
The sad truth may be that September simply acted as an interruption to a
growing problem which is not going to go away, regardless of new legislation.
The technology remains vulnerable and people represent its greatest weakness.
Studies by the Research Group have revealed that a comprehensive information
assurance policy still remains the exception rather than the rule in most
companies. So perhaps the subject of business continuity should figure prominently
among the new year's resolutions.
Information and people represent businesses' most valuable assets and every
company should have a policy in place to defend against the threat.
Simon Moores is chairman of the Research Group www.zentelligence.com/