First Tuesday: The Worldwide Network for
Innovation and Technology
First Tuesday London
London, UK - 29th February 2000 - First Tuesday London looked at the
dangers of the Net and how to avoid them. Our speaker was DK Matai, founder
of mi2g (www.mi2g.com), a London based firm specialising in bespoke
security architecture, enterprise knowledge management and e-commerce system
engineering in Europe and in the US.
The Internet, DK began, is a "small
child growing quickly" - it took 5 years for the Internet
industry to reach a market capitalisation higher than the automotive industry
in 75 years. And it will continue to grow at light speed – not just because
it's cool, but mostly because it's cheap. Banking transactions that cost 60
pence offline are only a fraction of a pence on the Net.
But just as the use of the Internet in financial services is increasing,
so is the exposure to security risks. mi2g has defined the concept
of eRisk - an electronic attack that disrupts critical systems.
mi2g's internal research shows, DK continued, that CEOs of companies
that utilise the Net are mostly naive about security risks. But they are waking
up. For good reason. In February, Yahoo and other of the Net's most established
sites were taken out of service for three hours, and nobody knows why or by
who. 50 million email accounts of the largest email service provider, Hotmail,
were compromised in August.
So who attacks? Disgruntled employees are the most common group to hack,
followed by people whose motivation is financial gain (as in the case with
CDUniverse, which was blackmailed by a hacker who stole credit-card numbers
on its files). Last comes intellectual satisfaction or political protest (as
in the many minor occurrences during NATO's war on Serbia).
The effects of such attacks are manifold: "denial of service" or downtime
being the most visible manifestations of attack. But the really expensive
worries come in the legal liability that companies may face when such breaches
of security occur. The responsibility of providing adequate security of Internet-based
services is the company's, so the company exposes itself to considerable legal
risk also, if security is not implemented to a high standard.
So managing eRisk, combines four interconnected aspects related to company
operations: Legal, Technical/Software, Human Resources & Insurance. Inevitably,
DK recommends his own services – custom-built security solutions – to solve
the technical part of the problem. But there are no silver bullets for security.
The price of security is eternal vigilance – and keeping the whole of the
problem firmly in view.