US attack forces users to re-think security

US attack forces users to re-think security

Businesses are re-evaluating their network security as the threat of cyberterrorism and computer attacks looms in the wake of the deadly New York and Washington strikes.

The National Infrastructure Protection Center this week warned against an increase in DDoS (distributed denial of service) attacks. Also, a government commission said it plans to accelerate its findings on computer warfare for an upcoming terrorism report.

Businesses, meanwhile, are busy kicking the security tires on their own systems and questioning if improvements are warranted.

"I think the recent events have brought up the question 'What are we doing about security?'" said Daniel Creed, director of network security at Goodrich. "It's prompting management to [examine] not just physical security but data security as well."

Creed said Goodrich, an aerospace design company and large military contractor, is considering boosting the coverage of PentaSafe's Virtual Policy Center security policy product within its enterprise to include human resource and legal policies. Intrusion detection protection from PentaSafe Security Technologies, due in December, is also being explored, Creed added.

Some customers are revamping security planning for quick action, hoping to avoid being caught off guard by an assault, said Todd Tucker, director of security architecture at PentaSafe. Prime areas of interest include locking down provisions for physical security, perimeter protection, and redefining policies, added Tucker.

Mike Higgins, president and CEO of Para-Protect, a managed security services firm, said his Fortune 1000 clients are busily shoring up their security at sites in the United States and overseas, "specifically anything that touched or even smelled like something in the Middle East."

He said companies are adding firewall layers to protect systems that may communicate with those in the Middle East and fine-tuning the sensitivity of those firewalls to look for any activity coming from the region.

Higgins predicts companies will begin moving security from risk-management departments to business operations.

"Before, [security] was treated like a fire sprinkler," Higgins said. "It was never seen as something that could disrupt their business."

Prime areas of interest include locking down provisions for physical security, perimeter protection and redefining policies, added Tucker.

The fallout from crippled areas of New York completely isolated from communications and business operations will urge companies to also consider outsourcing and a distributed computing model as a means to safely satisfy risk mitigation, said Bob Stimson, director of IT services for Merill Lynch.

"Everyone got caught off guard. Clearly a centralised database, or data structure, which is convenient for programmers is not going to be acceptable going forward," said Stimson. "People will look at distributed computing, redundant systems and backups, remote dial-ups, and how you get people online when they can't get to office, [and] telecommuting."

Stimson said market confusion surrounding non-systematic risk, or risk that cannot be controlled, has businesses scurrying to look at their own systems to determine what issues are important enough to solve first. He said that in the coming days, customers will keep tabs on vendors who are proven to have enterprises that can withstand power outages and other type of operations failure catastrophes.

"The definition of risk or the things that differentiate your company in the marketplace changed [following the attacks] to secure redundant IT infrastructure. If you don't have it, you're not gong to have a ticket to the game," remarked Stimson.

He said that major IT services vendors strong in vertical outsourcing markets, including IBM Global Services, EDS, and Computer Sciences Corporation (CSC) as well as remote access companies on the software services side such as Citrix, will stand to gain as data is stored further and further away from desktops.

Daily sales at SwapDrive, a company that stores data for companies in secure offsite facilities, have tripled since the terrorist attacks, said Roland Schumannn, COO and co-founder of the company. If a SwapDrive client loses a computer or that computer is damaged, a user can access critical desktop files via a browser.

"You've got machines sitting on desks [in areas surrounding the World Trade Center] and they're not available," he said. "That data is being held hostage."

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


Brand Post

Show Comments