E-commerce: warding off unwelcome visits

Intrusion detection has emerged as a key concern for network administrators charged with protecting their organisations' data and gen-eral business continuity from the current wave of industrial espionage sweeping the world and expected to escalate during the Sydney OlympicsIn the last few months a number of sites previously thought infallible, such as those belonging to the US and Japanese governments, have been the subject of alarming security breaches.

Last year the UK government was held to ransom by a team of political activists who managed to gain control of a military satellite and proceeded to reposition it.

The latest high-profile incident involved hackers entering the site of Internet giant Yahoo and blocking user access for hours. Less recently, a Russian hacker stole hundreds of credit cardnumbers from online music store CD Universeand threatened to publish them on the Net ifhis demands for money were not met.

These two cases best illustrate the tenuous ground on which even the biggest e-commerce sites are built, emphasising the need for companies involved or looking to move to e-commerce to get better locks, according to Steven Laskowski, Australian managing director for US-basedintrusion detection specialists Internet Security Systems (ISS).

ISS was one of the first companies to notify Yahoo of the recent security breach and has been involved in the early detection of several similar incidents throughout the world.

The company recently bought US online

network "security guard" company Netrix, which will support ISS's bid for the business of small-to-medium companies in Australia in conjunction with its own Real Secure security software.

Real Secure specialises in trawling corporate data for evidence of tampering, made difficult by the fact that many hackers are able to hide their tracks by cleverly deleting system audit logs, Laskowski explained.

"Real Secure is able to detect whether this has occured," he said.

According to figures from IDC, the SME market for network security is expected to realise growth in excess of 50 per cent, driven largely by the move towards e-commerce.

Laskowski believes that these companies are increasingly looking towards managed solutions.

One of the main reasons is the lack of IT staff expert in the security space, the most difficult of all technology professionals to retain, he said, while the skills of hackers and other ill-doers are increasingly challenging the strength of simpler, off-the- shelf security solutions.

A recent Deloitte Touche Tohmatsu study into corporate confidence in e-commerce security around the world has found that while managers are now satisfied with their systems and procedures, computer security staff and company auditors still have their doubts, with Asian companies reporting the lowest levels of preparation.

Titled E-Commerce Security: A global status report, the study was conducted throughout 46 countries by Deloitte and the Information Systems Audit and Control Association (ISACA) to determine the degree to which companies are managing risks associated with their e-commerce activities.

The survey exposed a high degree of complacency amongst Asian organisations regarding the formulation of proper security policies, with only 20 per cent of organisations in the region holding security strategies or procedures, compared with the global average of 35 per cent.

Of all companies surveyed, hackers were perceived as the greatest threat to their e-commerce strategies.

The survey also revealed details of the level of security measures in place, with some 90 per cent of companies using a virus, 85 per cent using firewalls, 60 per cent using intrusion detection and 55 per cent using encryption.

"This report shows that security is and will remain a major issue for companies moving into ecommerce," Kingsley said.

Stage two of Deloitte's security survey, Perspectives on Ecommerce security is expected to be available by March of this year.

"Often our clients have no idea what is going on in their network" Laksowski said, adding that the idea of having a specialist company monitor your network and inform you of intrusions online immediately, is going to be appealing for most smaller companies, he added.

ISS announced this week that it has formed a partnership with systems integrator ComTech to deliver this service in Australia. ComTech's leadership in the network training arena is expected to greatly empower the new alliance to take a hold on the local market.

ISS said that sales of Real Secure have grown by more than 100 per cent in the last 12 months with a further surge in sales expected to coincide with the Sydney Olympics.

"This is what we saw during Atlanta," Laskowski said.