These are exciting times. A major shift is underway in the way the corporate world communicates. The barriers of time and place are being removed, giving way to open communications and the free flow of information and ideas, centering on the Internet. E-mail ids have, for quite some time now, become a necessary part of the business card—even if it has to be from the Hotmail genre of free mail providers.

"The shift is remarkable," says Sandhya Verma, VP operations at Velocient Technologies, "but it has its own set of dangers." Sanjay Dhawan, director, information risk management services, KPMG, agrees. "With the increasing use of IT for business processes and operations," he says, "it is critical for organizations to recognize information as a business asset and implement controls to secure it."

Indeed. Last December, 300,000 credit-card numbers were snatched from online music retailer, CD Universe. In March the same year, the Melissa virus caused an estimated $80 million damage, when it swept around the world, paralyzing e-mail systems. That same month, hackers-for-hire pleaded guilty to breaking into phone giants AT&T, GTE and Sprint, among others, for calling card numbers that eventually made their way to organized crime gangs in Italy. According to the FBI, the phone companies were hit for an estimated $2 million.

And let’s not forget the recent and global Love Bug attack. With the ability to forward messages to everyone in a victim’s e-mail address book, the Love Bug, with mere 20 lines of code, was responsible for an estimated $10 billion damage to businesses, governments, and organizations in just two days. Like many modern "Internet" viruses, it relied more on human psychology than on software ingenuity to replicate and proliferate.

An attack of a different variety—but similar in its notoriety—was launched in February. The distributed denial of service (DDoS) attack that caused shut downs at major Web sites such as Amazon.com, eBay and Yahoo was also simple in concept and apparently simple to execute. In a DDoS attack, hackers flood network routers with an overwhelming amount of traffic to targeted Web sites. Like armies of attacking computers, the blitzkrieg overcomes its targets with a wave of information requests to a site, denying service to anyone else trying to access it. The February attacks effectively shut down several major sites for two to six hours, resulting in loss in sales and ad revenues, and public image as well.

While it seems that most of these attacks were aimed at organizations abroad and the India Inc has some how been spared, Dhawan says that the situation is not much better here. "Though it appears that security breaches in India are very low, it’s not because we have some very effective security controls," he says. "In fact, it is more because most of these breaches are going undetected, or are not being reported at all." This is a dangerous situation, and experts are unanimous: ignorance is never bliss. The ostrich is not a good corporate model.

A networked India Inc

The information security survey of Indian enterprises conducted by KPMG in 1999 reveals that nearly 80% of all Indian organizations operate in a networked file server environment. More than 60% of the respondent organizations were using PCs for their information processing. Only 4% organizations relied on mainframe environments, while 6% used third party facilities for processing data.

Significantly more than 90% of the organizations use private internal networks, with limited use of public networks like the Internet. However, 92% organizations reported the use of external networks connecting organizations to their customers and suppliers.

Page(s)   1  2  3