CYBER-ATTACKS, Trends in US Corporations: How are they Affecting Cyberattacks?
 










 

The Business Forum

"It is impossible for ideas to compete in the marketplace if no forum for
  their presentation is provided or available." �        �Thomas Mann, 1896


CYBER-ATTACKS!
Trends in US Corporations

Author: Alison Jacknowitz
Contributed by RAND Corporation

 

 

American companies have been frequent targets of cyber-attacks during the past years and the frequency of these attacks is increasing. A survey by the Computer Security Institute and the FBI found that 62% of respondents reported a breach in 1998, up from 42 percent in 1996. Cyber-attacks range from defacing a website to stealing valuable information; however, they can cost corporations a significant amount of money in goods, reputation, and time. Although the nature and severity of attacks can differ dramatically, cyber-attacks significantly affect corporations. A DataPro Information Services study estimated that the average hacker attack costs companies $500,000 per event.

Because the incidence of cyber-attacks has increased and the consequences of the attacks are significant, it is important to examine the trends that could influence the frequency of cyber-attacks now and in the future. This paper will identify and discuss two distinct categories of trends that are potentially influencing cyber-attacks against American corporations: workplace and technology in the workplace. The results of the analysis are outlined below.

Workplace Trends

  • Nontraditional work arrangements � An increase in nontraditional work arrangements such as telecommuting, flex-time, temporary employees, and outsourcing increases cyber-attack vulnerabilities from difficult-to-monitor disgruntled or disloyal workers as well as increased network vulnerabilities from telecommuters.

  • Qualified IT staff � Twenty percent of hackers can attack computer systems because of system misconfiguration. The current and future shortage of IT workers contributes to the corporate vulnerability.

  • Information technology budgets � Information technology budgets average 2.9 percent of revenues for North American firms.  These budgets both increase and decrease corporations� vulnerability to cyber-attacks.

  • Customer demands � Customers are pushing corporations onto the Internet, therefore increasing the personal and credit card information available.

Technology in the Workplace Trends

  • Increase in high-speed Internet lines � The increased capacity of Internet lines will increase opportunities for hackers to eavesdrop, probe, impersonate, perform denial of service attacks, and propagate viruses.

  • Software trends � The monoculture of Microsoft, with 95 percent of the market share for Intel-compatible PC operating systems, contributes to the vulnerability of corporations from viruses such as the Melissa virus.

  • Increasing sophistication of computer programs � The increasing complex and interrelated nature of computer software increases the vulnerability of PC users from covert attacks.

  • Internet and e-mail trends � E-mail communication and attachment use is exploding, making the world more interconnected and more vulnerable to e-mail based viruses.

Changing business approaches to cyber-attacks � Businesses are adapting to cyber-attacks, utilizing both traditional means (increased risk assessment and training) and nontraditional means (hiring hackers to probe corporate security). 

The trend analysis finds that the trends in the workplace and the technology in the workplace suggest that the frequency of cyber-attacks will continue to increase for the next years. An increase in cyber-attacks, especially if unchecked, can have serious implications for both American businesses as well as individuals; therefore American corporations need to invest in cyber-security. Some cyber-security measures might include more restrictive hiring and work arrangements and increasing monitoring of flexible work hours and telecommuting. Firms could also increase computer security training for both information technology workers and other staff. In addition, corporate monitoring and background investigations could become more common. Finally, investments in information security technology and encryption are other possible measures to improve information security. 

Introduction

Motivation

United States (U.S.) companies are a frequent target of cyber-attacks during the past years and the frequency of these attacks is increasing. In 1999, CERT states that 8,268 incidents were reported. These incidents were reported with greater frequency than in the past. For example, in 1998, only 3,734 incidents were reported. Therefore, the number of reported incidents doubled in just one year�s time. (CERT, 1999)  A survey by the Computer Security Institute and the FBI found that 62 percent of respondents reported a breach in 1998, up from 42 percent in 1996. (Lowry, 1999) Furthermore, many corporations chose not to report attacks to protect their reputations. Two recent examples of publicized attacks against companies in which valuable information was compromised include Pacific Bell Internet services and Microsoft�s free e-mail service, Hotmail. In the case of Pacific Bell Internet services, a member of the hacker group Global Hell used his Linux system to compromise 26 companies, including a number of Internet service providers (ISPs), including Pacific Bell. To respond to this cyber-attack, Bell asked all of its users to change their passwords. (McClure, 1999) In the case of Hotmail, in August 1999, a group called �Hackers Unite,� created a security hole that gave users with a special password access to 40 million e-mail accounts. (Kornblum, 1999)  As this paper was being drafted, popular Internet-based companies such as eBay, Yahoo, and Amazon.com were attacked. (Schwartz, 2000)

Differing definitions of a cyber-attack exist and the literature reflects this. A paper by Howard and Longstaff defines an attack as an �event that occurs on a computer or network that is intended to result in something that is not authorized to happen.� (1998)  Hundley and Anderson note that attacks can affect data, processing & programs, and the network environment. (1996) As the preceding description indicates, cyber-attacks rangefrom defacing a website to stealing valuable information; however, they can cost corporations a significant amount of money in goods, reputation, and time. These attacks can be active, passive, performed by an insider or an outsider. For the purposes of this paper, cyber-attacks will be defined as any act that breaches the cyber-security of an organization whether intentional or unintentional, performed by an insider or an outsider.

Although the nature and severity of attacks can differ dramatically, cyber-attacks significantly affect corporations. Cyber-attacks can have serious repercussions to companies in terms of dollars, reputation, or goods. Cyber-attacks can cost companies millions of dollars in goods and propriety information as well as a substantial amount of money caused by loss of reputation. For example, a survey by Ernst & Young and Information Week indicates that more than half of its respondents reported financial losses from cyber-attacks. Further, each breakdown exceeded $100,000 and approximately 17 respondents suffered losses of more than $1 million as a result of a single security breach. (Alexander, 1995). More recent statistics suggest that fighting viruses cost businesses worldwide $7.6 billion in the first year of 1999. (Futurework, 1999) In addition, a DataPro Information Services study estimated that the average hacker attack costs companies $500,000. (Lowry, 1999) In the case where corporate or customer information is stolen or destroyed, the company suffers both the loss of the good as well as the loss of reputation.

Because the incidence of cyber-attacks has increased and the consequences of the attacks are significant, it is important to examine the trends that could influence the frequency of cyber-attacks now and in the future. The rise of cyber-attacks has not occurred in a vacuum. Cyber-attacks are, in part, a reflection of the world. Therefore, understanding the evolving, and in some cases, rapidly changing world of technology and business assists us in understanding cyber-attacks. A multitude of potential factors may affect the frequency of cyber-attacks. Identifying relevant factors and the potential trends of the selected factors will allow businesses and policy-makers to make more informed decisions about current and future policies regarding cyber-attacks. 

This paper will identify and discuss two distinct categories of trends that are potentially influencing cyber-attacks against United States corporations: workplace and technology in the workplace. It can be argued that corporations, individually or in aggregate, demonstrate some control over both of these factors.   In addition, many attacks occur from within by �insiders.� (Bassham, 1994)  Statistics indicate that 70 to 80 percent of cyber-attacks or breaches of security are either performed or occur on the inside. (Alexander, 1995) Another statistic from a computer security expert estimates the percentage of attacks undertaken by insiders at over 65 percent (Lowry, 1999). Consequently, this paper lists general trends for corporations to consider. Some trends may apply to all corporations and some to select firms. Finally, these trends could influence cyber-attacks in a positive or negative way. Therefore, the paper will predict the direction of each trend the incidence of cyber-attacks. 

Methodology

This paper examines two categories of trends over time and attempts to predict each factor�s influence on the frequency of cyber-attacks. The analysis will use �trend analysis� to explore the factors that may affect cyber-attacks in U.S. corporations. This qualitative, analytical approach is useful in that the myriad of potential factors that could affect information security are organized and briefly addressed. Therefore, the approach provides a useful method to organize the many influences on the future of cyber-attacks. The analysis focuses on general trends and issues surrounding the workplace; individual corporations and firms may also possess other characteristics or factors that are particularly relevant for their case. In addition, the technique will not allow quantitative assessments of the change in the number of cyber-attacks. Nor will the analysis explore every trend or assess the relative importance of the trends. Future work could rank the importance of the trends.

There are three main steps utilized to determine which trends will affect the frequency of cyber-attacks. First, the literature regarding cyber-attacks, workplace trends, and technology in the workplace was reviewed and several dominant themes during the past years were selected. Once the relevant trends were chosen, these factors were researched more in-depth. Finally the paper predicts the factors� relation to cyber-attacks based on the literature. A matrix summarizes the trends and predicted direction of their influence on the incidence of cyber-attacks.

Trend Analysis

Workplace Trends

Workplace trends play an important role in determining the frequency of cyber-attacks on U.S. corporations. The trend analysis will explore the following trends:

  • Nontraditional work arrangements

  • Qualified staff

  • Information technology budgets

  • Customer demands

Each of these factors will be explored in turn.

Nontraditional Work Arrangements 

Many of the workplace trends revolve around an increasing use of nontraditional or �alternative� employees. Nontraditional employment can be defined as work in which the structure of hours and location differs from traditional employment. Nontraditional employees include independent contractors, employees of contract firms, temporary employees, and on-call workers. Some literature also defines those employees who take advantage of flex-time and telecommuting options as nontraditional employees. In December 1999, an estimated 12.2 million workers with non-traditional work arrangements (excluding flex-time and telecommuting) worked in the United States. These 12.2 million workers included 8.2 million independent contractors, 2.0 million on-call workers, 1.2 million temporary agency workers and 769,000 employees provided by contracting firms. (Bureau of Labor Statistics, 1999) Within the information technology sector, in 1995, 76,000 computer system analysts and engineers were temporary employees or contract workers. This number grew to 107,000 in 1997, a 41 percent increase. (Cole-Gomolski, 1998) This section will provide detailed information on these nontraditional labor groups and how they may affect the incidence of cyber-attacks on the companies that utilize their services.

Flexible work schedules.   During the past years, U.S. corporations have offered their employees the opportunity to work flexible work schedules and employees have eagerly taken advantage of the opportunity. Two of these options include: flex-time and telecommuting. A 1998 Business-Work Life Study of large corporations indicated that 55 percent permitted employees to work at home occasionally and 33 percent allowed them to work at home or off-site on a regular basis. The number of employees taking advantage of telecommuting policies is also large. According to the Employment Policy Foundation (EPF), more than 21 million people telecommute to work and this number is expected to rise to 51 million by 2030. (Kundu, 1999) A 1998 survey by Hewitt Associates indicated that 35 percent of corporations with flexible work arrangements were offering telecommuting as an option. The number varies depending upon the definition of telecommuting, but the overall theme is telecommuting is a growing phenomena. 

Although these policies tend to increase the productivity and satisfaction of employees (Kundu, 1999), these labor policies can place employers at risk for cyber-attacks. The policy of flex-time can increase the risk of cyber-attacks because employees work nontraditional hours. These hours may give dishonest or disgruntled employees a better opportunity to steal, modify, or view secure information. The policy of telecommuting can also compromise cyber-security because it offers hackers another way into a company�s system. In addition, it is likely that network connections from home are not a secure as those from work. 

Temporary employees/ Contract workers/Outsourcing.  The rise of temporary employees is another trend in the workplace. Growth in the temporary industry averaged more than 10 percent annually between 1977 to 1997, growing from 300,000 workers to 2.5 million workers. (EPF, 1999)  This trend is especially pronounced in the computer industry. According to EPF, the computer industry increasingly relies on temporary workers to complete its work. In 1997, six percent of all computer programmers were temps and approximately 15 percent of systems analysts were temporary employees. (Cole-Gomolski, 1998) For example, Compaq employs approximately 9,000 temporary and contract employees, which constitutes 21 percent of its total workforce. (Cole-Gomolski, 1998).

The use of temporary workers can increase the risk of cyber-attacks for corporations for several reasons. First, temporary works tend not to undergo as stringent a background check or hiring process as permanent employees do. This problem can be ameliorated by hiring temporary helpers through employment agencies that conduct some credibility check; however, EPF notes that approximately half of the temporary workers utilized are hired through temporary agencies and the other half are employed directly. (1999b) Even temporary workers hired through agencies may not have the same loyalty to the firm as a permanent worker.  According to EPF, a temporary worker is assigned for a median length of 24 weeks. This time could be too short to build a bond to a company, yet it is enough time to extract information from one. Many information technology companies are starting to view reliance on perma-temps as a problem because their loyalty is unknown. (Cole-Gomolski, 1998) 

Shortage of Qualified Staff

Technology companies assert that there is currently a shortage in the number of qualified computer specialists in the United States. (Holdren, 1999) The large scale effort recently launched by President Clinton also attests to the shortage of qualified workers in this area. President Clinton recommended $90 million of training for Federal workers who deal with information security technology. (Page, 2000) Typical responses to this problem have been to hire temporary workers, qualified or unqualified, or to hire unqualified employees. The hiring of unqualified employees can create or open potentials for cyber-attacks that a more qualified computer specialist could prevent. One security expert estimates that 20 percent of hackers take advantage of a misconfiguration by system administrators. (McClure, 1999)

Improving the skills and training of information technology workers involved in information security is a critical step to improving information security. Government and corporations have recognized this as an issue and have begun to address the skill mismatch. If public and private policies to address this shortage of qualified IT workers are successful, then the corporate personnel addressing cyber-security should possess the technical ability to prevent and address cyber-attacks.

Increase in Funding for Information Technology

U.S. corporations have harnessed technology to realize substantial productivity gains. (Berry, 2000) More and more companies are spending money on information technology. A GartnerGroup survey estimates that North American enterprises spend an average of 2.9 percent of revenue on technology, with corporations in the securities industry spending almost 11 percent of revenues in 1999. (GartnerGroup, 2000)

There are multiple potential effects of an increase in information technology spending by corporations. First, corporations will allocate part of the IT budget for security purposes. Wisely spent, these budget expenditures can potentially improve cyber-security. Corporations can increase the technical safeguards that are currently in place. For example, virus scanning, firewalls, intrusion detection, SSL encryption, and password authentication are all technologies that can improve cyber-security. A recent worldwide survey indicates that improvements can be made in all these areas.   In addition, the increases in technology budgets signal that companies value information technology; therefore they will be more likely to protect this investment. The increase in funding will also have negative implications. Increases in networks and the corresponding interconnectedness will increase the vulnerabilities of corporations to insiders and outsiders. In addition, the increased reliance on information technology could prove to be disastrous if the corporation has not designed adequate contingency plans to address a successful cyber-attack.

Customer Demands  

Customers are demanding more access to information from e-mail or the web. These changing consumer preferences are changing the way that businesses operate. Existing corporations are adjusting their business practices to address these preferences. Additionally, new web-based corporations are developed to satisfy the changing consumer preferences. Notable examples of rapidly evolving industries include the health industry as well as financial industry. (Gantenbein, 2000) This ability to provide consumers with the information consumers want will provide corporations with a competitive edge.

The pressure exerted by consumers induced real, significant implications on information security. First, corporations are collecting valuable, personal information from their customers. This is especially true for e-commerce firms. In addition, firms are allowing consumers to view their finances and perform transactions on that information. This information is valuable for criminals and marketers. An article in U.S. News & World Report highlights the increase in Internet-based credit card fraud. (2000) Consumer pressure is also partially responsible for irresponsible behavior on the part of firms. An information security officer notes, �We have companies rushing on-line trying to cash in on this E-commerce craze and not paying enough attention to security.� (Mannix, 2000)  Consequently, the increased popularity of the Internet and E-commerce will continue to fuel the crime associated with the Internet. 

Technology Trends

Technology trends in the workplace also play an important role in determining the frequency of cyber-attacks on U.S. corporations. The trend analysis will explore the following trends: 

  • Increase in high-speed Internet lines

  • Software trends

  • Increasing sophistication of computer programs

  • Internet and e-mail trends

  • Changing business approaches to cyber-attacks 

Each of these factors will be explored in turn.

Increase High-speed Internet Lines

Many homes and small businesses are now obtaining high-speed Internet connections, which are much easier to hack into then modems. These faster lines are always hooked up directly to the Internet, unlike traditional modems, thus providing hackers with a permanent, fast route into home PCs and small businesses. Once hackers are in, they can steal or manipulate personal information or use your computer as a stage for a larger attack. Furthermore, many high-speed Internet connection providers do not warn their customers of security risks nor do they provide the necessary security. This creates a problem for small businesses and all businesses that allow their employees to work from home. (Zuckerman, 1999)

Increases in bandwidth increase the capabilities and speed on the Internet. However, the general increases in bandwidth, fueled by increasing demand for the speed and decreasing costs to purchase, will have negative implications for cyber-security. (Duke, 1998)  One security expert notes the major increased security implications of DSL lines as: eavesdropping, probing, impersonation, denial of service attacks, and viruses. (Day, 2000) Finally, the increase in bandwidth effectively increases the number of vulnerable entities. These entities include both personal users as well as small firms. Typically, these smaller firms do not have as much experience as larger firms in information security matters. 

Software Trends 

Microsoft has become the dominant software vendor for office application software, with over 95 percent of the market for Intel-compatible PC operating systems. (US District Court, 1999) If many different types of browsers and different operating systems existed, viruses would need to become more sophisticated or would only potentially affect a smaller number of users.  However, the dominance of Microsoft facilitates the spread of viruses across companies. The Melissa virus exemplified this in March 1999. 

Because Microsoft controls the majority of desktops, it was easier for the Melissa virus to spread. (Weise, 1999) The virus, called a �macro virus,� affected users of Microsoft Word 1997 or 2000. These types of viruses use the application�s own macro programming language to reproduce themselves. The Melissa virus sent itself to up to 50 other addresses using Microsoft Outlook, an e-mail program. It could have caused confidential documents to be disclosed, as well as electronic mail servers to overload. Within three days, the virus had reached more than 100,000 computers at 3,000 organizations. (General Accounting Office, 1999)

Recently, Microsoft was declared a monopoly. However, it has not been determined yet what will happen to the corporation. Experts are uncertain about the direction of the decision and the penalty. Therefore, this issue represents an unknown trend, making it difficult to predict the effect of the monoculture of software on cyber-attacks.

Increasing Sophistication of Computer Programs

The increasing sophistication of computer programs may be contributing to the number of cyber-attacks. Programs such as Microsoft Word or Excel are designed to accommodate a wide range of customers with different business purposes. Businesses and consumers benefit from the increased familiarity with the programs. The Federal government refers to such programs as COTS (Commercial-off-the-shelf) products. Microsoft�s Office suite, which includes Microsoft Excel and Word, comprised 89 percent of revenues in 1997. (General Accounting Office, 1999).  

The Microsoft Office Suite has undergone numerous upgrades. Each upgrade increases the capabilities, and hence the complexity of the programs. These programs have become extremely complex, with programs such as Microsoft Excel increasing its analysis capabilities (a planned improvement) while also including unplanned additional features such as a flight simulator. The increased complexity has lead to identification of a number of bugs in addition to some vulnerabilities, as was the case with the Melissa virus. (Weise, 1999)

In addition, other security experts point to the current trend to merge content.  For example, HTML-enabled e-mail readers and executable attachments utilize and combine different programs. This practice allows cyber-attackers to use covert attacks that would be more recognizable with the traditional programs that were separate. (Peterson, 1999)

Corporate response to upgrades of Office 2000 has not been as enthusiastic as previous upgrades. (Mullich, 2000)  However, the upgrades increase the functionality as well as an increased their complexity. The future direction and trends of commercial off the shelf products is uncertain; however, this paper asserts that future releases will have additional functionality. However these releases will be less frequent and the increase in complexity will decrease with time. 

E-mail and Internet Trends

The number of employees in corporations using e-mail and the Internet at work is growing. In 1998 a Forrester research, Inc. survey indicated that 98 percent of all large companies with more than 1,000 employees and 45 percent of all businesses with 20 to 99 employees are on-line.  According to International Data Corp, each day 90 million workers were sending 1.1 billion e-mail messages in 1998. (Dichter and Burkhardt, 1998) 

The e-mail traffic and the increases in communication via the e-mail underscore the reliance of U.S. business on secure communications. U.S. businesses, as a result of the interconnectedness of the networks, have become interdependent. Therefore, information security depends not only on individual firms, but on the business partners as well. (Harris, 1998)

Changing e-mail and Internet trends are profoundly changing the way that U.S. corporations are doing business. It is likely that the current interdependence of security issues will continue into the future. Therefore, cyber-attacks via e-mail, taking advantage of the interconnected nature of U.S. corporations, will continue to be successful. Companies need to collaborate to proactively address cyber-attacks.

Changing Business Approaches to Cyber-attacks

U.S. corporations continue to adjust to cyber-attacks. Adoption of security processes has not been universal. However, some firms have created strong risk assessment programs, a key component of information security. (GAO, 1999b)  The increased presence of U.S. corporations on the Internet will lead to an evolutionary approach to information security.

As noted before, risk assessment is an important technique for information security. Another important element is formal policies and procedures with respect to information security. Many companies involved with e-commerce do not have formal policies. A study by Deloitte Touche Tohmatsu and the Information Systems Audit and Control Association found that only 35 percent of companies worldwide have formal security strategies and policies. (Creed, 2000) This percentage should increase with time as more firms focus on cyber-security.

Non-traditional security approaches are also undertaken. For example, professional hackers are hired to test companies� cyber and physical security. IBM employs professional �hackers� to test corporations� cyber and physical security, which they charge between $15,000 and $45,000 for. In 1998, this team boasted an 80 percent success rate in electronic break-ins and 90 percent in physical break-ins. (Reuters, 1998) A second example is the start-up computer security company, @Stake, which has acquired a renowned group of hackers called L0pht. They have been hired by the Justice Department and the Security and Exchange Commission as consultants. (Davidson, 2000)

With Y2K successfully addressed in the United States, corporations now have the resources to direct towards improving their information security. The recent spate of cyber-attacks, coupled with increased media and public attention, should lead to improvements in the corporate policies, technologies, and the focus of corporations with information security. Improved corporate could constrain the increase of cyber-attacks.

Conclusions

Summary of Findings

This paper examines workplace trends and technology in the workplace. The expected direction of the trends was discussed, as was the relationship between the factor and the frequency of cyber-attacks. The following table summarizes the factors, the expected direction of the factors, and their relationship with the frequency of cyber-attacks.

Table 1. Summary of Trend Analysis

Factor/Trend Increase or Decrease in the Future?
Relationship with Frequency of Cyber-attacks*

  • Workplace Trends 

  • Use of nontraditional work arrangements Increase Positive

  • Skilled employees Unknown Negative

  • Information technology budgets Increase Both

  • Customer demands for Internet applications Increase Positive

  • Technology in the Workplace Trends  

  • High-speed Internet lines Increase Positive

  • Software monoculture Unknown Positive

  • Sophistication of computer programs Increase Positive

  • Internet and e-mail trends Increase Positive

  • Changing business approaches to cyber-attacks  Increase Negative

* A positive relationship indicates that an increase in the trend will lead to increases in the frequency of cyber-attacks.

Overall, the table suggests that the frequency of cyber-attacks will increase on the basis of the trends selected from the workplace and technology in the workplace categories. While technology and more flexible work arrangements have been partially responsible

for increased productivity, these trends have increased the vulnerability of U.S. corporations to cyber-attacks. (Berry, 2000) This illustrates the trade-off that the United States faces with respect to the productivity and technology.

An increase in cyber-attacks, especially if unchecked, can have serious implications for both U.S. businesses as well as individuals; therefore U.S. corporations need to invest in cyber-security. Some cyber-security measures might include more restrictive hiring and work arrangements. Firms could limit their use of temporary employees and increase monitoring of flexible work hours and telecommuting. Firms could also increase computer security training for both information technology workers and other staff. In addition, corporate monitoring and background investigations could become more common. Investments in information security technology and encryption are other possible measures to improve information security. 

Limitations

The limiting factor of this paper is that it only explores two categories of trends. Additional trends exist that are exogenous to corporations that should be mentioned. These trends include general demographics such as access to computers, media attention, consumer confidence, and changes in policy and legislation. One of these general demographic trends is access to computers. A 1999 Internet Demographic Survey conducted by CommerceNet and Nielsen Media Research indicates that the number of Internet users in North America has reached 92 million. Of these 92 million, 55 million use the Internet for shopping. (Drucker, 1999) This trend creates a risk for corporations because the more people who shop on the Internet using credit cards, the more sites and valuable credit information available for hackers to steal. This idea can be applied to banking and stock trading as well. According to the GartnerGroup, more than 7 million U.S. households used PC banking applications at the end of 1998 and they expect this number to triple to 24.2 million by the end of 2004. (1999)

Increased frequency of cyber-attacks will lead to additional media attention. Americans display an interest in technology and computer issues. The extensive attention that Y2K received in the popular press as well as trade publications underscores this interest. With the threat of Y2K largely behind the United States, the media and other entities are beginning to pay more attention to information security and hackers. The recent series of cyber-attacks in February 2000 on well-known web sites received extensive media attention, with national newspapers such as the LA Times, USA Today, Washington Post, and the New York Times including front-page coverage. 

If cyber-attacks continue, especially well-publicized attacks like the Amazon, Yahoo, and eBay attacks, the general public may lose confidence in e-commerce businesses. While on-line firms attacked did not suffer any immediate losses from the February 2000 series of attacks (Bridis, 2000), continued attacks might decrease customer willingness to make purchases on the web or volunteer sensitive information on the Internet. (Dugan, 2000) This changing customer behavior could have a negative effect on the financial health of businesses, especially e-commerce companies. Traditional brick and mortar industries might also experience losses if they use the Internet. Overall, cyber-attacks could create an environment where cyber-business is a liability, not a competitive advantage.

The increasing consumer presence on the Internet, coupled with the intense media pressure, will likely lead to more government involvement in cyber-attacks. The nature of this involvement is still unknown; however, the Federal Government has already begun to become involved in certain aspects of information security (Bridis, 2000; Jones, 1999). For example, the government, through the National Institute of Standards & Technology, acts as a clearinghouse of information regarding information security.  In addition, the Federal government is taking an active role in enforcing laws regarding cyber-attacks.

Works Cited

Alexander, Michael. �The Real Security Threat: The Enemy Within.� 1995
www.datamation.com

Bassham, Lawrence E. and W. Timothy Polk. Threat Assessment of Malicious Code and Human Threats. NIST Computer Security Division. 1994.

Berry, John. �Productivity Leaps in 1999�. The Washington Post. February 9, 2000.

Bridis, Ted. �Feds Wage War Against Cyber-Vandals.� LA Times. February 9, 2000.

CERT. CERT//CC Statistics 1988-1999. www.cert.org

Cole-Gomolski, Barb. �Reliance on Temps Creates New Problems.� August 31, 1999.

Creed, Adam. �Corp E-Commerce Security a Concern�. Computer Currents com. February 4, 2000.  

Davidson, Paul. �Hackers Enter Corporate Loop,� USA Today. January 6, 2000.

Day, Randy. �Securing DSL� January 2000. 

Dichter, Mark and Michael S. Burkhardt. �Electronic Interaction in the Workplace: Monitoring, Retrieving and Storing Employee Communications in the Internet Age.� Morgan, Lewis & Bockius LLP. 

Drucker, Peri (CommerceNet). CommerceNet and Nielsen Media Research Issue Results of Spring 1999 Internet Demographic Survey. June 1999. 

Dugan, Ianthe Jeanne. �Online Investors Seethe as E-Trade Struggles to Keep Its Doors Open.� The Washington Post. February 10, 2000.

Duke, Jeremy. �Bandwidth Bargains Abound.� July 1998.

Employment Policy Foundation (1999B). �Temps: Tempest in a Teapot.� Contemporary Issues in Employment and Workplace Policy. Volume 5, No. 2. February 1999. 

Galansky, Ellen and James T. Bond (Families and Work Institute). The 1998 Business Work-Life Study: A Sourcebook, 1998.

Gantenbein, Douglas and Marcia Stepanek. �Kaiser Takes the Cyber Cure: The Managed-Care Giant Is Spending $2 Billion To Move Its Operations to the Net.� Business Week. February 7, 2000.

GartnerGroup. �GartnerGroup�s Dataquest Forecasts Three-Fold Increase in Online Banking Over Next Five Years.� Press Release. August 1999. 

GartnerGroup. �GartnerGroup Survey Shows North American Enterprises Spend an Average of 2.9 Percent on Technology.� Press Release. January 2000. 

General Accounting Office. Information Security: The Melissa Computer Virus Demonstrates the Need for Stronger Protection Over Systems and Sensitive Data. Statement of Keith A. Rhodes. April 15, 1999. GAO/T-AIMD-99-146.

General Accounting Office. Information Security Risk Assessment: Practices of Leading Organizations. November 1999. GAO/AIMD-00-33.

Hewitt Associates. Work and Life Benefits Provided by Major U.S. Employees in 1998.

Holdren, Julie. �Statement on America�s Workforce Needs in the 21st Century.�  Statement before the Subcommittee of Immigration, Committee on Judiciary, United States Senate.  October 21, 1999.

Howard, John D. and Thomas A. Longstaff. A Common Language for Computer Security Incidents. Sandia National Laboratories. 1998.

Hundley, Richard and Robert Anderson. A Qualitative Methodology for the Assessment of Cyber-space-Related Risks. RAND. 1996.

Jones, Del. �FBI: Spies Cost U.S. Firms $2B a Month� USA Today. February 10, 1999.

Kornblum, Janet. �Hackers Open Big Hole in Hotmail.� USA Today. August 31, 1999.

Kundu, Krishna (Employment Policy Foundation). �Telecommuting: Work is Virtually Something You Do, Not Somewhere You Go,� Future Trends. November 23, 1999.

Lowry, Tom. �Concerns over Y2K Cut Funds for Security.� USA Today. March 23, 1999.

McClure, Stuart. �Hacking Frenzy Shows Network Security Breaches are Not Out of Fashion.� 1999.

Mannix, Margaret. �High-Tech Card Fraud Goes on Right Behind Your Back� U.S. News & World Report. February 14, 2000.

Mullich, Joe. �Windows 2000: Will They or Won�t They?� 2000. 

Page, Susan. �New Tactics Pushed in Terror War: $2 Billion Targets Tech Attacks� USA Today. January 7, 2000.

Peterson, A. Padgett. �Insecurity 2000.� November 1999. 

Reuters. �IBM Hacks Client�s Network.�  March 24, 1998 

Schwartz, John and Ariana Eunjung Cha. �Hackers Strike Again�. The Washington Post. February 9, 2000.

US Department of Labor. Futurework: Trends and Challenges in the 21st Century. 1999. 

US Department of Labor, Bureau of Labor Statistics. Contingent and Alternative Work Arrangements. December 1999.

US District Court for the District of Columbia. US vs. Microsoft Corporation. Civil Action No. 98-1232 (TPJ).

Weise, Elizabeth. �Melissa poked holes in fa�ade of reliability: Experts Blame Woes on Market Pressures� USA Today. April 8, 1999. 

Zuckerman, MJ. �Fast Track to Trouble on the Net: High-Speed Connections Open Home PCs to Hacks.� USA Today. November 3, 1999. 


Editorial PolicyNothing you read in The Business Forum Journal should ever be construed to be the opinion of, statements condoned by, or advice from, The Business Forum Institute, its staff, workers, officers, members, directors, sponsors or shareholders. We pass no opinion whatsoever on the content of what we publish, nor do we accept any responsibility for the claims, or any of the statements made, within anything published herein.  We merely aim to provide an academic forum and an information sourcing vehicle for the benefit of the business and the academic communities of the Pacific States of America and the World. Therefore, readers must always determine for themselves where the statistics, comments, statements and advice that are published herein are gained from and act, or not act, upon such entirely and always at their own risk.  We accept absolutely no liability whatsoever, nor take any responsibility for what anyone does, or does not do, based upon what is published herein, or information gained through the use of links to other web sites included herein.                                                                             Please refer to our:  legal disclaimer


The Business Forum
Beverly Hills, California, United States of America

Email:  [email protected]
Graphics by DawsonDesign
Webmaster:  bruceclay.com


 �  Copyright The Business Forum Institute - 1982 - 2015  ** All rights reserved.
 The Business Forum Institute is not responsible for  the content of external sites.

Read more