|
"It is
impossible for ideas to compete in the marketplace if no forum for
their presentation is provided or available." � �Thomas Mann, 1896
CYBER-ATTACKS!
Trends in US Corporations
Author: Alison Jacknowitz
Contributed by RAND Corporation
American companies have been frequent targets of
cyber-attacks during the
past years and the frequency of these attacks is increasing. A survey by the
Computer Security Institute and the FBI found that 62% of respondents
reported a breach in 1998, up from 42 percent in 1996. Cyber-attacks range from
defacing a website to stealing valuable information; however, they can cost
corporations a significant amount of money in goods, reputation, and time.
Although the nature and severity of attacks can differ dramatically, cyber-attacks significantly affect corporations. A DataPro Information Services
study estimated that the average hacker attack costs companies $500,000 per
event.
Because the incidence of cyber-attacks has increased and the
consequences of the attacks are significant, it is important to examine the
trends that could influence the frequency of cyber-attacks now and in the future.
This paper will identify and discuss two distinct categories of trends that are
potentially influencing cyber-attacks against American corporations: workplace
and technology in the workplace. The results of the analysis are outlined below.
Workplace Trends
-
Nontraditional work arrangements � An increase in nontraditional work
arrangements such as telecommuting, flex-time, temporary employees, and
outsourcing increases cyber-attack vulnerabilities from difficult-to-monitor
disgruntled or disloyal workers as well as increased network vulnerabilities
from telecommuters.
-
Qualified IT staff � Twenty percent of hackers can attack computer systems
because of system misconfiguration. The current and future shortage of IT
workers contributes to the corporate vulnerability.
-
Information technology budgets � Information technology budgets average 2.9
percent of revenues for North American firms. These budgets both increase
and decrease corporations� vulnerability to cyber-attacks.
-
Customer demands � Customers are pushing corporations onto the Internet,
therefore increasing the personal and credit card information available.
Technology in the Workplace Trends
-
Increase in high-speed Internet lines � The increased capacity of
Internet lines will increase opportunities for hackers to eavesdrop, probe,
impersonate, perform denial of service attacks, and propagate viruses.
-
Software trends � The monoculture of Microsoft, with 95 percent of the
market share for Intel-compatible PC operating systems, contributes to the
vulnerability of corporations from viruses such as the Melissa virus.
-
Increasing sophistication of computer programs � The increasing complex and
interrelated nature of computer software increases the vulnerability of PC users
from covert attacks.
-
Internet and e-mail trends � E-mail communication and attachment use is
exploding, making the world more interconnected and more vulnerable to e-mail
based viruses.
Changing business approaches to cyber-attacks � Businesses are adapting to cyber-attacks, utilizing both traditional means (increased risk assessment and
training) and nontraditional means (hiring hackers to probe corporate
security).
The trend analysis finds that the trends in the workplace and the technology
in the workplace suggest that the frequency of cyber-attacks will continue to
increase for the next years. An increase in cyber-attacks, especially if
unchecked, can have serious implications for both American businesses as well as
individuals; therefore American corporations need to invest in cyber-security.
Some cyber-security measures might include more restrictive hiring and work
arrangements and increasing monitoring of flexible work hours and telecommuting.
Firms could also increase computer security training for both information
technology workers and other staff. In addition, corporate monitoring and
background investigations could become more common. Finally, investments in
information security technology and encryption are other possible measures to
improve information security.
Introduction
Motivation
United States (U.S.) companies are a frequent target of cyber-attacks during the
past years and the frequency of these attacks is increasing. In 1999, CERT
states that 8,268 incidents were reported. These incidents were reported with
greater frequency than in the past. For example, in 1998, only 3,734 incidents
were reported. Therefore, the number of reported incidents doubled in just one
year�s time. (CERT, 1999) A survey by the Computer Security Institute
and the FBI found that 62 percent of respondents reported a breach in 1998, up
from 42 percent in 1996. (Lowry, 1999) Furthermore, many corporations chose not
to report attacks to protect their reputations. Two recent examples of
publicized attacks against companies in which valuable information was
compromised include Pacific Bell Internet services and Microsoft�s free e-mail
service, Hotmail. In the case of Pacific Bell Internet services, a member of the
hacker group Global Hell used his Linux system to compromise 26 companies,
including a number of Internet service providers (ISPs), including Pacific Bell.
To respond to this cyber-attack, Bell asked all of its users to change their
passwords. (McClure, 1999) In the case of Hotmail, in August 1999, a group
called �Hackers Unite,� created a security hole that gave users with a
special password access to 40 million e-mail accounts. (Kornblum, 1999) As
this paper was being drafted, popular Internet-based companies such as eBay,
Yahoo, and Amazon.com were attacked. (Schwartz, 2000)
Differing definitions of a
cyber-attack exist and the
literature reflects this. A paper by Howard and Longstaff defines an attack as
an �event that occurs on a computer or network that is intended to result in
something that is not authorized to happen.� (1998) Hundley and Anderson
note that attacks can affect data, processing & programs, and the network
environment. (1996) As the preceding description indicates, cyber-attacks rangefrom defacing a website to stealing valuable information; however, they can
cost corporations a significant amount of money in goods, reputation, and time.
These attacks can be active, passive, performed by an insider or an outsider.
For the purposes of this paper, cyber-attacks will be defined as any act that
breaches the cyber-security of an organization whether intentional or
unintentional, performed by an insider or an outsider.
Although the nature and severity of attacks can differ dramatically,
cyber-attacks significantly affect corporations. Cyber-attacks can have serious
repercussions to companies in terms of dollars, reputation, or goods. Cyber-attacks can cost companies millions of dollars in goods and propriety
information as well as a substantial amount of money caused by loss of
reputation. For example, a survey by Ernst & Young and Information Week
indicates that more than half of its respondents reported financial losses from
cyber-attacks. Further, each breakdown exceeded $100,000 and approximately 17
respondents suffered losses of more than $1 million as a result of a single
security breach. (Alexander, 1995). More recent statistics suggest that fighting
viruses cost businesses worldwide $7.6 billion in the first year of 1999. (Futurework,
1999) In addition, a DataPro Information Services study estimated that the
average hacker attack costs companies $500,000. (Lowry, 1999) In the case where
corporate or customer information is stolen or destroyed, the company suffers
both the loss of the good as well as the loss of reputation.
Because the incidence of cyber-attacks has increased and the consequences of
the attacks are significant, it is important to examine the trends that could
influence the frequency of cyber-attacks now and in the future. The rise of cyber-attacks has not occurred in a vacuum.
Cyber-attacks are, in part, a
reflection of the world. Therefore, understanding the evolving, and in some
cases, rapidly changing world of technology and business assists us in
understanding cyber-attacks. A multitude of potential factors may affect the
frequency of cyber-attacks. Identifying relevant factors and the potential trends
of the selected factors will allow businesses and policy-makers to make more
informed decisions about current and future policies regarding cyber-attacks.
This paper will identify and discuss two distinct categories of trends that
are potentially influencing cyber-attacks against United States corporations:
workplace and technology in the workplace. It can be argued that corporations,
individually or in aggregate, demonstrate some control over both of these
factors. In addition, many attacks occur from within by
�insiders.� (Bassham, 1994) Statistics indicate that 70 to 80 percent
of cyber-attacks or breaches of security are either performed or occur on the
inside. (Alexander, 1995) Another statistic from a computer security expert
estimates the percentage of attacks undertaken by insiders at over 65 percent
(Lowry, 1999). Consequently, this paper lists general trends for corporations to
consider. Some trends may apply to all corporations and some to select firms.
Finally, these trends could influence cyber-attacks in a positive or negative
way. Therefore, the paper will predict the direction of each trend the incidence
of cyber-attacks.
Methodology
This paper examines two categories of trends over time and attempts to predict
each factor�s influence on the frequency of cyber-attacks. The analysis will
use �trend analysis� to explore the factors that may affect cyber-attacks in
U.S. corporations. This qualitative, analytical approach is useful in that the
myriad of potential factors that could affect information security are organized
and briefly addressed. Therefore, the approach provides a useful method to
organize the many influences on the future of cyber-attacks. The analysis focuses
on general trends and issues surrounding the workplace; individual corporations
and firms may also possess other characteristics or factors that are
particularly relevant for their case. In addition, the technique will not allow
quantitative assessments of the change in the number of cyber-attacks. Nor will
the analysis explore every trend or assess the relative importance of the
trends. Future work could rank the importance of the trends.
There are three main steps utilized to determine which trends will affect the
frequency of cyber-attacks. First, the literature regarding cyber-attacks,
workplace trends, and technology in the workplace was reviewed and several
dominant themes during the past years were selected. Once the relevant trends
were chosen, these factors were researched more in-depth. Finally the paper
predicts the factors� relation to cyber-attacks based on the literature. A
matrix summarizes the trends and predicted direction of their influence on the
incidence of cyber-attacks.
Trend Analysis
Workplace Trends
Workplace trends play an important role in determining the frequency of cyber-attacks on U.S. corporations. The trend analysis will explore the following
trends:
Each of these factors will be explored in turn.
Nontraditional Work Arrangements
Many of the workplace trends revolve around an increasing use of nontraditional
or �alternative� employees. Nontraditional employment can be defined as work
in which the structure of hours and location differs from traditional
employment. Nontraditional employees include independent contractors, employees
of contract firms, temporary employees, and on-call workers. Some literature
also defines those employees who take advantage of flex-time and telecommuting
options as nontraditional employees. In December 1999, an estimated 12.2 million
workers with non-traditional work arrangements (excluding flex-time and
telecommuting) worked in the United States. These 12.2 million workers included
8.2 million independent contractors, 2.0 million on-call workers, 1.2 million
temporary agency workers and 769,000 employees provided by contracting firms.
(Bureau of Labor Statistics, 1999) Within the information technology sector, in
1995, 76,000 computer system analysts and engineers were temporary employees or
contract workers. This number grew to 107,000 in 1997, a 41 percent increase.
(Cole-Gomolski, 1998) This section will provide detailed information on these
nontraditional labor groups and how they may affect the incidence of cyber-attacks on the companies that utilize their services.
Flexible work schedules. During the past years, U.S. corporations
have offered their employees the opportunity to work flexible work schedules and
employees have eagerly taken advantage of the opportunity. Two of these options
include: flex-time and telecommuting. A 1998 Business-Work Life Study of large
corporations indicated that 55 percent permitted employees to work at home
occasionally and 33 percent allowed them to work at home or off-site on a
regular basis. The number of employees taking advantage of telecommuting
policies is also large. According to the Employment Policy Foundation (EPF),
more than 21 million people telecommute to work and this number is expected to
rise to 51 million by 2030. (Kundu, 1999) A 1998 survey by Hewitt Associates
indicated that 35 percent of corporations with flexible work arrangements were
offering telecommuting as an option. The number varies depending upon the
definition of telecommuting, but the overall theme is telecommuting is a growing
phenomena.
Although these policies tend to increase the productivity and satisfaction of
employees (Kundu, 1999), these labor policies can place employers at risk for cyber-attacks. The policy of flex-time can increase the risk of
cyber-attacks
because employees work nontraditional hours. These hours may give dishonest or
disgruntled employees a better opportunity to steal, modify, or view secure
information. The policy of telecommuting can also compromise cyber-security
because it offers hackers another way into a company�s system. In addition, it
is likely that network connections from home are not a secure as those from
work.
Temporary employees/ Contract workers/Outsourcing. The rise of
temporary employees is another trend in the workplace. Growth in the temporary
industry averaged more than 10 percent annually between 1977 to 1997, growing
from 300,000 workers to 2.5 million workers. (EPF, 1999) This trend is
especially pronounced in the computer industry. According to EPF, the computer
industry increasingly relies on temporary workers to complete its work. In 1997,
six percent of all computer programmers were temps and approximately 15 percent
of systems analysts were temporary employees. (Cole-Gomolski, 1998) For example,
Compaq employs approximately 9,000 temporary and contract employees, which
constitutes 21 percent of its total workforce. (Cole-Gomolski, 1998).
The use of temporary workers can increase the risk of
cyber-attacks for
corporations for several reasons. First, temporary works tend not to undergo as
stringent a background check or hiring process as permanent employees do. This
problem can be ameliorated by hiring temporary helpers through employment
agencies that conduct some credibility check; however, EPF notes that
approximately half of the temporary workers utilized are hired through temporary
agencies and the other half are employed directly. (1999b) Even temporary
workers hired through agencies may not have the same loyalty to the firm as a
permanent worker. According to EPF, a temporary worker is assigned for a
median length of 24 weeks. This time could be too short to build a bond to a
company, yet it is enough time to extract information from one. Many information
technology companies are starting to view reliance on perma-temps as a problem
because their loyalty is unknown. (Cole-Gomolski, 1998)
Shortage of Qualified Staff
Technology companies assert that there is currently a shortage in the number of
qualified computer specialists in the United States. (Holdren, 1999) The large
scale effort recently launched by President Clinton also attests to the shortage
of qualified workers in this area. President Clinton recommended $90 million of
training for Federal workers who deal with information security technology.
(Page, 2000) Typical responses to this problem have been to hire temporary
workers, qualified or unqualified, or to hire unqualified employees. The hiring
of unqualified employees can create or open potentials for cyber-attacks that a
more qualified computer specialist could prevent. One security expert estimates
that 20 percent of hackers take advantage of a misconfiguration by system
administrators. (McClure, 1999)
Improving the skills and training of information technology workers involved
in information security is a critical step to improving information security.
Government and corporations have recognized this as an issue and have begun to
address the skill mismatch. If public and private policies to address this
shortage of qualified IT workers are successful, then the corporate personnel
addressing cyber-security should possess the technical ability to prevent and
address cyber-attacks.
Increase in Funding for Information Technology
U.S. corporations have harnessed technology to realize substantial productivity
gains. (Berry, 2000) More and more companies are spending money on information
technology. A GartnerGroup survey estimates that North American enterprises
spend an average of 2.9 percent of revenue on technology, with corporations in
the securities industry spending almost 11 percent of revenues in 1999. (GartnerGroup,
2000)
There are multiple potential effects of an increase in information technology
spending by corporations. First, corporations will allocate part of the IT
budget for security purposes. Wisely spent, these budget expenditures can
potentially improve cyber-security. Corporations can increase the technical
safeguards that are currently in place. For example, virus scanning, firewalls,
intrusion detection, SSL encryption, and password authentication are all
technologies that can improve cyber-security. A recent worldwide survey indicates
that improvements can be made in all these areas. In addition, the
increases in technology budgets signal that companies value information
technology; therefore they will be more likely to protect this investment. The
increase in funding will also have negative implications. Increases in networks
and the corresponding interconnectedness will increase the vulnerabilities of
corporations to insiders and outsiders. In addition, the increased reliance on
information technology could prove to be disastrous if the corporation has not
designed adequate contingency plans to address a successful cyber-attack.
Customer Demands
Customers are demanding more access to information from e-mail or the web. These
changing consumer preferences are changing the way that businesses operate.
Existing corporations are adjusting their business practices to address these
preferences. Additionally, new web-based corporations are developed to satisfy
the changing consumer preferences. Notable examples of rapidly evolving
industries include the health industry as well as financial industry. (Gantenbein,
2000) This ability to provide consumers with the information consumers want will
provide corporations with a competitive edge.
The pressure exerted by consumers induced real, significant implications on
information security. First, corporations are collecting valuable, personal
information from their customers. This is especially true for e-commerce firms.
In addition, firms are allowing consumers to view their finances and perform
transactions on that information. This information is valuable for criminals and
marketers. An article in U.S. News & World Report highlights the increase in
Internet-based credit card fraud. (2000) Consumer pressure is also partially
responsible for irresponsible behavior on the part of firms. An information
security officer notes, �We have companies rushing on-line trying to cash in
on this E-commerce craze and not paying enough attention to security.� (Mannix,
2000) Consequently, the increased popularity of the Internet and
E-commerce will continue to fuel the crime associated with the Internet.
Technology Trends
Technology trends in the workplace also play an important role in determining
the frequency of cyber-attacks on U.S. corporations. The trend analysis will
explore the following trends:
-
Increase in high-speed Internet lines
-
Software trends
-
Increasing sophistication of computer programs
-
Internet and e-mail trends
-
Changing business approaches to
cyber-attacks
Each of these factors will be explored in turn.
Increase High-speed Internet Lines
Many homes and small businesses are now obtaining high-speed Internet
connections, which are much easier to hack into then modems. These faster lines
are always hooked up directly to the Internet, unlike traditional modems, thus
providing hackers with a permanent, fast route into home PCs and small
businesses. Once hackers are in, they can steal or manipulate personal
information or use your computer as a stage for a larger attack. Furthermore,
many high-speed Internet connection providers do not warn their customers of
security risks nor do they provide the necessary security. This creates a
problem for small businesses and all businesses that allow their employees to
work from home. (Zuckerman, 1999)
Increases in bandwidth increase the capabilities and speed on the Internet.
However, the general increases in bandwidth, fueled by increasing demand for the
speed and decreasing costs to purchase, will have negative implications for cyber-security. (Duke, 1998) One security expert notes the major increased
security implications of DSL lines as: eavesdropping, probing, impersonation,
denial of service attacks, and viruses. (Day, 2000) Finally, the increase in
bandwidth effectively increases the number of vulnerable entities. These
entities include both personal users as well as small firms. Typically, these
smaller firms do not have as much experience as larger firms in information
security matters.
Software Trends
Microsoft has become the dominant software vendor for office application
software, with over 95 percent of the market for Intel-compatible PC operating
systems. (US District Court, 1999) If many different types of browsers and
different operating systems existed, viruses would need to become more
sophisticated or would only potentially affect a smaller number of users.
However, the dominance of Microsoft facilitates the spread of viruses across
companies. The Melissa virus exemplified this in March 1999.
Because Microsoft controls the majority of desktops, it was easier for the
Melissa virus to spread. (Weise, 1999) The virus, called a �macro virus,�
affected users of Microsoft Word 1997 or 2000. These types of viruses use the
application�s own macro programming language to reproduce themselves. The
Melissa virus sent itself to up to 50 other addresses using Microsoft Outlook,
an e-mail program. It could have caused confidential documents to be disclosed,
as well as electronic mail servers to overload. Within three days, the virus had
reached more than 100,000 computers at 3,000 organizations. (General Accounting
Office, 1999)
Recently, Microsoft was declared a monopoly. However, it has not been
determined yet what will happen to the corporation. Experts are uncertain about
the direction of the decision and the penalty. Therefore, this issue represents
an unknown trend, making it difficult to predict the effect of the monoculture
of software on cyber-attacks.
Increasing Sophistication of Computer Programs
The increasing sophistication of computer programs may be contributing to the
number of cyber-attacks. Programs such as Microsoft Word or Excel are designed to
accommodate a wide range of customers with different business purposes.
Businesses and consumers benefit from the increased familiarity with the
programs. The Federal government refers to such programs as COTS
(Commercial-off-the-shelf) products. Microsoft�s Office suite, which includes
Microsoft Excel and Word, comprised 89 percent of revenues in 1997. (General
Accounting Office, 1999).
The Microsoft Office Suite has undergone numerous upgrades. Each upgrade
increases the capabilities, and hence the complexity of the programs. These
programs have become extremely complex, with programs such as Microsoft Excel
increasing its analysis capabilities (a planned improvement) while also
including unplanned additional features such as a flight simulator. The
increased complexity has lead to identification of a number of bugs in addition
to some vulnerabilities, as was the case with the Melissa virus. (Weise, 1999)
In addition, other security experts point to the current trend to merge
content. For example, HTML-enabled e-mail readers and executable
attachments utilize and combine different programs. This practice allows cyber-attackers to use covert attacks that would be more recognizable with the
traditional programs that were separate. (Peterson, 1999)
Corporate response to upgrades of Office 2000 has not been as enthusiastic as
previous upgrades. (Mullich, 2000) However, the upgrades increase the
functionality as well as an increased their complexity. The future direction and
trends of commercial off the shelf products is uncertain; however, this paper
asserts that future releases will have additional functionality. However these
releases will be less frequent and the increase in complexity will decrease with
time.
E-mail and Internet Trends
The number of employees in corporations using e-mail and the Internet at work is
growing. In 1998 a Forrester research, Inc. survey indicated that 98 percent of
all large companies with more than 1,000 employees and 45 percent of all
businesses with 20 to 99 employees are on-line. According to International
Data Corp, each day 90 million workers were sending 1.1 billion e-mail messages
in 1998. (Dichter and Burkhardt, 1998)
The e-mail traffic and the increases in communication via the e-mail
underscore the reliance of U.S. business on secure communications. U.S.
businesses, as a result of the interconnectedness of the networks, have become
interdependent. Therefore, information security depends not only on individual
firms, but on the business partners as well. (Harris, 1998)
Changing e-mail and Internet trends are profoundly changing the way that U.S.
corporations are doing business. It is likely that the current interdependence
of security issues will continue into the future. Therefore, cyber-attacks via
e-mail, taking advantage of the interconnected nature of U.S. corporations, will
continue to be successful. Companies need to collaborate to proactively address
cyber-attacks.
Changing Business Approaches to
Cyber-attacks
U.S. corporations continue to adjust to cyber-attacks. Adoption of security
processes has not been universal. However, some firms have created strong risk
assessment programs, a key component of information security. (GAO, 1999b)
The increased presence of U.S. corporations on the Internet will lead to an
evolutionary approach to information security.
As noted before, risk assessment is an important technique for information
security. Another important element is formal policies and procedures with
respect to information security. Many companies involved with e-commerce do not
have formal policies. A study by Deloitte Touche Tohmatsu and the Information
Systems Audit and Control Association found that only 35 percent of companies
worldwide have formal security strategies and policies. (Creed, 2000) This
percentage should increase with time as more firms focus on cyber-security.
Non-traditional security approaches are also undertaken. For example,
professional hackers are hired to test companies� cyber and physical security.
IBM employs professional �hackers� to test corporations� cyber and
physical security, which they charge between $15,000 and $45,000 for. In 1998,
this team boasted an 80 percent success rate in electronic break-ins and 90
percent in physical break-ins. (Reuters, 1998) A second example is the start-up
computer security company, @Stake, which has acquired a renowned group of
hackers called L0pht. They have been hired by the Justice Department and the
Security and Exchange Commission as consultants. (Davidson, 2000)
With Y2K successfully addressed in the United States, corporations now have
the resources to direct towards improving their information security. The recent
spate of cyber-attacks, coupled with increased media and public attention, should
lead to improvements in the corporate policies, technologies, and the focus of
corporations with information security. Improved corporate could constrain the
increase of cyber-attacks.
Conclusions
Summary of Findings
This paper examines workplace trends and technology in the workplace. The
expected direction of the trends was discussed, as was the relationship between
the factor and the frequency of cyber-attacks. The following table summarizes the
factors, the expected direction of the factors, and their relationship with the
frequency of cyber-attacks.
Table 1. Summary of Trend Analysis
Factor/Trend Increase or Decrease in the Future?
Relationship with Frequency
of Cyber-attacks*
-
Workplace Trends
-
Use of nontraditional work arrangements Increase Positive
-
Skilled employees Unknown Negative
-
Information technology budgets Increase Both
-
Customer demands for Internet applications Increase Positive
-
Technology in the Workplace Trends
-
High-speed Internet lines Increase Positive
-
Software monoculture Unknown Positive
-
Sophistication of computer programs Increase Positive
-
Internet and e-mail trends Increase Positive
-
Changing business approaches to cyber-attacks Increase Negative
* A positive relationship indicates that an increase in the trend will lead to
increases in the frequency of cyber-attacks.
Overall, the table suggests that the frequency of
cyber-attacks will increase on the basis of the trends selected from the
workplace and technology in the workplace categories. While technology and more
flexible work arrangements have been partially responsible
for increased productivity, these trends have increased the vulnerability of
U.S. corporations to cyber-attacks. (Berry, 2000) This illustrates the trade-off
that the United States faces with respect to the productivity and technology.
An increase in cyber-attacks, especially if unchecked, can have serious
implications for both U.S. businesses as well as individuals; therefore U.S.
corporations need to invest in cyber-security. Some cyber-security measures might
include more restrictive hiring and work arrangements. Firms could limit their
use of temporary employees and increase monitoring of flexible work hours and
telecommuting. Firms could also increase computer security training for both
information technology workers and other staff. In addition, corporate
monitoring and background investigations could become more common. Investments
in information security technology and encryption are other possible measures to
improve information security.
Limitations
The limiting factor of this paper is that it only explores two categories of
trends. Additional trends exist that are exogenous to corporations that should
be mentioned. These trends include general demographics such as access to
computers, media attention, consumer confidence, and changes in policy and
legislation. One of these general demographic trends is access to computers. A
1999 Internet Demographic Survey conducted by CommerceNet and Nielsen Media
Research indicates that the number of Internet users in North America has
reached 92 million. Of these 92 million, 55 million use the Internet for
shopping. (Drucker, 1999) This trend creates a risk for corporations because the
more people who shop on the Internet using credit cards, the more sites and
valuable credit information available for hackers to steal. This idea can be
applied to banking and stock trading as well. According to the GartnerGroup,
more than 7 million U.S. households used PC banking applications at the end of
1998 and they expect this number to triple to 24.2 million by the end of 2004.
(1999)
Increased frequency of cyber-attacks will lead to additional media attention.
Americans display an interest in technology and computer issues. The extensive
attention that Y2K received in the popular press as well as trade publications
underscores this interest. With the threat of Y2K largely behind the United
States, the media and other entities are beginning to pay more attention to
information security and hackers. The recent series of cyber-attacks in February
2000 on well-known web sites received extensive media attention, with national
newspapers such as the LA Times, USA Today, Washington Post, and the New York
Times including front-page coverage.
If cyber-attacks continue, especially well-publicized attacks like the Amazon,
Yahoo, and eBay attacks, the general public may lose confidence in e-commerce
businesses. While on-line firms attacked did not suffer any immediate losses
from the February 2000 series of attacks (Bridis, 2000), continued attacks might
decrease customer willingness to make purchases on the web or volunteer
sensitive information on the Internet. (Dugan, 2000) This changing customer
behavior could have a negative effect on the financial health of businesses,
especially e-commerce companies. Traditional brick and mortar industries might
also experience losses if they use the Internet. Overall, cyber-attacks could
create an environment where cyber-business is a liability, not a competitive
advantage.
The increasing consumer presence on the Internet, coupled with the intense
media pressure, will likely lead to more government involvement in cyber-attacks.
The nature of this involvement is still unknown; however, the Federal Government
has already begun to become involved in certain aspects of information security
(Bridis, 2000; Jones, 1999). For example, the government, through the National
Institute of Standards & Technology, acts as a clearinghouse of information
regarding information security. In addition, the Federal government is
taking an active role in enforcing laws regarding cyber-attacks.
Works Cited
Alexander, Michael. �The Real Security Threat: The Enemy Within.� 1995
www.datamation.com
Bassham, Lawrence E. and W. Timothy Polk. Threat Assessment of Malicious Code
and Human Threats. NIST Computer Security Division. 1994.
Berry, John. �Productivity Leaps in 1999�. The Washington Post. February
9, 2000.
Bridis, Ted. �Feds Wage War Against Cyber-Vandals.� LA Times. February 9,
2000.
CERT. CERT//CC Statistics 1988-1999.
www.cert.org
Cole-Gomolski, Barb. �Reliance on Temps Creates New Problems.� August 31,
1999.
Creed, Adam. �Corp E-Commerce Security a Concern�. Computer Currents com.
February 4, 2000.
Davidson, Paul. �Hackers Enter Corporate Loop,� USA Today. January 6,
2000.
Day, Randy. �Securing DSL� January 2000.
Dichter, Mark and Michael S. Burkhardt. �Electronic Interaction in the
Workplace: Monitoring, Retrieving and Storing Employee Communications in the
Internet Age.� Morgan, Lewis & Bockius LLP.
Drucker, Peri (CommerceNet). CommerceNet and Nielsen Media Research Issue
Results of Spring 1999 Internet Demographic Survey. June 1999.
Dugan, Ianthe Jeanne. �Online Investors Seethe as E-Trade Struggles to Keep
Its Doors Open.� The Washington Post. February 10, 2000.
Duke, Jeremy. �Bandwidth Bargains Abound.� July 1998.
Employment Policy Foundation (1999B). �Temps: Tempest in a Teapot.�
Contemporary Issues in Employment and Workplace Policy. Volume 5, No. 2.
February 1999.
Galansky, Ellen and James T. Bond (Families and Work Institute). The 1998
Business Work-Life Study: A Sourcebook, 1998.
Gantenbein, Douglas and Marcia Stepanek. �Kaiser Takes the Cyber Cure: The
Managed-Care Giant Is Spending $2 Billion To Move Its Operations to the Net.�
Business Week. February 7, 2000.
GartnerGroup. �GartnerGroup�s Dataquest Forecasts Three-Fold Increase in
Online Banking Over Next Five Years.� Press Release. August 1999.
GartnerGroup. �GartnerGroup Survey Shows North American Enterprises Spend
an Average of 2.9 Percent on Technology.� Press Release. January 2000.
General Accounting Office. Information Security: The Melissa Computer Virus
Demonstrates the Need for Stronger Protection Over Systems and Sensitive Data.
Statement of Keith A. Rhodes. April 15, 1999. GAO/T-AIMD-99-146.
General Accounting Office. Information Security Risk Assessment: Practices of
Leading Organizations. November 1999. GAO/AIMD-00-33.
Hewitt Associates. Work and Life Benefits Provided by Major U.S. Employees in
1998.
Holdren, Julie. �Statement on America�s Workforce Needs in the 21st
Century.� Statement before the Subcommittee of Immigration, Committee on
Judiciary, United States Senate. October 21, 1999.
Howard, John D. and Thomas A. Longstaff. A Common Language for Computer
Security Incidents. Sandia National Laboratories. 1998.
Hundley, Richard and Robert Anderson. A Qualitative Methodology for the
Assessment of Cyber-space-Related Risks. RAND. 1996.
Jones, Del. �FBI: Spies Cost U.S. Firms $2B a Month� USA Today. February
10, 1999.
Kornblum, Janet. �Hackers Open Big Hole in Hotmail.� USA Today. August
31, 1999.
Kundu, Krishna (Employment Policy Foundation). �Telecommuting: Work is
Virtually Something You Do, Not Somewhere You Go,� Future Trends. November 23,
1999.
Lowry, Tom. �Concerns over Y2K Cut Funds for Security.� USA Today. March
23, 1999.
McClure, Stuart. �Hacking Frenzy Shows Network Security Breaches are Not
Out of Fashion.� 1999.
Mannix, Margaret. �High-Tech Card Fraud Goes on Right Behind Your Back�
U.S. News & World Report. February 14, 2000.
Mullich, Joe. �Windows 2000: Will They or Won�t They?� 2000.
Page, Susan. �New Tactics Pushed in Terror War: $2 Billion Targets Tech
Attacks� USA Today. January 7, 2000.
Peterson, A. Padgett. �Insecurity 2000.� November 1999.
Reuters. �IBM Hacks Client�s Network.� March 24, 1998
Schwartz, John and Ariana Eunjung Cha. �Hackers Strike Again�. The
Washington Post. February 9, 2000.
US Department of Labor. Futurework: Trends and Challenges in the 21st
Century. 1999.
US Department of Labor, Bureau of Labor Statistics. Contingent and
Alternative Work Arrangements. December 1999.
US District Court for the District of Columbia. US vs. Microsoft Corporation.
Civil Action No. 98-1232 (TPJ).
Weise, Elizabeth. �Melissa poked holes in fa�ade of reliability: Experts
Blame Woes on Market Pressures� USA Today. April 8, 1999.
Zuckerman, MJ. �Fast Track to Trouble on the Net: High-Speed Connections
Open Home PCs to Hacks.� USA Today. November 3, 1999.
Editorial Policy: Nothing you read in
The Business Forum Journal
should ever be construed to be the
opinion of, statements condoned by, or advice from,
The Business Forum Institute, its staff, workers,
officers, members, directors, sponsors or
shareholders. We pass no opinion whatsoever on the
content of what we publish, nor do we accept any
responsibility for the claims, or any of the
statements made, within anything published herein.
We merely aim to provide an academic forum and an
information sourcing vehicle for the benefit of the
business and the academic communities of the Pacific
States of America and the World. Therefore, readers
must always determine for themselves where the
statistics, comments, statements and advice that are
published herein are gained from and act, or not
act, upon such entirely and always at their own
risk. We accept absolutely no liability
whatsoever, nor take any responsibility for what
anyone does, or does not do, based upon what is
published herein, or information gained through the
use of links to other web sites included herein.
Please refer to our:
legal
disclaimer
The Business
Forum Beverly Hills, California, United States of America
Email:
[email protected]
Graphics by
DawsonDesign
Webmaster:
bruceclay.com
�
Copyright The Business Forum Institute - 1982 - 2015 **
All rights reserved.
The Business Forum Institute is not responsible
for
the content of external sites.
Read
more
|
|