Virginia Business
Business intelligence for and about
Virginia's business community
NEWS CENTER
Home
Current Issue
Past Issues
Daily Headlines
Virginia Ideas
Editor's Blog
Spacer
TOP FEATURES
Business Calendar
Virginia's Wealthiest
List of Leaders
Fantastic 50
Legal Elite
Super CPAs
Maritime Guide
Executive Lifestyles
Spacer
MARKET RESEARCH
Business Libraries
Regional Guides
Spacer
CLASSIFIEDS
Jobs
VACommercial
Executive Services
Spacer
CONTACT US
Contact Us
Advertise With Us
Planning Calendar
Subscribe
Spacer
News & Features

What's in your inbox?
As companies beef up network security, hackers raise the ante

READER REACTION
Feedback: Comment on this story

by Christina Couch
for Virginia Business
January 2007

Remember when running a virus scan gave you the fuzzy feeling that a CPU was safe? Kiss those days goodbye. In the age of spyware, phishing scams and infectious e-mail, it'll take more than the occasional scan to secure companies' networking systems.

"Unless you unplug all of your computers, you're never going to eliminate the problem of network attacks" says Joshua Cole, executive vice president of Continuity First, a Richmond-based business disaster recovery firm.

In the cyberworld, only the strongest survive. Cole says malicious software programs and hackers are constantly trolling the Internet in search of computers that aren't armed with the latest in online protection. A study conducted by an identity management group, Aladdin Knowledge Systems, shows that the number of cyber threats has more than tripled in the past year.

"The costs resulting from network attacks can be staggering," says Shirley Payne, chairwoman of VA SCAN, a statewide alliance of IT professionals dedicated to protecting Virginia's higher-education networking systems. "Think about the damage to the company's reputation, the impact on productivity, the cost of just having your network down. It's significant."

Recently, companies including Bank of America, Sam's Club, MasterCard, and Polo Ralph Lauren all felt the financial sting of network security breaches. The Department of Veterans Affairs announced in May that the personal records of 26.5 million vets had been compromised because of one stolen laptop - a loss which has cost the VA nearly $15 million.

Locally, Virginia Commonwealth University faced two security breaches last year due to human error. In the summer, the university announced that names, e-mails and Social Security numbers of more than 2,800 alumni had been posted online, all because one employee accidentally put a sensitive file into a folder open to the Web. In November, 561 VCU students' names, Social Security numbers, addresses and grade-point averages were accidentally included in e-mail attachments sent to 195 students.

Although remedied immediately upon discovery, the mistake forced the school to offer each alum a credit monitoring service and up to $20,000 worth of identity theft insurance - costing about $30,000 for the first case.
Then in December, an auditor announced that 80 percent of Virginia's agencies and institutions had inadequate computer security programs.

Besides losing manpower and credibility with consumers, companies face an even greater problem - having sensitive data, client information and financial records erased or even stolen, all because one employee clicked the wrong link.
"Four or five years ago, [hacking] was more like amateur hour, people doing it to prove how smart they are," says Todd Bransford, vice president of marketing for the Arlington-based online risk management firm, Cyveillance. "Today the landscape is much different."

In the world of online bill paying and e-loans, hackers have far more financial incentive than they did a decade ago. With credit-card information, banking records, Social Security numbers and credit histories just a click away, cyber-criminals cost U.S. businesses more than $67 billion each year, according to FBI estimates.

Bransford says the key to avoiding embarrassment and financial ruin is for companies to arm themselves as best they can. That means protecting computers with a trusted antivirus program and a firewall as well as backing up sensitive data. Cole also recommends installing encryption software on laptops or removable hard drives employees may take on the road.

Mark Willis, VCU's chief information officer, says that even if a computer system is protected by Bill Gates himself, network security breaches can still result from human error. To combat human glitches, larger companies are investing in comprehensive risk management programs like Cyveillance that provide IT protection along with online monitoring designed to find information leaks instantly. Though the protection isn't cheap - Bransford says companies pay $20,000 to more than $200,000 for yearly service - it's a drop in the financial bucket compared with the cost of a security breach.

No matter how much protection you pony up for, Willis of VCU says that all companies should have a solid systems recovery plan in place. "Companies need to think about how to deal with a security breach, what steps they'll need to take to contain the exposure, how to communicate with their constituent base," he says. "Having a response plan and practicing that plan is crucial."

 

 

Virginia Business Online | Contact Us | Webmaster

VirginiaBusiness.com is part of the GatewayVa network.

© 2007, Media General Operations Inc., publisher of Virginia Business.
Use of this website is subject to certain terms and conditions