Author: Ian Palmer
The sun rises, the events of the day unfold, and then the sun sets. These are some of the things businesses can expect to occur without a hitch. But with viruses, spyware, and worms running rampant, companies must also deal with the threat of chaos stemming from a bevy of virtual menaces bent on comprising their corporate networks and sucking away their financial resources.
Aberdeen Group in Boston, Mass., recently released its Internet Business Disruptions Benchmark Report, which, among other things, revealed that the average revenue loss from Internet business disruptions is currently about $2 million per incident.
Increasing online dependency a key factor
Businesses are now seriously considering how to solve the problem, according to Aberdeen. And this renewed effort is in no small part due to the increasing emphasis companies are placing on the Internet, particularly as a means of facilitating customer sales, customer service, procurement, sourcing, distribution, and fulfillment.
The report noted that 75 percent of all companies are increasing their usage of the Internet primarily for customer sales and service.
“Less than 15 percent of companies said that they don’t think this is a serious enough problem to take action on,” said Jim Hurley, VP of risk, security, and compliance for the Aberdeen Group and author of the report. He explained that those among the 15 percent probably don’t use the Internet for core business functions. “Many companies know what they want to do, agree on the likely ways to do it, but don’t know what solutions are working.”
While the Aberdeen Group looked at the role viruses, worms, and spyware can play in Internet-based business disruptions, the Computer Security Institute and the San Francisco Federal Bureau of Investigation’s Computer Intrusion Squad, in their annual survey on cybercrime and information security, looked at a wider range of issues related to business disruptions.
The 2004 Computer Crime and Security Survey revealed that cybercrime is still a significant problem — overall financial loses from 494 survey respondents were $141.5 million, down from 530 respondents reporting $201.7 million last year. And these problems, as it turns out, could result in Internet-based business disruptions if firms aren’t prepared to handle emergencies.
Emergency message system can help continuity
Samy Aboel-Nil, co-founder and VP of product management at Austin, Texas-based MessageOne, a firm that helps enterprises prepare for and respond to disruptions to their normal business operations, explained how his company?s Emergency Messaging System (EMS) provides businesses with on-demand email recovery and continuity in the event that their normal email systems are inoperable.
“MessageOne provides continuity solutions for communications,” said Aboel-Nil, adding that his company has partnered with IBM and SunGard to deliver the solution, which can be deployed in one day. “We believe that businesses are more and more critically dependent on email.”
Aboel-Nil joked that MessageOne eats its own “dog food.” So it not only offers its EMS solution to other firms but also uses the solution in-house. In fact, he added, his company has actually had to rely on the backup email solution in the past.
Addressing Internet-based business disruptions from the employee perspective, Deborah Fallows, senior research fellow at the Pew Internet & American Life Project in Washington, D.C., said that employees accessing email must think carefully before downloading things or clicking on links.
“About one-third of people poke around with the links of the spam that they get,” she said, adding that employees tend not to think about what might be on the other side of the links in their email messages. Clicking on “delete me” links, she stressed, could be dangerous because users may inadvertently download destructive software. “Most people just click to delete spam — that’s the best thing they could do to prevent viruses.”
According to Stephen Northcutt, director of training and certification at the SANS Institute in Bethesda, Md., promoting awareness among employees is crucial in the fight to safeguard against Internet-based business disruptions.
“Everyone agrees that awareness training is one of the most important things we can do,” said Northcutt via email. “Tragically, no one, including SANS, seems to have figured out how to do this particularly well. Hopefully, the government mandating yearly awareness training will put enough money into the market so that programs that are NIST SP800-50 compliant are also effective. High-end specialty security training and certification are important because they demonstrate that the people you rely on for information security meet a minimum standard.”
Ian Palmer is a free-lance writer based in Toronto.