E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: InternetNews.com

Posted on April 11, 2001

      According to one network security expert, senior management executives at major financial and e-commerce organizations are chiefly to blame for the many security flaws found in today's Web sites.

      Peggy Weigle, chief executive officer of e-commerce security firm Sanctum Inc., said it's mainly because of management requirements that Web application developers are stuck producing vulnerable sites, easy prey for malicious hackers (called crackers).

      The reason developers are doing this, she said, is because management wants them to build sites that are faster, stickier and more attractive than the competition's.

      In other words, function is compromised in favor of form.

      That, coupled with an alarming lack of education in application security, makes many sites vulnerable to break in. According to Weigle, there are only 2,000 qualified developers for the 640,000 B2B and B2C registered sites worldwide.

      "At then end of the day, senior management needs to be taking more responsibility to ensure that their site is secure," Weigle said.

      Many people, mainly the media, are under the assumption that (server exploits) are happening at the network level, Weigle said. But it's at the application level, behind the firewall, where the back end databases are kept and getting infiltrated by the wrong people.

      In the 70 audits Sanctum has performed in its three years of operation, Weigle said her team was able to compromise the integrity of 97 percent of them, in one of four ways: stealing proprietary corporate information, garnering customer information like credit card numbers, altering the prices on e-commerce sites, or defacing the site itself.

      Regardless of who's to blame for security, two recent studies emphasize one fact: companies better get their security act together if they want to cash in on the growing numbers of online shoppers.

      Market Facts Inc., a global market research company, released the results of a study Tuesday that show 80 percent of online consumers feel the benefits of the Internet outweigh any drawbacks and potential problems.

      What's more, about 56 percent of those polled said they were comfortable giving out their credit card information while another 40.1 percent of those polled said they felt comfortable or somewhat comfortable about giving out personal information.

      But offsetting that comforting statistic is a study that shows an increase of cyber-crime in the past year, according to the sixth annual Computer Security Institute/Federal Bureau of Investigations Computer Crime and Security Survey, released Monday. It used to be crackers were content with defacing Web sites, such as the recent incident at the Girl Scouts of America home page, which was usurped with the usual hacker tirade.

      Originally reported to the Attrition Web site, not only were crackers able to code their way through the www.girlscouts.org domain, they were able to affect its alternate domain www.gsusa.org.

      And it's not just the organizations that have a passing knowledge, institutionally, of the Internet. Microsoft Corp., which is in the middle of a major marketing push to put its services online, lost face when its Domain Name Servers were allegedly cracked in January, putting the site in and out of commission for nearly a week.

      Sjofn Agustsdottir, director of surveys and special projects for DNS security firm Men & Mice, said that although many Fortune 500 companies have tightened up their security, many are still at risk if they don't acknowledge a security problem.

      "(There) is a grave lack of concern for protecting private information," Agustsdottir said. "As the FBI recently announced, hackers from Russia are attacking vulnerable holes such as the BIND DNS flaws in major corporate organizations. Issues like the BIND DNS flaws can be dealt with by simply upgrading to a more secure version of BIND DNS, yet this is not happening to the extent that it should."

      In its survey, the CSI and FBI polled 538 business, medical, financial and government security administrators on the types of security issues faced.

      The results show an industry-wide malaise that's resulted in lost revenues and compromised networks. Following are some hightlights:

      Eighty-five percent of those polled said they detected computer security breaches within the past 12 months; Financial losses for 35 percent of those who were broke in (and were willing to release the numbers) totaled nearly $400 million; Ninety-seven percent said they have www sites. Of those sites, 23 percent said their site had been illegally entered, and of those 23 percent, 58 percent reported 10 or more incidents in a 12-month span.

      Bruce Gebhardt, Northern California FBI agent-in-charge, said the results demonstrate the complexity of today's cyber-criminal activity. "The dynamic vulnerabilities associated with conducting business online remain a law-enforcement challenge."

      Early indications are that network administrators are slowly coming to recognize the importance of keeping the company's Web site secure.

      According to a survey by Men & Mice, roughly 40 percent of the Fortune 1000 .com sites were at risk to exploitation by crackers. After the highly-publicized problems faced by Microsoft, that number dropped sharply to 13 percent.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.