Around the same time terrorists attacked the U.S. on Sept. 11, a flurry of destructive computer viruses hit Mississippi’s capital city. Even the state government was not immune to its wrath.
The first wave of the self-replicating Nimda worm, which exploited a security hole in Microsoft’s Internet information Web server and has a virus component that attacked PCs, hit government offices, shutting down networks and Web access for hours.
“Several of our customers experienced network failures and even the plight of our own state government was widely publicized,” said Gerard Gibert, CEO of Venture Technologies in Ridgeland, whose company recently handled more than 1,000 attacks.
“I’m happy to announce that our data center experienced no failures, outages or interruptions in service,” he said. “Clients that depend on us to host applications, servers, store electronic documents or manage their networks computed through the attack period like any other normal business day.”
With heightened security because of the terrorist attacks, the federal government is eyeing its own private Internet, one that would be able to withstand cyber attacks. Richard Clarke, newly appointed cyberspace czar to President George W. Bush, warned that America’s Internet infrastructure was vulnerable to a “digital Pearl Harbor” that could disrupt vital communications. Some observers have likened Internet attacks such as worms and viruses to weapons of “mass disruption” rather than “mass destruction.”
Earlier this year, the Computer Security Institute (CSI) and San Francisco’s FBI Computer Intrusion Squad announced results of its 2001 Computer Crime and Security Survey, which confirmed that computer crime and other information security breaches are on the rise. And the financial toll is daunting.
About 85% of survey respondents — primarily large corporations and government agencies — detected computer security breaches within the last 12 months. Nearly two-thirds acknowledged financial losses as a result. The theft of proprietary information exceeded $150 million and financial fraud accounted for nearly $100 million. The most frequent points of attack were the Internet connection (70%) and internal systems (30%).
“The majority of hackers are kids using scripts and doing it for fun and bragging rights,” said Jack Ridgway, vice president of technology for Consultrix Technologies, a Jackson-based provider of network solutions and services formerly known as Integrated Network Solutions (INS). “You don’t hear a lot about criminal hackers because they’re obviously a lot more sophisticated and are in it for the money…Activists and terrorists are coming to the forefront now, using cyber terrorism to bring down big business.”
Cyber experts have urged executives to learn more about the range of potential cyber attacks and information protection initiatives.
“There’s not a problem convincing executives about a need for security,” said Ridgway. “The problem is convincing them what security is all about. Security is not a product, it’s a process. A firewall is just one little piece of the system.”
If a corporate firewall is the fence around a company’s online security environment, intrusion detection software (IDS) is the security camera and burglar alarm.
“A firewall is always the first thought when people talk about security,” said Ridgway. “In order to do commerce on the Internet, you have to allow some things through. One of the biggest issues with firewalls is that it’s not something you put in and forget about. Somebody needs to be monitoring the traffic going through the firewall and updating it when security breaches are found.”
IDS, another key ingredient in a company’s online security environment, monitors traffic that comes into systems, and security experts say it’s not unusual to see companies hit up to 100 times on a normal business day.
Virus problems cost small businesses more money than almost any other computer problem. A company hit hard by a virus can pay several thousand dollars to get the system cleaned up. That doesn’t include lost data and productivity, Ridgway said.
“Small business owners may buy a PC with an anti-virus program, but many times, they don’t have anti-virus protection on their servers and they don’t scan their e-mails,” Ridgway said.
Since Sept. 11, increased focus on computer security has taken place. Companies have tightened reins on standards of operations, requiring employees to sign confidentiality and/or policies and procedures agreements for system and Internet usage. Security response programs are being implemented. And primarily because of a lack of skilled IT security personnel, many companies are outsourcing network security tasks.
Because it’s expensive to have a private wide-area network, virtual private networks (VPNs) are gaining in popularity. VPNs allow companies to connect to branches, customers or suppliers, for example, and create a virtual private network over a public network.
“We’ve also seen a renewed interest in user authentication systems, Public Key Infrastructure (PKI) technology, biometrics and smart cards,” said Jack Little, chief technical officer at Venture Technologies.
Shared computing, used in service bureaus in the 1960s and 1970s, is a relatively new concept to the “open systems” world and is gaining in popularity in metro Jackson, Little said.
“It’s much less expensive to establish IT service in an ‘open systems’ environment because we’re able to leverage the cost of a large number of customers for the hardware and software platforms,” Little said.
Even with all these precautions in place, is the Internet as a whole vulnerable to a shutdown?
“It’s highly unlikely because of the nature of the Internet itself — a collection of interconnected computers,” Ridgway said. “But as we saw from the worm, there were plenty of worries. It slowed the system down, but didn’t shut it down.”
Contact MBJ contributing writer Lynne Wilbanks Jeter at email@example.com or (601) 853-3967.