Incidences of hacking on the rise, says centre

[InfoSec News <isn () c4i org>]

http://www.nst.com.my/z//Current_News/BT/Tuesday/Business/20010605014224

By MALCOLM ROSARIO
05 June 2001 

STATISTICS from the National ICT Security Emergency Response Centre
have indicated that hacking incidences are on the rise in Malaysia,
averaging 400 new information and communications technology (ICT)
security cases each year.

The figures show that among the 70 incidences reported with the
Malaysian Computer Emergency Response Team (MyCert) - Abuse
Statistics, intrusion attacks topped the list at 39, followed by 21
hack threats.

"The security breaches are due to a weak security policy and poor
implementation (for example, sharing of passwords, failure to update
latest anti-virus programs).

"It can also be a result of human error as in placement of security
equipment due to lack of enforcement and product understanding," said
Biodata Information Technology AG senior vice president, Leonard Oh.

Oh told Business Times that technologically obsolete equipment or
insufficient security (single layer firewall when double layer is
required), and the presence of Key escrows and backdoors (Key escrows
capable of deciphering encrypted messages can fall into the wrong
hands) also contribute to security threats although they are less
likely occurrences.

Biodata, a global provider of network, PC and communications
technology products, says the rise in computer crime is a direct
consequence of increased network traffic and electronic-commerce
(e-commerce).

"We don't live in a world any more where you can draw lines between
the 'good' and 'bad' world.

Company employees can download a Trojan while surfing at home and then
infiltrate the company network when using the very same laptop PC in
the office," Oh said.

"Every new application brings a new threat.

The market for e-security is growing because companies that use the
Internet as a way of distribution realise the need to secure
themselves against dangerous security threats," he explained.

Biodata, a company that has seen it all when it comes to security
breaches, said in most cases, system failures can be traced back to
poor policies and insufficient network security.

It is therefore advisable to install an intrusion detection system
that gives real time alerts, once it recognises an attack signature on
the network.

"Technology such as Internet, Intranet, Extranet and e-commerce are
closely linked to one another.

This is why international companies, financial institutions and the
Government have to secure their networks and the transfer of data," Oh
explained.

The protection of networks against inner and outer risks gains
importance with the increasing use of e-commerce sales and e-mails,"
he pointed out.

Research firm Datamonitor has indicated that worldwide market for
network security will rise from US$5.8 billion (US$1 = RM3.80) in 2000
at a compound annual growth rate (CAGR) of 30 per cent to reach
US$21.2 billion in 2005.

"Based on this, even if there will never be a 100 per cent security,
the present situation where the majority of users and companies have
not taken appropriate security measures is irresponsible," Oh said.

"It's like driving Formula One racers on the Internet data highways
without any brakes and safety precautions," he said.

Biodata, a company renowned for its data protection systems, says
businesses simply cannot afford to ignore data protection.

Today's businesses are drawn to e-commerce to provide better customer
service, collaborate with partners/employees via Intranet /Extranet,
reduce communication costs, improve internal communication and access
valuable information rapidly.

But the dark side of e-commerce and global connectivity is that
corporate assets are exposed, data confidentiality and integrity come
under attack, and there are security concerns with regard to online
payments, and accountability of Internet transactions.

"Companies have invested heavily in e-commerce infrastructure and
hurriedly to get their systems online, but only now do they realised
that they have built houses without any doors that can be locked to
thieves and criminals," Oh said.



ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.