Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

The high cost of IT infrastructure intrusions

InfoSecurity Europe : 29 February, 2008  (Technical Article)
Bernard Everett of InfoGuard explains the dangers of leaving core infrastructure undefended against the threat of cyber crime.
As we start to assess the damage and possible consequences of the 25 million people now open to data fraud after two disks containing personal and financial records have gone missing, it has to be asked 'what happens if this information was freely available to anyone possessing off the shelf eaves-tapping equipment?'

State-of-the-art fibre optic networks are employed by many banks, insurance companies, enterprises and public authorities as their communication backbone, supporting critical business activities, it just so happens to be the place where industrial espionage is rife. If no security precautions are taken to prevent the theft of data, the consequences could be devastating. Unlike in this most recent case were two disks have clearly gone missing, in a premeditated tapping of an optical network it is extremely unlikely that the victim will even be aware the perpetrator exists; information will not go missing as our data thief will be simply eavesdropping and coping what transpires over the network.

The world has been shocked to think that the institution that sets the standard and writes the rules, legislating how data needs to be protected can be today at the forefront of one of the largest losses involving 25m files containing individual personal information.

In the commercial sector directors are now made personally liable and can face prosecution, and made to pay damages and fines and can even face imprisonment. In regards to HM Revenue and Customs the question can be rightly asked as to who will ultimately take responsibility?

For some industry sectors the worst impact can be the devastating customer's trust which as in the case of Northern Rock can have huge consequences on the investment and stability of a financial institution.

In a survey by the Wall Street Journal it is estimated that companies that have incurred a breach of information can face a share price loss of up to 3.3% on the day of disclosure, followed by 5 - 24% thereafter with only 30% of such companies being able to recover at all. A recent example is Card Systems which lost $300m in the first 24hrs after disclosing a breach in which 45m credit card details were hacked; Card Systems were then acquired by its competitor Choice Point.

After the humiliation of numerous press conferences, the financial damage does stop with the share price. There are huge additional indirect costs associated with a breach where sensitive data whether it is National Security Numbers, Health Data, Credit Card details or other financial records are lost. Some of these costs will be linked to Public hearings, e.g. Bank of America and Card Systems, call centers, investigations, and credit checks. With an estimated cost of between $100 and $125 per customer, it is reported that Atlantis Resort paid an approximate $6m and Fidelity $15m in additional indirect costs.

It is unlikely that in this situation the HM Revenue and Customs will go out of business as it is clear who ultimately will pick up the tap for this 'oversight'!
InfoGuard is exhibiting at Infosecurity Europe 2008, Europe's number one dedicated Information security event. Now in its 13th year, the show continues to provide an unrivalled education programme, new products & services, over 300 exhibitors and 11,700 visitors from every segment of the industry. Held on the 22nd - 24th April 2008 in the Grand Hall, Olympia, this is a must attend event for all professionals involved in Information Security.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo