E-business encourages criminal profits

E-commerce cannot take off until consumers are convinced that it is secure, but many companies remain ignorant of the risks,...

E-commerce cannot take off until consumers are convinced that it is secure, but many companies remain ignorant of the risks, writes Nick Langley

E-commerce cannot take off until consumers are convinced that it is secure, but many companies remain ignorant of the risks, writes Nick Langley.

What is it?

Protection of IT assets from deliberate or inadvertent damage and unauthorised access.

The future of e-business depends on customers having confidence in their online suppliers, but, from the Melissa and I Love You viruses to the recent exposure of Powergen customer banking details, the news has not been good.

Where did it originate?

When computer terminals were few and online sessions were expensive, it was sufficient to keep them in locked rooms. Subsequently, assigned user IDs began to be backed up by passwords.

When computing moved to wide area networks, transactions and core systems were opened up to hackers and thieves. Banks lost billions, attacks on the Pentagon's systems bought a third world war closer, and Prince Philip had his private correspondence read. But the majority of threats have always come from disaffected or dishonest employees inside the organisation.

Similarly, when Internet access was provided by standalone PCs used for looking things up, hackers couldn't do too much damage. But as soon as Internet access was put on local area networks, and companies moved from brochureware sites to online trading, their exposure increased enormously.

What's it for?

These days, threats include fraud, hacking, viruses and denial-of-service attacks, industrial espionage in cyberspace, inadvertent misuse or exposure of sensitive information in e-mails, exposure of customer files to the outside world, planting of misleading and fraudulent data, Internet abuse by employees, spam (junk e-mail), theft of laptops and telecoms fraud.

An array of security technologies has been developed, including virtual private networks, firewalls, virus scanners, encryption, secure socket layers, digital signatures and digital certificates, Internet filters and spam filters.

What makes it special?

Like rust, hackers never sleep. In the old days, when viruses were passed around on floppy discs, they could take weeks or months to spread. However, recent viruses spread throughout the world while the security specialists were still putting their boots on.

Security is now a 24x7 business that can have all the thrills of battling with the best criminal minds while the clock is ticking. But at the grass-roots level devising, implementing and reviewing IT security policy can be demanding and onerous.

How difficult is it?

Not easy at all, if regular surveys exposing the ignorance of UK businesses are anything to go by.

At a practical level, you can learn how to install and manage a firewall or virus scanner in a couple of days.

Where is it used?

Wherever IT systems come into contact with the world.

Don't confuse

A hacker from New Zealand with a haka from the All Blacks rugby union team.

What does it run on?

Some security products, such as virus scanners, run on desktop PCs or e-mail servers. Others, like most firewalls, are on dedicated security servers.

Few people know

How much money banks have lost to hackers. In 1998, The Times revealed that London and New York banks paid hackers $400m (£250m) to keep quiet after a successful attack.

What's coming up?

Digital signatures, that enable e-businesses to trade more securely. The UK has already approved them, US legislation was signed in July, and the EU is expected to follow.

Rates of pay

Internet security is hot, and will get hotter as e-businesses realise the risks they are facing.

Network security specialists are offered from £35,000 to £40,000, a bank recently advertised for a firewall engineer at £55,000, and security consultants are being offered £60,000 to £70,000, with the prospect of large bonuses.


Generalised Internet security training is available from QA (01285 655888) and NetConnect (020 7573 5100), among many others.

It is also worth contacting major suppliers of firewalls, such as Checkpoint, and virus protection companies such as Network Associates and Sophos. More e-security news

Read more on Antivirus, firewall and IDS products