IT risk management firm Business Vitals addresses intrusion detection and prevention COLUMBIA, S.C., February 15, 2006 – In his latest movie, Firewall, Harrison Ford plays Jack Stanfield, an IT security expert who designs theft-proof financial computer systems, but then is blackmailed into penetrating his own systems to siphon $100 million from his employer, Landrock Pacific Bank. The criminal mastermind behind the blackmail can’t find vulnerabilities in Stanfield’s security systems, so he goes after another vulnerability, Stanfield himself.
While the storyline is designed to be dramatic for the big screen and the chance of a similar story playing out in the real world is unlikely, it’s actually not too far from reality, according to information technology (IT) security expert Jeff Brewer.
A former information security specialist with the U.S. Department of Defense National Security Agency (NSA), Brewer, now president of IT risk management firm Business Vitals, says, “There are people with the knowledge, skills, and financial backing to do serious damage to financial institutions without stepping foot in a bank. They’re virtual criminals who prey on IT security weaknesses and are becoming more sophisticated, skilled and organized in their attacks. That part of the movie Firewall is very real.”
Not all virtual criminals are out to drain bank accounts to the tune of $100 million. “It used to be the challenge of taking a site down, but hackers are increasingly motivated by financial gain. Some hack into databases of personal information, which they then sell, or blackmail companies by staging denial of service (DoS) attacks and extorting money to put an end to the electronic mayhem,” says Brewer.
IT security breaches may be more common than people realize. Last year, dozens of security breaches at major financial institutions and other companies that house the personally identifiable information of millions of consumers made headlines. Many more never become public. According to the 2005 FBI Computer Crime Survey released in January, only nine percent of companies surveyed reported “computer security incidents,” including unauthorized access, to authorities.
“With the potential legal, regulatory and financial risk companies face with their IT, not to mention risks to company brand, reputation, and shareholder confidence, we’re talking about millions of dollars at stake. In terms of potential for financial loss, traditional hold-ups are nothing compared to IT breaches. CEOs need to know the risks and enact appropriate safeguards,” says Brewer.
IT experts agree it takes more than a firewall to keep sophisticated criminals out, recommending intrusion detection and prevention systems (IDPs) as essential to thwarting attacks. IDPs allow companies to actively monitor attempted breaches as they happen, see where and how attempts are made, and most importantly, stop them. IDPs also allow companies to practice the due diligence required by Gramm-Leach-Blyley and several state regulations.
“Unless your organization has systems in place to detect and prevent malicious network attacks before they cause harm, youre essentially playing a game of Russian roulette. With all the emails that go through your organization and Web sites your employees visit, there are literally thousands of opportunities for hackers to breach your network every day. The chances of them succeeding are greatly reduced with an IDP system,” says Brewer.
He adds, “Sophisticated hackers pose a threat to banks as in Firewall and virtually every other business that relies on IT. The key to IT security is identifying weaknesses and implementing solutions to eliminate them. The solutions may not be as dramatic as those employed in movies, but they will ensure data confidentiality, integrity and availability. ‘We’ve got a firewall no longer assures the safeguarding of information. That is the irony in the title of the movie because the perceptions unfortunately still exist today.”
About Business VitalsTM
Founded in 2001, Business Vitals provides consulting and ongoing managed services that enhance and elevate IT’s capability and impact on clients in financial services, retail, healthcare, manufacturing, government and other sectors. The privately held company operates a secure operations center in Columbia, S.C., with consulting offices in Boston, Dallas, Indianapolis, and Jacksonville, Fla.