organizations rushing to build information systems for all forms of digital commerce are realizing there's no fail-safe way to secure the free flow of data or money. It's like trying to protect the telephone system from prank callers, or trying to block spammers from clogging your messaging system.
Except it's often far worse. Organizations engaged in Web commerce, electronic supply chains, and enterprise resource planning experience three times the incidents of information loss and theft of trade secrets than everybody else. Revenue loss, though not prevalent, is seven times more likely to strike Web commerce sites compared with noncommerce sites.
These are two of the key findings of the 1998 InformationWeek/PricewaterhouseCoopers Global Information Security Survey fielded this summer in 50 countries and completed by 1,600 IT and security professionals.
- www.e-shops-list.com ----- best online shopping list ---- online store list ------ online store list -
A keen awareness of an organization's increased exposure to internal and external dangers isn't enough to plug the gaps. The digital commerce sites experiencing the most attacks, including banks and financial services companies, are the same disciplined IT shops that also create information security policies, spend lots of money on security products such as firewalls and encryption, and institute policy training for IT staff and end users.
All of which points to an obvious business trade-off, especially for IT managers who want to open their enterprise to outside partners. "An extranet is a risk," says Enno Becker, director of technology infrastructure at the Forum Corp., a training and consulting company in Boston whose extranet is linked to three corporate customers. "You're creating a tunnel into another environment that you don't control. But the business benefits are too great to be ignored."
Defining what's an acceptable risk varies greatly from industry to industry. In retail, a 3% loss from online credit-card fraud might be tolerable, but in the chemical industry the same fraud loss might be considered a disaster. Such expectations not only drive security policies and spending, but they also influence experience.
- www.e-shops-list.com ----- best online shopping list ---- online store list ------ online store list -
• Overall, 59% of sites selling products or services on the Web report at least one or more security breaches in the past year, compared with 52% of sites that may have a Web site but aren't using it for monetary transactions.
• Sites with supply-chain networks or ERP applications are struck about 10% more often than sites without such applications, possibly because they have competitive intelligence available to plunder.
• Information loss has occurred at 22% of firms conducting Web sales, but only 13% of companies not selling products on the Web say they have had the same experience.
• Significantly, 12% of E-commerce sites reported theft of data or trade secrets, three times the number of companies not selling products via the Web
Among those survey respondents able to identify losses due to security breaches in the past 12 months, 84% say they lost between $1,000 and $100,000 in U.S. dollars. The other 16% say they racked up more than $100,000 in losses.
"There are significant financial losses that people don't even know about," says Bruce Murphy, managing director at PricewaterhouseCoopers, which advises companies on information security issues.
没有评论:
发表评论