Information Security is no longer a technology issue – it´s a CEO issue, according to Rob Clyde, vice president for technology for Symantec´s office of the CTO. Clyde presented recent findings on security for businesses at a breakfast meeting of the Utah Information Technology Association at the Canyon Park Technology Center in Orem.
Clyde pointed out that initially motivation for computer attacks was simply attention, and it was an issue senior executives largely ignored. However, the motivation for current computer hacking is money, and the many of today´s attacks are generated via organized crime.
“CEOs face new levels of pressure today,” Clyde noted. “New legislation in California, for example, requires that if a security breach happens, a company must notify all customers who may have been affected, which escalates to informing everyone. A security breach becomes a public event.”
Clyde noted that two of his own personal credit cards were suddenly re-issued by providers within the past 30 days as a result of corporate security concerns.
Today, the average system is attacked in just seven minutes, Clyde said. Spyware and adware attacks grew by 25 percent in the latter half of 2004. There have been 4.7 million new spammed e-mails per day during last six months of 2004. Yet the majority of smaller companies, in particular, employ just anti-virus software at the desktop and a firewall at the point of Internet access. These steps are clearly no longer enough. Clyde advises companies to implement firewall protection all the way to the desktop, and to find and implement methods of intrusion detection that are automatically built in.
Moving forward, Clyde notes that information security should become a part of a company´s very culture. Information security should become a part of the business process itself.