Online business Toolkit

E-commerce special report: Security

Tags:
E-commerce

Matt Loney ZDNet.co.uk

Published: 07 Jul 2003 13:36 BST

Security is as much about physical processes within the four walls of your company as it is about electronic protection from hackers out on the Internet. Stories about e-commerce sites getting hacked propagate around the Web like spam down a fat pipe, but you rarely hear about the companies whose servers get stolen because they forgot to lock the server room door -- which exits onto a back alley. Yet it does happen.

Any breach of security is serious, not only because of the immediate damage it can do to your finances and reputation, but also because of the liabilities that it can lay you open to.

The best defence is to use well-documented processes, so that if something does go wrong you can claim that you did follow due diligence, which can be a saviour in a court of law.

According to research issued by the government in 2002, more than a third of the worst computer system security breaches at UK companies are from employees.

The Information Security Breaches Survey 2002, sponsored by the Department of Trade and Industry and prepared by consultancy firm PricewaterhouseCoopers, found that in small companies, 32 percent of the worst incidents were caused by insiders, but in large companies this figure climbed to 48 percent. This was a big jump from research carried out a year earlier, said the authors.

A third of the "worst" security incidents were virus infections, but there were also high incidences of other, more deliberately targeted attacks. Forty-one percent of companies reported virus infections in the past 12 months -- nearly triple the 16 percent reported in the same survey two years ago.

While hacking attacks accounted for only 14 percent of the worst incidents in the past 12 months, this figure shot up from just 4 percent two years prior. Eleven percent of companies reported that their worst incident was due to inappropriate use of systems (using email or Web browsing to access or distribute inappropriate material), and 6 percent said the cause was theft of information.

Most security incidents resulted in only minor costs, according to the survey, with two-thirds of the most serious incidents costing less than £10,000 to resolve. However, about 4 percent of the UK businesses surveyed said they had suffered costs of more than £500,000 following a single security incident. Two years ago, the companies reported that their worst incidents cost in the range of £20,000 to £100,000. One manufacturer, said the authors, estimated the direct costs associated with a recent virus infection to be £80,000.

Many more companies have inadequate systems in place to deal with security incidents than they did two years ago, but small companies still lag badly. Three-quarters of large companies have procedures for logging and responding to security breaches, and 75 percent have contingency plans, compared to 41 percent and 47 percent respectively for small companies.

Go to section: