|
| |
|
Cyber-security: It's time to play tough with the board
In survey after survey, CIOs and IT executives claim that they are taking the threat of cyber-security attacks very seriously in the wake of the September 11 terrorist attacks. But the fact that the Slammer worm was able to cripple the Internet last weekend proves otherwise.
How did Slammer manage to worm its way through so many of the world's networks in a span of less than 48 hours, even though Microsoft issued a patch for the vulnerability six months ago? Because hundreds of network administrators never took the simple, routine step of installing the patch. The attack began in the wee hours of Saturday morning, Eastern U.S. time. By Saturday evening, hundreds of thousands of servers across the United States, Europe and Asia had the worm because they had never been patched. The worm scans the Internet for vulnerable servers, stores itself in the memory, and then searches for more vulnerable servers. It interferes with legitimate traffic by continually transmitting an endless loop of junk code, slowing or stopping service. Although a simple reboot will remove the worm, the server remains vulnerable to reinfection if it remains unpatched when re-connected to the Internet. Tom Ohlsson, Marketing Vice President at Internet traffic monitoring firm Matrix NetSystems, told Newsfactor Network that at the peak of the attacks, "the Internet was seriously hampered with a very, very high packet loss." Internet traffic slowed to a crawl, and thousands of ATM banking machines across the United States were unable to dispense cash. The saving grace, Ohlsson said, was that the attack peaked when Internet traffic was low, allowing the network to recover quickly. If it had occurred when Internet traffic was high, he told the news service, the results would have been "catastrophic." It's frightening to think the Internet could have been devasted by a known worm - with a known and readily available patch - six months after the patch was issued simply because thousands of network administrators around the world are too lazy, too disorganized, too understaffed or too uncaring to install it. Their irresponsibility puts every company that relies on this vital business tool at unacceptable risk. Job Number One in every IT department should be staying current on installing security patches. If that isn't the case at your company, it's time to get serious and make it so. CIOs and network administrators don't deserve all of the blame, of course. Corporate boards must also shoulder their share of the responsibility. Industry experts say boards, which don't really understand cyber-security issues and are reluctant to fund what they don't understand, have kept IT security budgets well below what they should be at many companies. While they take the threat to their physical assets seriously in the wake of September 11, investing in their business continuity and disaster recovery capabilities, they continue to underestimate the damage that could occur from a cyber-security breach. Once again, however, it is the job of the CIO to educate them. Paint vivid scenarios your board can understand of exactly what would happen if the corporate network went down for an extended period. Outline the work that couldn't get done, the customer inquiries that couldn't be answered, the shipments that couldn't be tracked, the invoices that couldn't be issued, and exactly what that will mean to the bottom line. Better yet, tell them how stockholders are likely to react if word gets out (team up with the CFO and estimate the damage to the company stock price in the wake of such news, and you'll be sure to hold their attention). Then give them your best estimate of what it will take to prevent such an occurrence - or to quickly recover from one if it does occur, reducing the risk the news will leak. Chances are the money will be forthcoming. At the very least, you'll get enough manpower to ensure your security patches get loaded expeditiously. New IT outsourcing model to integrate local and offshore resources PARIS (March 12, 2003) – Cap Gemini Ernst & Young (CGE&Y), Spain, a global leader in management consulting and IT services, has been selected by GE as a European Global Development Center (GDC) for IT services to a number of GE businesses. Air Products acquires Ashland's Electronic Chemicals businessLEHIGH VALLEY, Pennsylvania (September 02, 2003) - Air Products, materials and services solution provider to the semiconductor industry, has acquired the Electronic Chemicals business of Ashland, in a cash transaction valued at approximately USD $300 million. The acquisition has received the necessary regulatory approvals. Michigan Attorney General acts in Consumers Energy cases to fend off higher gas prices for ratepayersLANSING, Michigan (March 12, 2003) - Attorney General, Mike Cox, is taking action in two Consumers Energy cases before the Michigan Public Service Commission (MPSC) in order to reduce out-of-pocket costs to Michigan ratepayers. BASF selects EasyAsk to simplify and improve access to critical business informationLITTLETON, Massachusetts (March 11, 2003) – BASF, North American affiliate of BASF AG, has selected EasyAsk's technology to power a corporate portal effectively enabling employees to easily and quickly locate and retrieve business information and reports. New Microsoft Office System released to 500,000 beta 2 testersREDMOND, Washington (March 11, 2003) - Microsoft has begun distributing a half-million copies of the beta 2 version of the new Microsoft Office System to customers and partners worldwide. Fuel cell boat tested in Newport Beach, CaliforniaEATONTOWN, New Jersey (August 26, 2003) – What is claimed to be the world's first electric fuel cell water taxi powered by Millennium Cell's Hydrogen on Demand hydrogen fuel system, operated successfully in the Newport Beach, California harbor, as part of pre-launch testing. Ariel Research launches new regulatory module for chemical industryMCLEAN, Virginia (August 26, 2003) - Ariel Research, Environmental, Health & Safety (EH&S) regulatory compliance research company, has launched a new module designed to enable companies manufacturing, using or transporting chemicals across Central and Eastern Europe to mitigate their EH&S risk. ChemConnect and ForestExpress to linkHOUSTON, Texas (March 10, 2003) – Connection hub, ChemConnect, which assists customers to optimize their purchasing and sales processes for feedstocks, chemicals, plastics, and related products, and ForestExpress, the transaction processing network for the forest products and allied industries, are to connect to each other’s networks, enabling member companies of each hub to exchange electronic business documents without having to establish and maintain costly one-to-one connections. Rodel Partners With Clariant to Provide Slurry for Direct STI CMP ApplicationsPHOENIX--April 23, 2001--Rodel, Inc., an innovator of integrated materials for the microelectronics industry, has announced a partnership with Clariant Corporation to distribute and market the company's new colloidal silica-based slurry. Developed by Clariant, Elexsol(R) STS-2 will be used in CMP (chemical mechanical polishing) applications, including direct STI (shallow trench isolation). Elexsol STS-2 will begin shipping at the end of second quarter 2001. DuPont, Sarnoff and Bell Labs to Collaborate on Developing Advance Technology for DisplaysWILMINGTON, Del., Oct. 29 -- As part of a federally sponsored research and development initiative, DuPont -- a leader in the development and manufacturing of organic light emitting diode (OLED) displays -- and Sarnoff Corporation have agreed to develop new organic-thin film transistor (organic-TFT) technology on plastic substrates. Organic-TFTs can offer major advances in commercializing future generation flexible display devices such as full-color polymer-based active matrix OLED (AM-OLED) displays. Ferro Corporation Regular Quarterly DividendCLEVELAND, Oct. 28 -- Directors of Ferro Corporation declared a regular quarterly dividend of 14.5 cents per share of common stock. The dividend is payable December 10, 2002 to shareholders of record on November 15, 2002. Airgas Launches New Line-up of Gold Gas Premium Shielding GasesRADNOR, Pa.--Oct. 29, 2002--Airgas, Inc. today announced a new improved line-up of the Airgas Gold Gas® premium shielding gases. It will launch the new line-up with product demonstrations at FABTECH International 2002, North America's largest annual metal forming and fabricating event, taking place October 29-31, 2002 at the International Exposition (I-X) Center, Cleveland, Ohio. Syntroleum introduces low-cost barge mounted gas-to-liquids plantTULSA, Oklahoma (August 23, 2003) – Syntroleum, owner of a proprietary air-blown gas-to-liquids (GTL) process for converting discovered stranded gas reserves to clean fuels, plans to commercialize a small barge-mounted GTL plant (GTL Barge). EU ‘REACH’ plan unworkable, says SDAWASHINGTON, D.C. (August 23, 2003) - Major portions of Europe’s proposed chemical management policy are unworkable and would place significant burdens on business and government with ‘negligible’ improvements to human health and the environment, according to The Soap and Detergent Association (SDA). Alliance announces clean energy initiativeBOSTON (August 23, 2003) - An alliance of environmental, industry, academic, and government organizations has formed a coalition, the Northeast CHP Initiative, to spearhead the installation of clean, reliable, energy-efficient ‘combined heat and power’ (CHP) systems throughout the Northeast. About 75% of mergers fail due to poor evaluationDURHAM, North Carolina (August 23, 2003) - As mergers and acquisitions make a comeback, a recent study shows that an overwhelming 75% of large company M&A deals fail to increase shareholder value. World's first corporate governance guidelinesSYDNEY, Australia (August 23, 2003) - Following the recent spate of high profile corporate collapses across the world, an Australian company, SAI, has developed the world's first consensus based guidelines for organisations seeking to improve their corporate governance practices. May I have the envelope, please?It’s tough to be an independent trading exchange these days. Stock prices are down, IPOs are cancelled and business is tough to find – and that’s just among the survivors. To add insult to injury, every speaker at e-business conferences these days seems to start with a joke at their expense. OneChem and webMethods deploy integrated customer care solutionMIAMI, Florida (April 24, 2001) – OneChem (onechem.com), an application service provider to the chemical industry, and webMethods (webMethods.com), a provider of integrated software solutions, have successfully implemented the OneChem Customer Care integrated solution at Vulcan Chemicals. Eastman takes steps to improve profitabilityKINGSPORT, Tennessee (August 27, 2003) - Eastman Chemical has outlined steps to improve profitability by addressing under-performing businesses and product lines in one of its major segments.
|
|