The fact that most of those attacks result in little or no harm is a credit to the sophisticated Web security systems now in place, not to mention the beleaguered IT staffs who stand as the last line of human defense. Yet Web-based security threats continue to grow, making it more important than ever for marketers to ensure those assaults donât harm corporate jewels such as customer databases or the company brand.
"The potential business impact can take a wide variety of forms," said Dee Liebenstein, product manager with the security response group at Symantec. "That includes everything from Web site defacement, where a hacker wipes out what you see on my Web site and replaces it with their own message, to someone launching a denial-of-service attack on your site," overflowing it with fake traffic and causing it to crash.
Even more frightening are hackers who exploit holes in Web servers or in Web applications to gain access to corporate systems and databases. They may do all sorts of damage, including deleting or modifying customer data, Liebenstein said.
Symantecâs most recent Internet Security Threat Report, documenting the six months ended last December, found an average of 30 human-initiated attacks per week at the typical large company. Yet those attacks account for only
22% of all potential security breaches. The other 78% of attacks are attributed to viruses and what are often called "worms," or software that roams the Internet looking for vulnerable locations from which to launch automated attacks. Web users consider themselves lucky if they havenât been hit at some time by worms and viruses such as the creatively named Nimda, Code Red or Slammer.
The typical company is "constantly barraged with worm activity, and if they arenât up-to-date with their anti-virus systems, they arenât going to be able to stop them," Liebenstein said. "Not an hour goes by when something doesnât attack" some company location, he said.
Given those threats, security remains one of the few areas where IT spending hasnât fallen off. IDC predicts corporate spending will continue to rise at a rate of 25% per year, reaching $45 billion by 2006. "Security spending remains a top priority for most organizations," said Brian Burke, IDC senior research analyst.
Security professionals typically talk about Web site security in terms of confidentiality, integrity of information, the availability of information and the systems that house it, said Tim McCormick, VP-marketing for security vendor Internet Security Systems.
"At a very high level, a companyâs brand and reputation are at stake if they were to suffer a security breach," McCormick said. "If you are a small b-to-b manufacturer or wholesaler, for instance, you have an obligation to protect customer data. You can lose real business if there is a breach of trust."
And itâs not only your company and your customers that are in danger. Most hackers and automated software worms look for a company with weak security, then use it as a host from which to launch and disguise large-scale attacks. Good corporate citizenship requires good security practices.
"We are all interconnected," McCormick said. "There needs to be a holistic view of security. Everything today is linked within the enterprise, and, increasingly, enterprises are linked to each other."
While many view Web security as a necessary evilâor perhaps a necessary response to evilâsecurity also has enabled many advances on the Internet, according to Mike Foley, VP-commerce and content for technology vendor VeriSign Inc.
Security as enabler
"If you think about security as an enabler, then e-commerce was really enabled by [security technologies such as] digital certificates," Foley said. "Could you imagine e-commerce without security? Security is a piece of that application that really turned it into a resounding success."
So marketers not only must be concerned about protecting their customers and brands from attack, they also must make security a prime consideration when rolling out new b-to-b business processes, he said. For instance, you canât go live with an online order management system until your IT department figures out how to authenticate users from outside your company and limit their access to only a small portion of your corporate network.
"For marketers, security isnât something to think about at the tail end of creating a new business process," Foley said. "It needs to be thought about upfront. They need to think about security in a pro-active and enabling way."