Web site security

By Published on .

Most Popular
Whether you realize it or not, your Web site and corporate network are constantly under attack. According to a report from security vendor Symantec Corp., a typical large company is attacked continuously by human hackers and automated software applications—any of which could cause significant corporate damage.

The fact that most of those attacks result in little or no harm is a credit to the sophisticated Web security systems now in place, not to mention the beleaguered IT staffs who stand as the last line of human defense. Yet Web-based security threats continue to grow, making it more important than ever for marketers to ensure those assaults don’t harm corporate jewels such as customer databases or the company brand.

"The potential business impact can take a wide variety of forms," said Dee Liebenstein, product manager with the security response group at Symantec. "That includes everything from Web site defacement, where a hacker wipes out what you see on my Web site and replaces it with their own message, to someone launching a denial-of-service attack on your site," overflowing it with fake traffic and causing it to crash.

Even more frightening are hackers who exploit holes in Web servers or in Web applications to gain access to corporate systems and databases. They may do all sorts of damage, including deleting or modifying customer data, Liebenstein said.

Symantec’s most recent Internet Security Threat Report, documenting the six months ended last December, found an average of 30 human-initiated attacks per week at the typical large company. Yet those attacks account for only
22% of all potential security breaches. The other 78% of attacks are attributed to viruses and what are often called "worms," or software that roams the Internet looking for vulnerable locations from which to launch automated attacks. Web users consider themselves lucky if they haven’t been hit at some time by worms and viruses such as the creatively named Nimda, Code Red or Slammer.

The typical company is "constantly barraged with worm activity, and if they aren’t up-to-date with their anti-virus systems, they aren’t going to be able to stop them," Liebenstein said. "Not an hour goes by when something doesn’t attack" some company location, he said.

Given those threats, security remains one of the few areas where IT spending hasn’t fallen off. IDC predicts corporate spending will continue to rise at a rate of 25% per year, reaching $45 billion by 2006. "Security spending remains a top priority for most organizations," said Brian Burke, IDC senior research analyst.

Security professionals typically talk about Web site security in terms of confidentiality, integrity of information, the availability of information and the systems that house it, said Tim McCormick, VP-marketing for security vendor Internet Security Systems.

"At a very high level, a company’s brand and reputation are at stake if they were to suffer a security breach," McCormick said. "If you are a small b-to-b manufacturer or wholesaler, for instance, you have an obligation to protect customer data. You can lose real business if there is a breach of trust."

And it’s not only your company and your customers that are in danger. Most hackers and automated software worms look for a company with weak security, then use it as a host from which to launch and disguise large-scale attacks. Good corporate citizenship requires good security practices.

"We are all interconnected," McCormick said. "There needs to be a holistic view of security. Everything today is linked within the enterprise, and, increasingly, enterprises are linked to each other."

While many view Web security as a necessary evil—or perhaps a necessary response to evil—security also has enabled many advances on the Internet, according to Mike Foley, VP-commerce and content for technology vendor VeriSign Inc.

Security as enabler

"If you think about security as an enabler, then e-commerce was really enabled by [security technologies such as] digital certificates," Foley said. "Could you imagine e-commerce without security? Security is a piece of that application that really turned it into a resounding success."

So marketers not only must be concerned about protecting their customers and brands from attack, they also must make security a prime consideration when rolling out new b-to-b business processes, he said. For instance, you can’t go live with an online order management system until your IT department figures out how to authenticate users from outside your company and limit their access to only a small portion of your corporate network.

"For marketers, security isn’t something to think about at the tail end of creating a new business process," Foley said. "It needs to be thought about upfront. They need to think about security in a pro-active and enabling way."

In this article: