In today's wired world, where practically every business is becoming more Web-centric, you do not have to be a household name like Yahoo, Amazon.com or eBay to suffer damaging security breaches.
Companies across the globe lost billions of dollars in 2001 to viruses, Trojan horses, worms and denial-of-service attacks - but the bottom line is that they could have avoided much of the carnage with a greater awareness of the security issues surrounding good e-business.
The key mistake many companies make is that they have the wrong approach to security. They think, 'how do I avoid the threat?' When they should be thinking, 'how do I manage the risk?'
Security is all about visibility and control. You must be able to see what traffic is on your network at all times, whether it is legitimate or not, and be in a position to manage your own network. It is not going to manage itself.
People think that by simply installing a firewall they are protected, but it is very dynamic. It is not something you take out of the box, install, then walk away from. There are always new types of attacks, new types of services, and new types of vulnerabilities.
Scary stuff. But by making your company less vulnerable you become less of a target, and there are some basic issues you can address to protect your business right now. If you have proper authentication systems in place, for example, make sure they are not disabled. Make sure your firewall is properly configured. Do not open unknown attachments or download unknown software. And, of course, back everything up.
That is an issue that cannot be stressed enough - think of back-up, business continuity and disaster recovery as part of your security policy. If a portion of your revenues come from e-business, every minute you are offline is costing you money.
Another key issue for e-business security is authentication.
Organisations must be able to conclusively verify the identity of individuals and entities before allowing them to access confidential information or conduct transactions electronically. If users are not properly identified, an organisation has no assurance that access to resources and services is properly controlled.
No matter how well a company has implemented authorisation services to control the access to critical applications and offer personalised services, everything hinges on the true identity of the user.
With a renewed focus on security, a deepening skills shortage and the vast complexity of managing enterprise security environments, there is a trend emerging in the South African IT security services industry in which companies outsource the management of their security systems to trusted partners.
You can never outsource things like your standards, governance and security policy, but companies are finding they simply do not have the skill sets to put in place services like firewall management, intrusion detection and planning, building and maintaining security architectures.
As research firm IDC points out, the market leaders will be the ones that offer a broad range of services, that are well-funded and that are able to establish a trust relationship in a market where outsourcing is still a relatively new concept.