• Technology
  • CFO Asia

Insecure About Security

The technology to combat computer hackers is improving, but the most potent weapon is still the individual company's adherence to best practices.

It’s every CFO’s nightmare. A fax comes in
containing a thinly veiled threat: “You have a breach in
your security system and you need to hire us to fix it.”
People typically ignore the fax until a second and then
perhaps a third message comes — this time with a sample
report of credit card numbers, says Gene Fay, a vice
president at RSA Security Inc., the security division of
storage giant EMC. The threat becomes stark: “You
need to pay us or we’ll post all these numbers to a website.”
If the company opts to pay, the hacking rarely gets
reported. If they try to fight and find the perpetrators,
they may step into a murky world of organized crime.

Reports about major companies’ networks getting
hacked are becoming frighteningly commonplace. The
hacking has evolved from a kid defacing a Website five
or six years ago to organized crime groups realizing
there is big money to be made from stealing a company’s
sensitive customer information. Security experts say
that in Russia, for example, loose law enforcement is
motivating computer programmers to design malware
that can be used by cybercriminals to steal credit card
and social security numbers and sell the information on
the black market.

Database hacking is not limited to any particular
region. “It’s a transborder data flow problem, which
means the thefts and attack strategies quickly move
from jurisdiction to jurisdiction, so the applicability of the laws is difficult to discern,” says Andrew Walls, a
research director with Gartner Group in Melbourne.
But Asia is becoming a particular target, in part because
of the philosophy of trust that companies in this region
tend to nurture. “We’re seeing a trend of information
being scanned and looked at more on the Asian market,
which we believe will result in more hacking into
systems, because the people doing the penetration testing
or identification of vulnerabilities are going to see
them as easier opportunities,” says Doug Howard, chief
operating officer of BT Counterpane, a managed security
company in the United States.

Companies in Asia that are only now starting to
open their businesses to the outside world are
especially vulnerable. When Techcombank decided to become the first bank in Vietnam to provide
customer Internet banking services, officials
knew standard passwords wouldn’t be
enough for database protection because of
the hackers’ aggressive techniques. The
bank chose RSA’s Two-Factor Authentication
(2FA) key token system for user
authentication. When customers first register
for the Internet service, they are given
the token key, a user ID and user guide. The
password they create combined with the
token key becomes their login password.
Their account will be locked if one or both
passwords are entered incorrectly.

Discuss

Your email address will not be published. Required fields are marked *