The extent of the problem was demonstrated by the Code Red worm debacle. Although patches for Code Red were available a month before the virus became active, only a minority of businesses bothered to install the patch. As a result, Code Red infected over 250,000 servers within the first nine hours of its activation.

Michael Rasmussen, a senior industry analyst for Giga Information Group, told NewsFactor Network that he believes the first of such cases will occur within the next year, as hackers and virus writers mount a greater threat to systems and data integrity than ever before.

The Code Red worm underscores the extent of the threat, "not for what it did but for what it could have done," Rasmussen told NewsFactor. "[Code Red] gave the attacker complete administrator access to systems, which means it had the potential to plunder data, delete files and destroy systems."

Risk Management

"The liability involved in not implementing and maintaining security controls throughout an organization will force many to take security more seriously," Rasmussen wrote in a recent brief addressing the topic.

Rasmussen argued that alleviating these concerns all boils down to an organization's risk management policies.

Wrote Rasmussen: "An organization has the option to accept the risk, mitigate the risk, or ensure the risk. But the acceptance of past risks will change as the cost of that acceptance grows higher."

Language of Money

Rasmussen went on to write that such costs will force organizations to examine their security postures more closely and gauge their premiums by them. And those premiums will likely include penalties generated by liability lawsuits.

Jennifer Stisa Granick, Esq., clinical director of the Center for Internet and Society at Stanford University Law School, told NewsFactor that civil liability suits, with the potential for monetary damages, inspire negligent companies to change their security procedures in ways that other methods such as security warnings or corporate best practice policies do not.

"Companies speak in the language of money. They only understand one thing, and that is profit," Granick told NewsFactor. "Only when there is some kind of financial bottom-line effect [does] a corporation have a motivation to do something different." (continued...)

1  |  2  |  Next Page >