Survive's BS 7799 e-risk forum
"what should 21st century IT security encompass?"
London, UK, 13:30 GMT 29th November 1999 - At the talk being given
to "Survive's BS 7799 Special Interest Group" in the City of London
on 1st December, mi2g software will reiterate that contrary to popular
understanding, most of the serious electronic attacks taking place against
financial institutions, multi-nationals and major on-line businesses are highly
covert and seldom become public knowledge. The breaches take place because
of the lack of an up-to-date IT security policy that encompasses systems,
personnel, legal issues and insurance.
mi2g's Security Intelligence Products and Systems (SIPS)
division will give examples of the types of e-risk and counter measures
being deployed as well as analyse the impact on share price, profit margin
and brand value. Whilst the headlines are grabbed by publicity seeking hacker
attacks on web sites, where graffiti is splashed across the screen or data
is visibly lost, it is becoming clear that the piracy of intellectual property
and internet based financial fraud is taking place in much more subtle ways
and over a longer period of time. Each serious incident in 1999 has caused
the target multi-national organisation or large on-line business damage to
the tune of £25 to £40 Million.
Single off-the-shelf technology solutions offered as packages installed on
top of badly designed eBusiness architecture are no longer enough to combat
electronic attack or account holder to holder tampering. "If the on-line architecture is not designed properly
or built inadequately, one user may be able to see and execute with the confidential
information of another without much effort. This loss of control has caused
the recent suspension of a few major financial institution's on-line share
dealing and banking services",
according to DK Matai, Founder of mi2g software.
Subtle electronic attacks, which are normally not detected in time, are not
discussed by the victim organisation for fear of share price collapse or copy
cat attacks that exploit the same vulnerability. In over 55% instances, the
organisation's employees or contractors exposed to sensitive network information
have played a part in sustaining and developing the electronic attack.
The e-risk management forum being developed by mi2g software with
leading financial institutions, Lloyd's of London Syndicates and Lloyd's Brokers
as well as top law firms puts forward the integrated 4-way mi2g matrix
to address covert electronic attack on large organisations within the context
of an IT security policy:
1. Technology dimension including Bespoke Security Architecture
2. Legal dimension including Downstream Liability and Data Protection
3. Human resource dimension including physical issues
4. E-risk insurance cover that protects the revenue stream and liabilities
1. mi2g software presented seminars on e-risk in London at Richards
Butler on 4th August, Hammond Suddards on 8th September, Reuters on 27th October,
Foreign and Commonwealth Office on 4th November and the eb2 event at the Commonwealth
Club on 18th November. A total of 510 CEOs, CTOs, COOs and Partners from USA,
Canada, Germany, France, Japan, Singapore and Britain have attended these
events. We presented an update on all major e-risk incidents and trends within
the escalating threat to large on-line businesses, financial institutions
and multi-nationals. Future seminars on e-risk are planned for December 99
and January 2000.
2. Downstream Liability is the real possibility of litigation
arising from customers and businesses that have bought a product or a service
from a vendor in good faith and have surrendered personal and financial information
about themselves for a declared purpose only.
3. The total cost of servicing electronic attack incidents worldwide
is likely to exceed £12.5 Billion in 1999 according to mi2g software.
In the last ten months, there have been three major virus attacks and several
full scale electronic attacks. Melissa in March, Chernobyl in April and the
fatal ExploreZip in June cost corporations huge unplanned and unbudgeted resources.
Variants of these three and other lethal viruses have been emerging at a steady
rate to date.
4. Survive is an
independent international business continuity user group which seeks to develop,
encourage and implement best practice in business continuity planning. It
helps to ensure that organisations are better prepared for any interruption
to normal business activity and runs a wide range of conferences, seminars
and special interest groups on all areas of business continuity and disaster
recovery. Address: Survive, The Business Continuity Group, The Chapel, Royal
Victoria Patriotic Building, Fitzhugh Grove, London SW18 3SX, United Kingdom.
Tel: +44 (0) 181 874 6266. Fax: +44 (0) 181 874 6446. Website: www.survive.com
5. mi2g software (www.mi2g.com) is a leading edge London based
e-commerce enterprise specialising in e-risk management and bespoke
6. e-risk, e-risk analysis, e-risk management, How
to manage e-risk?, Downstream Liability, e-risk insurance,
Bespoke Security Architecture are trade marks of mi2g software