Continued from page 1
A terrifying example of liability faced by an organization which fails to prevent intrusions happened very recently. On August 1, 2004, a database intrusion occurred through one unsecured computer at University of California - Berkeley. The intrusion wasn't discovered until August 30, meaning hackers had a full month of unfettered access to personal information of as many as 1.4 million disabled and elderly Californians, opening door to a potentially devastating class action suit by those affected. This incident serves as a disturbing reminder that a single workstation can sacrifice identities of millions.
Loss of trust from partners and customers due to a company's failure to prevent hackers from accessing their network can be just as destructive as any lawsuit. Failure to prevent intrusions into an e-mail system will leave administrators with few, if any, options after damage is done. Business partners will be understandably reluctant to share any of their proprietary information, and customers will likely look to your competitors to ensure that their private data is safe.
Not surprisingly, most companies will go to great lengths to hide fact that their systems have been compromised. Over 50% of respondents to 2004 Computer Crime and Security Survey by FBI and Computer Security Institute indicated that they did not report system intrusions to law enforcement or legal council because of fear of negative publicity. Of course, if they'd had effective intrusion prevention in first place, there wouldn't be anything to report.
The only way to ensure that all information residing on, or accessible through, e-mail servers is protected is to make it completely invisible to hackers and other would-be intruders. While some software-based approaches do serviceable jobs of detecting intrusion attempts and thwarting them when they happen, mere fact that hacker knows where network is provides motivation enough to keep trying to find a way in.
When your company's intellectual property is stolen or otherwise compromised, catastrophic costs can be staggering. According to 2004 Computer Crime and Security Survey, a total of 269 respondents from U.S. corporations, government agencies, financial institutions, medical institutions and universities reported intellectual property losses totaling $11,460,000 in damages from theft of proprietary information. An unfortunate side note to this statistic: 98% of survey respondents had firewall protection in place, a revealing testament to ineffectiveness of stand-alone security components.
Get Rid of Modern-Day Monsters
A comprehensive e-mail security approach including elements of anti-spam, anti-virus, policy enforcement, intrusion prevention and encryption is most effective defense against all external and internal threats. For more information on how to protect your enterprise network from all manner of e-mail threats, download CipherTrust's FREE whitepaper, "Securing E-Mail Boundary: An Overview of IronMail".
The final installment of Maximizing E-Mail Security ROI series will discuss issues surrounding encryption of confidential information contained in e-mail messages.
CipherTrust is the leader in anti-spam and email security. Learn more by downloading our free whitepaper, "Securing the E-Mail Boundary: An Overview of IronMail"