Security Includes Corporate Computer Sites Too
GRAND RAPIDS — A heightened awareness regarding corporate data and network security started long before Sept. 11.
Over the last several years, a number of highly focused niche players have sprung up in the areas of Internet security, network security and hardware and software solutions designed to detect or prevent threats, intrusions and breaches, observed Ken Clark, director of sales and marketing for Computer Products & Resources (CPR), a full service technology company based in Grand Rapids.
But the recent attacks on the U.S. have added another element to the equation, Clark said. The current Nimda virus, preceded just a few weeks earlier by the Code Red worm, may be getting even more publicity because people are wondering whether it’s related to the attacks.
Although Attorney General John Ashcroft has said there’s no indication of a link, that thought is running through people’s minds, including the minds of corporate executives concerned about threats to their business and their sensitive data, Clark said.
Timothy Carmichael, CEO of Carmichael Security of Sturgis, said there has been a continuing increase in concerns about Internet security, but he hasn’t seen a spike in demand for network security services since the attacks on the U.S.
Carmichael’s company is prepared to handle a surge in business should it materialize, but he pointed out that “this is a fairly long sell cycle business; it’s not like selling pizzas where tomorrow you sell 200 more.”
But with awareness heightened even more so now, it’s possible demand for network and Internet consulting services, such as network security audits, could rise, Clark said.
The audit service CPR offers checks for any vulnerability in a client’s network, and an after-audit report identifies for the client where the network is well protected and where there might be exposures. Such an audit could then result in implementation of new security solutions for clients.
Bob Burkhard, CPR systems engineer/security specialist, said top-level managers who have responsibility over their companies’ computer systems should understand that the threat is very real.
Burkhard worked 10 years as a security consultant to a number of federal agencies, including the FBI, NASA, the Department of Defense and the Department of Treasury
“Just because we’re concentrated in West Michigan, or Michigan in general, doesn’t mean we’re safe,” Burkhard said.
“We are very much a target of opportunity. And we’re very much a possible target of opportunity from terrorist groups located in various parts of the world that would want to launch attacks against our electronic infrastructure here in the United States.”
Clark noted that one of CPR’s clients had its Web site defaced, and it was traced back to the Republic of China. The West Michigan client was attacked from the other side of the globe following the April collision of a U.S. spy plane with a Chinese jet fighter off China’s border.
Osama bin Laden’s organization, among others, is savvy in software programming and in its hacking capabilities, Burkhard observed.
“We know that our hacker community in the United States has already declared its own war,” Burkhard said. “We saw the Afghanistan leader’s Web site get shut down because of so many attacks against it.”
All the hacking will fuel more retaliation. As hackers try to launch more and more massive attacks, they’ll need more and more platforms from which to attack, much like the Code Red worm did, he noted, adding that the country will likely see an increase in all kinds of network and Internet attacks.
“The threat is very, very real,” he stressed. “It’s multi-pronged. It’s coming from all different directions for all kinds of different reasons and it’s unnecessary because we can protect against at least 98 percent of it.”
Businesses have to address the problem up front if they want to deter the threat and mitigate the risks involved. Burkhard said the more prudent course is to act now rather than be forced to react after the fact.
“It’s easier to deal with the problem ahead of time,” he said. “The clean-up operations afterwards are messy, lengthy and expensive.”
Clark noted CPR recently began introducing some new services targeted at network threats and intrusion detection. Some of the services are packaged solutions where CPR provides an ongoing, managed service.
“I think it’s more than a matter of just doing what’s right for your own company,” Burkhard added. “I think it’s really a matter of utilizing the security that you have in your hands to protect not only your own interests but the national self-interest as well.”