- change ups
Firm Specializes In Cyber Security
When one spectacular attack some years back nearly shut down a large segment of American banking, firms began installing firewalls and using computer experts to try to breach their Internet security arrangements.
Test-variety penetrations of a firm’s system can be expensive, because really good computer geeks can charge as much or more per hour as trial lawyers and get away with it.
But Brian Adams, a Grand Rapids native who in January founded Integrity Online Service(s) (IOS) — a computer security firm — says there’s a better way to check the security of one’s system, especially with the number of attacks rising sharply each year.
Adams says he strongly recommends a formal security evaluation not only because it’s cheaper, but also because it’s more thorough.
Adams, who spent a good deal of his 17-year computer career with Grand Haven’s JSJ Corp., explained that in a penetration, his company or another security firm plays the role of a hacker.
“You tell us only the name of the business and how much time to spend based on a cost — in our case, $1,500 per eight hours. We spend the allotted time seeing how far we can get in and how many ways.”
He said it might take three days to find, say, five ways to break far enough in to seize a network, including administrative account names and passwords.
But he said that the sneak-and-peek method could take cost-prohibitive months to disclose all possible vulnerabilities in a network. “And remember,” he said, “a hacker will not use all methods available to break in … just the first one he happens to discover.”
He told the Business Journal that it makes more sense to ask for a security evaluation. He said evaluations produce a technical report listing all vulnerabilities and details what the impact of penetration could be.
Adams said evaluation reports also contain an executive summary describing the number of vulnerabilities and risk level.
“You should also expect a report including standard practices and procedures,” Adams said. “If, for example, you have no firewall, that would be recommended. If you are not employing intrusion detection services, that, too, would be recommended. We always recommend patches and service packs be up to date.”
He said IOS offers a free sample introductory evaluation, and bases its pricing beyond that on the number of access points in a network. He explained that means a full evaluation could range from $5,000 a year on up into five-figure numbers.
Adams said such numbers usually produce the dismissive statement that, “We have a firewall, and no information to lose.”
He said firewalls help but are no panacea. “The fact is that, among many other issues, a hacker can use your systems to attack another, to deny service to the other.”
He stressed that the owner of a system could be liable for damages that a hacker inflicts with the use of that system.
“Furthermore,” Adams said, “worms and viruses like Code Red, NIMDA and Sapphire/Slammer exploit the same vulnerabilities that hackers do.”
Adams said he believes most West Michigan businesses “are likely vulnerable to attack.”
“An evaluation isn’t cheap,” he agreed, “but it can save you thousands to literally millions of dollars.”
Thanks to the reach of the Internet, Adams said IOS has the capability of evaluating any business anywhere. “But we choose to serve businesses in West Michigan so that we can provide prompt service in the case of an emergency.”
One can contact IOS through www.isyournetworksafe.com or by calling (269) 806-7326.