Japan Computer Industry Scan

January 31, 2000

CYBER CRIME CREATES DEMAND FOR
NETWORK DEFENSE BUSINESS;
Company Business and Marketing 

    Three months ago, a U.S. branch of a foreign financial company suspected one of its employees was attempting to break into the firm's key computer network and send trade secrets to Eastern Europe.  The company then turned to a firm specializing in information security services to detect any network intrusion.  The security company, Global Integrity, soon after installed a preventive mechanism in the client's computer network. 

    Reston, Virginia-based Global Integrity is one of a handful of companies set up in the United States in recent years to fight so-called "cyber" crime. These firms protect corporate information systems and worldwide networks from intrusion by hackers and unauthorized access by insiders.   Global Integrity found that what had appeared to be industrial espionage was in fact the result of a software problem. But the company, in the course of its investigations, discovered that the client's computer network was vulnerable to cyber attacks because it allowed outsiders to access and download data. 

    "That was the problem that they needed to fix," said Mark Rasch, senior vice president and legal counsel of Global Integrity. He kept the client's identify secret.  Rasch said five or six newly launched Web sites are hacked, disrupted or disabled across the nation every day. 

    According to a survey conducted by Michael G. Kessler and Associates Ltd., the main security threat to companies' computer systems comes from disgruntled employees stealing confidential information and trade secrets. The New York-based information security company said that, based on the result of its survey carried out over the past six months, discontented employees are responsible for 35% of cases involving theft of proprietary information, with outside hackers not far behind at 28%.  Cyber break-ins caused 42 million dollars in losses last year, up more than 100% from 1997, the survey said. "There's no such thing as a hacker's holiday. Codes can be cracked and systems will be sabotaged. Hacking is a reality," said Michael G. Kessler, who heads the company. 

    Corporations are increasingly introducing security measures such as digital identification, encryption and intrusion-detection systems to counter cyber attacks. But hackers often outwit such network defenses, a situation that has led to increased demand for professional security service companies like Global Integrity.  According to the Gartner Group, the global information protection market, which stood at 502 million dollars in 1998, is expected to rise to 2.24 billion dollars in 2003, representing an annual growth of 34%. 

    Established in February 1998, Global Integrity provides a full range of information protection and electronic commerce security mainly to financial companies. The company says 32 of the world's largest 100 enterprises number among its clients.   Rasch said Global Integrity, posing as a hacker, often tries to break into a new client's networks to demonstrate its expertise and win the client's confidence. 

    The successful intrusion rate has been almost 100%, he said. "I can break in and get your credit card information from somebody and I can use your credit card or I can use it to disrupt an on-line merchant," said Rasch, who formerly worked for the Justice Department's section in charge of cyber-related crime. 

    Global Integrity's future looks bright following President Bill Clinton's announcement of a public-private sector joint initiative to protect U.S. information infrastructure from hackers and viruses. The scheme, unveiled Jan. 7, calls for a budgetary appropriation of 2 billion dollars in the fiscal 2001 federal budget to develop new technologies aimed at combating cyber crime.  "Today our critical systems, from power structure to air traffic control, are connected and run by computers. We must make those systems more secure so that America can be more secure," Clinton said. 

    A report issued by the General Accounting Office, a research arm of Congress, last October said the federal government's defense against cyber attacks has been insufficient.   "If the United States is faced with a threat, the response could be unfocused, inefficient and ineffective," the report said.  The new initiative proposed by Clinton would create a public-private joint institute to promote research on areas that neither sector now covers. 

    The Institute for Information Infrastructure Protection will bring together "the finest computer scientists and engineers from the private sector, from universities and from other research facilities," the president said.  Global Integrity's Rasch said this is "cooperative response" by the government and private sector to hackers. "Hackers are well organized because they talk to each other. But bankers, law enforcement agencies and the military have never talked to each other. Clinton's new initiative is to promote that kind of communication," Rasch said.