The Internet’s openness makes it the perfect platform for e-commerce — it offers an inexpensive mass communication media and an economy of scale for low-cost distribution. However, the lack of security of web-based transactions and the ease with which the privacy of online communications can be violated are e-commerce’s main stumbling blocks. Internet’s very openness means that all communication traveling over it is inherently difficult to secure. To make matters worse, hacking is an epidemic that is on the rise.
Ira Winkler, president of the Internet Security Advisors Group in Severna Park, Md., and author of “Corporate Espionage” (Prima Publishing, 1999) succinctly states the average e-commerce business’s security dilemma: “To a hacker, you’re just an IP address. You get hit because you let yourself be an easy mark.”
Here are some eye-opening figures to contemplate: A study by Gartner Inc. indicates that 50 percent of all small to midsize enterprises were hacked in 2003, with almost 60 percent of those not even knowing they had been hacked. According to the Computer Emergency Response Team (better known as “CERT,” www.cert.org), a total of 82,094 incidents were reported in 2002. But, as Fig. 16 shows, incidents are rapidly increasing — there were 76,404 reported incidents in just the first half of 2003.
Figure 16: A database = collection of data; a catalog = definitions for database; database management system (DBMS) = software.
Don’t be an easy mark. Recognize and appreciate that you are building your business in a domain that is, at least in principle, fraught with danger. Thus all e-commerce businesses must take the necessary steps to ensure that adequate levels of security are in place. This means, at minimum, firewalls to control the flow of data, monitoring software to protect web pages, and an encryption method to protect transactional data — consumer information, credit card numbers and your own merchant data. Supplement that with diligent oversight, which includes reporting and analyzing the security of your web business’s entire infrastructure.
CERT’s Record of Incidents Reported 1988-2003 | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
1988-1989 | ||||||||||
Year | 1988 | 1989 | ||||||||
Incidents | 6 | 132 | ||||||||
1990-1999 | ||||||||||
Year | 1990 | 1991 | 1992 | 1993 | 1994 | 1995 | 1996 | 1997 | 1998 | 1999 |
Incidents | 252 | 406 | 773 | 1,334 | 2,340 | 2,412 | 2,573 | 2,134 | 3,734 | 9,859 |
2000-2003 | ||||||||||
Year | 2000 | 2001 | 2002 | 1Q-2Q 2003 | ||||||
Incidents | 21,756 | 52,658 | 82,094 | 76,404 | ||||||
Total incidents reported (1988-2Q 2003): 258,867 |