Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live teleconferences:
* Planning for Succession:
Models for IT Leadership Development, June 23
* Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25
* Managing Change: Centralizing Your IT Organization
July 29
Apply today for a FREE subscription to CIO Magazine!
News Feature
Security: How to Not Recover from Getting Hacked (A Loser's Guide to Failure)
January 01, 2002 — CIO — It’s a fox television special waiting to be made: When hackers attack. There’s blame and blunder, sensationalism and surprise, and a theme song whose sinister refrain reminds you that no one?not you, not your competitor?really knows the best way to respond to an information security breach.
With pervasive fears about terrorism, security threats have proven all too real. Our antidote to the doom and gloom? A guide for what not to do when you get hacked. So take a moment to learn from the mistakes that others have made. Because your chance to avoid these worst practices might be just around the corner.
Deny, Deny, Deny
Not admitting that you have a problem is the first step to not recovering. In a recent CIO survey of CIOs and other top IT managers, only 41.1 percent of the 600 respondents said they would know when their systems were under attack. Time and again, studies show that companies are simply not aware of security breaches.
"You’ll hear companies say, ’I’ve never been hacked,’ when what they really mean is, ’I’ve never detected that I’ve been hacked,’" says Bruce Schneier, author of Secrets & Lies: Digital Security in a Networked World, and CTO and founder of Counterpane Internet Security in Cupertino, Calif. Once a company starts monitoring its systems for intruders, he says, "they’re amazed at the amount of activity going on that they never had any window to see."
Then there are those pesky employees who retaliate after messy layoffs. In August, for instance, The New York Times reported on an IT executive who caused up to $20 million in damage when he sabotaged the computer systems of the New Jersey chemical company that had laid him off. Cases like that underscore the fact that the majority of security breaches are by insiders.
Your employees, on the other hand, are hardworking, loyal and honest. That must be why, in that same CIO survey, 34 percent of the respondents indicated that they don’t store critical data on a restricted or confined system, away from other company information that requires less security. In other words, once intruders are in, they can get access to anything and everything.
Panic!!!
On the flip side, there’s the tale of MIT. A couple of years ago, officials at the tech-savvy university reported that a hacker had altered grades in its computer system. The next day, they sheepishly retracted the statement, explaining that a teaching assistant had made a data entry error.
War Gaming: Necessary Exercises
Encryption Made Easy: The Advantages of Identity Based Encryption
Messaging Security Goes Virtual
Regulations Shift Focus on Outbound Email Security
New 2008 Report: Outbound Email and Data Loss Prevention in Today"s Enterprise
Riverbed RiOS 4.0: Raising the Bar in Wide Area Data Services
The Great Email Security Debate: Appliances, SaaS, or Virtual?
Windows Mobile Series: Improving Mobile Security and Management Webcast
Solutions to the Toughest IT Challenges in Remote Offices Webcast
Get Control of Mobile Data (and More): Improve security and reduce costs with a mobility management platform (Video webcast)
The Universal Wireless Client: How to simplify mobility and reduce the cost of supporting mobile workers (Video webcast)
Advanced DNS and Traffic Management Solutions: The Keys to Enhancing and Securing your Enterprise Network
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Symantec Warns of New Word Attack
VMware Replaces CEO, Shares Plummet
The Internet Gets a Patch, As DNS Bug is Fixed
Groups: Targeted Ad Program May Be Illegal
US Senate Resumes Debate on Surveillance Bill
Google Launches Blog for Sub-Sahara Africa
Adobe Readying New Mashup Tool for Business Users
Celtel Begins Financial Compensation Program
Microsoft Patches Security Bugs in Products
Kenyan Economy to Benefit From E-Transaction Law
How To Do Nearly Anything
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
