Plugging the Leaks: Technology has its own Rewards

(Published in The Express Tribune, February 7, 2011)

Technological immersion brings with it many new situations that companies have never had to worry about before. At the front of these is security and the fear that a company’s network can be a single point of failure to all its secrets. A network holds within most if not all of its documents, emails, finances and all sorts of stuff that could wreak havoc if leaked or compromised.

Experts like to distinguish the threats into two distinct problems: trust and security.

A company’s IT department has unrestricted access to most of this stuff and it only ever comes down to trust.

While it seems impossible to overcome trust issues, a good remedy is found through organisational means. Creating special purpose teams or assigning new roles to existing members to routinely audit operations can help create a good check and balance. Most organisations still continue to neglect these problems or intently shy away from technology altogether due to similar reasons but the aversion is usually misguided or comes at the price of putting up with arcane processes. In Pakistan the problem is slightly exacerbated due to lack of a fully developed legal framework or task forces to deal with IT crimes. Despite this, internal company policies can fill the void.

The second problem is that of security. Nasdaq just came under a hacker attack and reports are still not clear as to what parts of the system were compromised. The news did not come as a surprise because hackers have been around ever since networks themselves. The real shocker is the fact that even the largest trading system and financial machineries in the most developed of nations is vulnerable to hackers equipped with just a computer and a network connection.

In most organisations, security threats are usually handled after the fact rather than pre-emptively.

This is either because the threats are unknown or because the cost of constantly auditing and securing the system is a recurring expense. Or it’s just that companies don’t have the same level of commitment as the hackers do. Hackers on the other hand always stay at the edge of the curve, constantly scanning the internet for insecure systems.

The single most effective measure for network security and probably the cheapest is to keep all software up to date, including the most unsuspecting ones such as browsers, the more obvious ones such as Windows updates and the more arcane ones such as the routers at the periphery of the network. The cost of having dedicated security personnel is negligible compared to the value of data within the network and pre-emption is the usually well worth the effort.

On the global front, cyber warfare has dragged governments into the fray as they move to secure key nodes such as government agencies and systems. The network though is a distributes entity and law enforcement and IT task forces can only really help pursuing the offenders; the security itself though to be a concern of each and every company.