The Shifting Spyscape

If theres anything the Information Age is fast making obsolete, its the corporate sneak who penetrates your firms offices to microfilm the designs of your next product. In todays world, the "spy" you need to watch out for more likely will be an employee, a trusted supplier, or -- get a load of this -- your own lax attitude toward information security. The proliferation of new technologies has expanded the ways information about your products, processes, and customers can find its way into the wrong hands. Ironically, the new emphasis on the supply chain puts manufacturers at greater risk of being victimized by a business partner. Theres no doubt that new technologies -- Internet, voice mail, CD-ROM, and corporate data networks -- conspire to make information more readily available. Suppliers need information about products for which theyre providing parts or assemblies. So do employees, particularly those who design, manufacture, and market products. But what about consultants and contractors? How much information do they need? Perhaps more troubling is the lack of careful management of the data-security problem. For instance, many companies today are conducting electronic commerce without having first implemented adequate safeguards against prying electronic eyes. Once transmitted over the Internet, even an encrypted, seemingly safe message can be forced like an oyster to disgorge its pearl of information. A University of California, Berkeley, graduate student proved it was no big deal last year when, responding to a $1,000 challenge from RSA Data Security Inc., it took him just three and a half hours to break the most secure data encryption code the government permits for export. And its not just the Internet. Your competitive edge can be tarnished by voice mail just as easily. At National Regulatory Services Inc., a consulting firm in Connecticut, sales agents were perplexed by customer complaints that no one returned their calls. Business shrank. Months later, the company discovered the cause of the problem: a former employee tapping into the voice-mail system and deleting calls from potential customers. He later called them for his own business. The former worker was convicted after draining the company of an estimated $1 million in business. A more celebrated instance was the theft of thousands of voice-mail messages from Chiquita Brands International Inc. by a reporter for the Cincinnati Enquirer. In an 18-page report, the reporter claimed the firm sprayed pesticides on employees, used phony firms to hide its ownership of land in foreign countries, tried to conceal a bribery attempt, and failed to take necessary precautions to avoid the use of its fruit shipments to carry illegal drugs. The company denied the charges. The newspaper later retracted the stories built upon the voice-mail messages. It fired the reporter and paid a multimillion-dollar settlement to Chiquita. Unfortunately, there are too few incentives for business to develop and implement adequate security measures, according to a recent report on data security by the National Research Council, the nonprofit operating arm of the National Academy of Sciences and the National Academy of Engineering. "We find that the Internet is not suitable today for supporting critical infrastructures or for use in certain business activities," says Fred Schneider, a Cornell University computer-science professor who was in charge of the National Research Council committee examining Internet security. Whats the answer? For one thing, manufacturers can install better security-management systems. There are plenty of Internet and network security products available. For example, Internet Security Systems (ISS) offers SAFEsuite Decisions, a system that collects and integrates security information from various sources and locations. The information is analyzed and distilled into a security-risk profile for the entire enterprise network. "Our product enables customers to take control of their enterprise risk-management practices and focus valuable resources on fixing security hot spots instead of attempting to analyze enormous amounts of data," says Tom Noonan, president and CEO of ISS in Atlanta. As a start, companies should treat information security as a strategic issue. That in itself is a big step toward solving one of the most salient problems created by the Age of Information.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish