Analysis of a Pertinent Issue in Management from an Internet Magazine Article

Analysis of a Pertinent Issue in Management from an Internet Magazine Article

This is an analysis of Rodier’s (2007) write up focusing on the issue of risk management. First in the analysis is a discussion on risk management. Next, it embarks on the key points for a successful risk management. Finally, it weighs the soundness of the article’s recommendation.

The Internet and digital transactions are a huge opportunity for businesses like banks and other financial institutions. Businesses may choose to exploit this opportunity or be petrified and refuse to jump in the next big thing. The first option requires risk management while the second option is plain risk avoidance that masks a bigger risk—that of being obsolete and hence, out of business. In the sample article, Rodier discusses risk management in the use or exploitation of a great business opportunity rather than being obsolete or out of business. Hence in this sense, risk management is really an issue of opportunity management. Simply put, a business action is a risk worth taking than inaction or doing nothing at all.

We will write a custom essay sample on
Analysis of a Pertinent Issue in Management from an Internet Magazine Article
or any similar topic only for you
Order now

Finally, the article’s final say in Josh William’s quote is very sound risk management advice. Processes, people and technologies indeed have to be consistently and constantly considered, reviewed, and changed. After all action is ultimately the best risk management strategy than doing nothing at all.

Reference

Rodier, M. (2007). Online Security Attacks Against Financial Institutions Rapidly Increasing. WallStreet & Technology. US: CMP Media LLC. Retrieved October 7, 2007, from the WallStreet & Technology Web sites: http://www.wallstreetandtech.com/ showArticle.jhtml?articleID=201806928 for page 1 and http://www.wallstreetandtech.com/online-security-attacks-against-financial-institutions-rapidly-increasing/d/d-id/1258922?page_number=2 for page 2.

Required Attachment of Reference – Page 1

Online Security Attacks Against Financial Institutions Rapidly Increasing
As the number of hack attacks continues to rise, experts say companies must use multiple factors of authentication, risk analysis and people to protect themselves.
By Melanie Rodier
Wall Street & Technology
September 17, 2007

Hacking is a multibillion-dollar business. Gone are the days of teenagers sitting in their parents’ basements trying to hack into a company’s computer system just to prove a point. Today, hacking is an organized crime enterprise — and it is bigger than ever.

The number of online hack attacks against banking organizations soared 81 percent in the first half of this year, according to U.S. security services provider SecureWorks. At the World Economic Forum in Davos earlier this year, Vint Cerf, one of the codevelopers of the TCP/IP standard that underlies all Internet traffic, said up to a quarter of computers on the Internet might currently be used by cyber criminals in so-called botnets. Botnets are made up of large numbers of computers that malicious hackers have brought under their control after infecting them with Trojan virus programs. While most owners are oblivious to the infection, the networks of tens of thousands of computers are used to launch spam E-mail campaigns, denial-of-service attacks or online fraud schemes.

Cerf, who now works for Google, likened the spread of botnets to a pandemic. Of the 600 million computers currently connected to the Internet, between 100 million and 150 million are already part of these botnets, he said.

The dramatic rise in the number of hack attacks is being driven by the increase in transactions now taking place online. “People are depending on the Internet for all sorts of services, and as usage increases so does negative fraud,” explains Joe Stensland, SVP at Scivantage, a provider of Web-based front- and middle-office solutions for financial services.

And as the stakes rise, so does the sophistication level of attacks. Today’s IT attacks are regional, targeted after specific people and companies, and entirely driven by profit, experts warn.

“Hackers are professional, motivated, have lots of cash and are doing it for the cash,” says David Rand, CTO of security firm Trend Micro. “It’s all about the money, and the money is huge.” In today’s underground economy, consumers’ stolen account information is currently priced at $1,000 to $5,000, a credit card number with PIN is valued at $300, birth certificate information goes for $150, and a credit card number with security code and expiration date is currently valued at $7 to $25, according to Rand.

A large number of hackers are based in Eastern Europe. “It’s a big source of blackhat hackers who are finding vulnerabilities,” says Gartner analyst Peter Firstbrook. “But attacks are coming from all over. Malicious Web servers are evenly distributed across the world,” he adds, noting that attacks also originate in Brazil, India, Thailand, Argentina and the United States.

An Elaborate Underworld

Criminals operate in an elaborate networked underworld of Web sites and chat rooms, where they tout their wares and avidly recruit new members. They sell each other stolen account numbers, tools for making credit cards, scanners to pick up card numbers and PINs from ATMs, and viruses and other malicious software, relates Karim Zerhouni, an analyst with BearingPoint. Recently, he says, criminals were offering on the Internet a Trojan virus for $600.

“They were even offering you one year of technical support for free with the Trojan,” Zerhouni adds. “With that you can target specific financial institutions to get all the information you want.”

Bulletin boards used by fraudsters are often “set up like eBay, with a reputation system,” points out Louie Gasparini, chief technology officer for the consumer solutions business unit with security vendor RSA. “They’ll say, ‘Hi, I’m a good fraudster — you can trust me.’ Or, ‘Buyer beware — fraudster unverified,'” he explains. “Then you have sections talking about informants, where they’ll say, ‘Don’t do business with John. He ripped me off.’ There’s also a whole training section — Fraudster 101 — which shows how to change billing addresses of credit cards, how to change PINs. They talk about new scams and new vulnerabilities.”

Online criminals are also quick to tailor their scams to any newsworthy event. When Wells Fargo’s computer system crashed in August, knocking out its Internet, telephone and ATM banking services for several hours, criminals immediately started discussing plans on bulletin boards to send out E-mails to the bank’s clients acknowledging the computer problems and asking victims to log on to phony Wells Fargo sites to validate their user information, which could then be used to steal their account information.

Required Attachment of Reference – Page 2

Online Security Attacks Against Financial Institutions Rapidly Increasing

As the number of hack attacks continues to rise, experts say companies must use multiple factors of authentication, risk analysis and people to protect themselves.
By Melanie Rodier
Wall Street & Technology
September 17, 2007

A Constant Vigil

So how can companies protect themselves against the looming threat of hackers? One key is to be constantly aware of the threats lurking on the Internet. As such, security watchdog Financial Services Information Sharing and Analysis Center (FS-ISAC) announced a partnership with MessageOne to provide urgent, fully automated cyber (and physical) security alerts to its 4,000-member firms. Members are automatically notified of a new threat by their preferred method of communication — cell phone, E-mail, home phone, etc. Firms also receive recommendations for solutions and can join conference calls to brainstorm about the threats.

Smaller organizations that might not have invested in top-notch security need to be particularly vigilant. “Everyone is going to concentrate on [large institutions such as] Citigroup,” says BearingPoint’s Zerhouni. But since a bigger firm usually has relatively tight security, “The value of hacking into them is not very high,” he adds. But a small community bank with lesser defenses still might have more than $100 million in assets, Zerhouni notes.

Security professionals agree that multifactor authentication is essential. You have to make sure the people who come through the front door are who they say they are. Experts suggest that employees or clients should input at least two or three nuggets of information before they receive access to a network.

To prevent phishing, users also can be asked to recognize a picture they had previously selected. Tokens, which are increasingly popular in the financial industry and are used by firms such as JPMorgan, provide a new six- or seven-digit password every 15 seconds — a better method than trying to commit a range of different passwords to human memory. (According to a recent RSA survey, almost a quarter of employees are required to remember 15 passwords or more at work.)

But while having multiple layers of security is important, it is not enough. “Once hackers are able to phish for one thing, they can phish for others. Plus, it won’t protect you from inside threats, such as if an employee puts an infected USB device in their own office computer,” says Zerhouni. “This happened at one bank, and 5,000 credit reports were compromised.”

Ultimately, experts say, the best solution is to use multiple methods of authentication in conjunction with risk analysis — looking at someone’s normal behavior, such as an IP address usually located in Manhattan, and verifying that this behavior is consistent.

Bank of America, for instance, uses RSA’s SiteKey to help clients recognize that they’re at the valid online banking site at Bank of America, rather than at a phony look-alike site, and to help the bank recognize the clients as the true owners of the accounts. SiteKey is made up of three parts: an image, an image title and three challenge questions. If a user suddenly signs on from a different computer, the bank asks one of the client’s challenge questions to verify his or her identity. If answered correctly, the secret SiteKey image title and image will then appear.

However, no single method is foolproof. Ultimately, says Josh Williams, manager in the business consulting practice for Devon, Pa.-based SMART Business Advisory and Consulting, “Any solution has to be a blend of processes and people and

Custom writing services

×

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out