 |
| |
The world at large is colliding
on a worldwide network—a network that allows us to communicate
with our customers and allies but one we also must share with
our competitors and adversaries. This global interconnectedness
provides fertile ground for individuals wishing to exploit the
vulnerabilities that surface in the rush to market and use new
technologies.
Such exploits have risen sharply in the past several years.
In 1999, fewer than 10,000 security incidents were reported
to the CERT Coordination Center, a federally funded security
tracking and advisory group. That number ballooned to more than
21,000 incidents in 2000 and nearly 53,000 in 2001.
There is little doubt that this trend will increase. In the
future, we anticipate: |
 |
Emergence of new disruptive
technologies that will totally redefine the
security issues faced by commercial and government
organizations and, as a result, redefine the
international marketplace |
|
|
Marked increases in information
system-based espionage and warfare used to
gain advantage in business and threaten targeted
organizations’ economic infrastructures |
|
|
Rise and empowerment of transnational
groups (including hacker organizations, terrorist
groups, and criminal organizations) with sophisticated
information collection, exploitation, and
disruption capabilities |
|
|
|
|
Increasing difficulty identifying
the origin of Internet attacks and the location
of hostile users
or nodes |
|
|
Emergence of a global
economy more dependent upon and vulnerable
to attacks on
information systems, infrastructure, and fossil
fuels |
|
|
Organizations must recognize that, unless
they move to secure their presence on the global network
and protect their critical resources, they are shouldering
substantial risk.
It is also necessary to recognize that there are inherent
limits to the protection that security technologies and
protocols can provide. Even the best security measures
can’t prevent every attack. But organizations can
dramatically reduce their vulnerability to threats and
contain the damage resulting from successful attacks by
implementing a high-quality
security program.
Over the next several years, as the frequency and severity
of security events continue to climb, a high-quality security
program will become basic business equipment, much like
voicemail and email are now. More and more organizations
will acknowledge the essential nature of security and
the vital contribution it makes to their bottom line.
Organizations that are slow to evolve to this new standard
will suffer the consequences, both in terms of attack-related
losses, and in customers and business partners lost to
less vulnerable competitors.
|
|
|
|
