Who's Watching the Web?
By Henry (Hank) Jones, III and K. Lawson Pedigo
Your Web success and survival may require action beyond updating firewall software, enforcing password policies, and teaching employees how to recognize and resist social engineering intrusion efforts.
Commercial codes, criminal codes, court-created rules, and other laws can make the difference when your site suffers inevitable network penetration attempts. You already know that crackers typically launch distributed denial of service (DDoS) attacks via third parties' systems, which they've managed to commandeer through insufficient operator barriers. You already know that you're supposed to deter, and ideally, prevent your firm's employees from copying third-party software. I hope you've heard about the long-standing and highly effective enforcement campaigns of the Software Publishers Association and the Business Software Alliance. And you may have additional obligations if you're in a regulated industry, such as one involving health care records or financial data processing.
Your company's exposure to Internet-based crimes reveals two contradictory situations. First, the high level of general awareness of the problem and its resulting risks means that increasing government and private sector resources are being devoted to fighting it. However, mounting financial losses continue to blemish e-business, despite societal countermeasures and Web professionals' serious attempts to improve security. Site cracking is a growth industry. The essential and unanswered question is whether Internet crime will be the next Savings and Loan crisis in which losses from a group of connected, but unrelated, reckless, and fraudulent activities cost the U.S
