By Kevin Rademacher -
There are no businesses that are not -- or will not -- be affected by the Internet's continued expansion into personal and business lives around the world.
"Five years ago, I predicted that IP (Internet protocol) would eat everything," said Hossein Eslambolchi, chief technical officer of AT&T Corp, who was in Las Vegas recently to speak at the Networld-Interop technology convention. "I am not surprised at all with where we are today."
What does continue to surprise Eslambolchi is that the reliance the world has on Internet-based commerce has been with such indifference when it comes to security.
"I believe we as a nation are at risk," he said. "Most businesses and consumers are not taking security seriously."
Michael Beardslee, president of the Las Vegas-based consulting firm IT Strategies International Corp., agreed that not enough attention is being paid to security.
"It's a disaster," he said. "And I'm in the business."
Eslambolchi said that while some businesses have been crippled by a worm or virus, it remains possible for experienced hackers to launch an attack capable of bringing all of the Internet to a stop.
"It could happen and it's going to be devastating," he said. "We have got to get a lot more religious about (security) now."
A major step forward, Eslambolchi said, would be a more unified effort between government and industry to establish standards and share technology. He also pointed to efforts by AT&T to build greater security into the core operational structure of new systems instead of relying in customers -- whose technical savvy varies greatly -- to manage security on their own.
Jason Neiberger, president of Las Vegas-based SkyBridge Wireless Inc., agreed, adding that the wireless networks his company is deploying include encryption and other security measures that protect customers.
Eslambolchi said new AT&T systems, which power efforts like the company's Voice-over Internet Protocol, Internet-based consumer telephone system, offer predictive security. That technology will monitor Internet-based contact an isolate possible hackers from the system.
Such a system is based on the fact that most hackers test access to a particular system once or twice before launching an attack in an effort to test security.
To achieve better security, many companies will have to change their approach. Eslambolchi said that 80 percent of a company's resources are typically spent protecting from an external attack.
"But 80 percent of the attacks are internal," he said. Many of those breeches in security are innocent, he said, pointing to infected files being brought in from home computers or downloaded from contaminated e-mails. Other examples include employees giving out system passwords to telephone callers pretending to be an employee working from home.
Lori Temple, associate provost for information technology at UNLV, agreed that the relationship with individual users is critical.
"One of the hardest parts of security is user education," she said. "What is your responsibility to protect the system? ... It happens around changing people's behavior."
Beardslee pointed to a recent incident at his firm when an employee failed to renew an antivirus subscription, causing their system to become contaminated and slowing business until the problem was rectified.
"It can happen," he said.
Even Neiberger said his computer recently hit a virus glitch. While it was quickly cleaned up, it points to a constant need for vigilance.
"We all fall victim to it now and again," he said. "If you don't keep up to date ... it can get you."
Preventing such lapses, however, must be weighed against allowing the users to do their jobs.
"We always try to find a balance between keeping the bad guys out and letting the good guys in, and once we let the good guys in we need to let them do their jobs," Temple said. "I don't know any (information technology) organization that isn't struggling hard."
Still, Eslambolchi added, that consumers -- whether business or home -- must also take responsibility for protecting themselves.
"We have to educate the public, explaining to them what could happen," he said.
If nothing is done, Eslambolchi said the consequences will be dire for an economy increasingly dependent of the Internet.
"If we do nothing, within a decade we are going to end up with a problem of Biblical proportions," he said.
Beardslee said one problem with many companies is that security produces no financial return. In turn, it is the first item to be cut when expenses are pruned.
"When they get in a budget crunch, security is not on the top of the list," he said. "And the vulnerability is still there."
No one really pays attention to the cost, until a system is taken down and sales slip or reservations are lost, Beardslee said.
Neiberger said that the situation is improving particularly among larger companies that are paying close attention to the cost of disaster recovery should a major crash occur.
"Everybody is realizing right now that the biggest thing on disaster recovery is prevention," he said. "I think it's being taken a lot more seriously."
Kevin Rademacher is a reporter for In Business Las Vegas and its sister publication, the Las Vegas Sun. He can be reached at (702) 259-4069 or by e-mail at kevinr@lasvegassun.com.
Source: In Business Las Vegas
