OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[ISN] Experts help firms fight cybercrime

From: InfoSec News (alertsinfosecnews.org)
Date: Mon Nov 12 2007 - 00:05:11 CST

http://www.al.com/business/mobileregister/index.ssf?/base/business/1194807233267130.xml&coll=3

By Kaija Wilkinson
Business Reporter
November 11, 2007

When retired U.S. Secret Service agent Gus Dimitrelos is called on to
speak, the charismatic computer crimes expert tells of catching
celebrity stalkers, serial killers and child predators using computer
and cell phone data.

But the Daphne consultant's business isn't all about cases that grab
national headlines. Instead, he said, at least half is helping
corporations prevent cybercrime or, when it occurs, finding out how it
happened.

Such crimes are more prevalent than some businesses realize, local
exerts said.

Among the top threats: theft of intellectual property, such as sealed
bids or financial data; theft of personal information like credit card
and Social Security numbers; and installation of malicious software
including computer viruses that steal, corrupt or destroy data.

Whether a business is dealing with fraud or general theft, Dimitrelos
said, " the biggest threat is going to come from the inside."

Finding who is responsible can get expensive. Dimitrelos, for example,
charges $250 to $325 an hour. An security evaluation for a company with
700 to 1,000 or so employees can range from roughly $20,000 to $50,000,
he said.

The good news is that businesses can take relatively inexpensive steps
to guard against fraud.

Robertsdale-based Business Information Solutions Inc. has been hired by
more than 600 area business clients in the past several years to design
and maintain computer networks, including security systems, said Philip
Long, chief executive officer.

The company recently introduced a managed security service called
Sentinel that starts at $79 a month for a basic service and can run
around $500 for full maintenance and security. "With that we have a lot
of real-time security auditing going on," Long said.

Long said he tries to emphasize that businesses be proactive, rather
than reactive, about computer crime. Still, he said, "you'd be surprised
about the ones that aren't really concerned about (computer security)."

Manufacturers, medical- related companies, law firms and banks are among
those who tend to be most careful, Long said.

Dimitrelos said his biggest client right now is national law firm Hunton
& Williams, whose clients, in turn, include Federal Express and
Coca-Cola.

Companies are tight-lipped about what they do to protect themselves, but
many acknowledge that it's crucial.

Birmingham-based Regions Financial Corp. has several layers of
protection in place, said spokesman Tim Deighton. "It's not just one
person's responsibility," he said. "It's partly a technology issue, and
it's partly a security issue. Obviously for a bank, it's vital."

Computer security is no less vital for manufacturers like Atlantic
Marine Holding Co., which protects information like bid and design
details and financial data, said Herschel Vinyard, spokesman.

Atlantic must also ensure that malicious software doesn't disrupt the
flow of business, he said, adding that in shipbuilding, "computers are
just as necessary as welding torches these days."

Gabe Watson, senior network engineer at Mobile-based telecommunications
company Southern Light LLC, said an employer's No. 1 line of defense is
a firewall, a system that bars unauthorized users from a network or
monitors information that travels between network and a personal
computer. Southern Light manages firewalls for several large clients,
including Mobile and Baldwin county public schools.

Some have built-in content filtering, which prevents employees from
sending or receiving profane e-mails or visiting questionable Web sites,
but that typically is provided through a separate device, Watson said.

Long said that it's important to monitor not only content coming in, but
content going out. In the past 10 years, such security has gotten
considerably more affordable, with a firewall with software that blocks
spyware, viruses and pfishing sites starting at around $600 for a
business with 15 to 20 users.

But some security measures don't cost a thing, Long said, such as simply
changing one's passwords often. Microsoft recommends every 21 days, he
said.

"Companies don't want to do it, because it's an absolute headache," he
said. "But it's great because if somebody is (committing fraud) they can
only do it for short period of time."

Copyright 2007 Press-Register

__________________________________________________________________
Visit InfoSec News
http://www.infosecnews.org/