To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://comment.silicon.com/0,39024711,10006104,00.htm

"It'll be alright, we'll buy some security next month..."
'Don't put off until tomorrow what you can do today' - surely your Mum must have told you that...

By silicon.com

Published: Monday 22 September 2003

Companies are being urged to make robust security their very first purchase before launching online.

Any company launching with inadequate security, and putting off its full spend is kidding itself if it thinks it is safe from attack, yet many are still taking the chance and running websites with little security.

Fair enough, in these days of living hand-to-mouth the first month's trading may mean they don't have the money to spend on implementing better security - but the real issue is that they may not get a second month in which to spend it if they launch without that security.

Downtime is a costly business and research from PSINet Europe has revealed the full extent of threats awaiting new arrivals to the web, and the assault is brutal to say the least.

While this research should probably be filed under 'proof of concept' rather than anything more comprehensive, PSINet set up two identical websites, purporting to be run by a major bank, one with watertight security and one which was left to fend for itself. Then the company just sat back and watched what happened.

And what do you know - they both got attacked relentlessly.

While the one with firewall protection weathered the considerable storm, the one without didn't fair so well, as you might expect. In eight weeks it was subjected to 20,000 separate attacks from hackers.

The secure website was still attacked more than 1,600 times and around one third of those attacks were classed as serious 'high risk' attacks - which would have brought the site down if security hadn't been tight - highlighting the need to constantly review, update and patch.

The message is clear. You will be attacked. It is no longer a question of 'might' or 'worst case scenario' it is a question of inevitability. Do not take the risk.