Click here for greater security

In the last quarter alone, 121 dotcoms shut their virtual doors, taking with them an estimated £3bn of investment and 12,000 jobs, according to research by internet analyst Webmergers.

But IT analyst Butler Group believes one of the key reasons for the poor state of the e-commerce market is lack of trust. Consumers do not believe that websites are secure enough.

In a recent report, it said a robust security system should be ‘the prime objective for any would-be internet trader’ regardless of whether it sells to businesses or consumers.

As a result, it advised network managers to assess the risks in areas ranging from applications to data sources and infrastructure. They should also look at such daily processes as physical access.

Enterprises need to place as much emphasis on internal safeguards, it warned, as on creating safeguards against intrusion from outside the firewall because up to four out of five IT-related crimes are committed by insiders. Mike Thompson, Butler Group’s director of research, says attention to detail and fervently pursuing established policies provide a solid bedrock for a successful security regime.

‘Organisations have to understand the value of their IT possessions,’ he explains. ‘What is the commercial worth of their data? What is the commercial risk in lost confidence if a well-publicised security breach occurs?’ But Thompson adds that security systems need to be responsive to changes in the business with constant reviews and adjustments.

‘One option to consider is the implementation of system management tools to bolster the use and adherence to security policies,’ he says. ‘However, technology must be consistent with the specifics of the company’s policy, not a scattergun approach.’

And the warning is timely. Last year saw a significant increase in breaches of website security, while the build-up to the new year was accompanied by warnings that hackers were threatening to cripple the e-commerce industry. A number of security watchers, including Internet Security Systems, the FBI and the US National Infrastructure Protection Centre (NIPC), believed hackers were planning attacks on businesses with zombie programs.

These malicious tools can be used to undertake denial of service-type attacks, which are designed to bring servers to their knees.

The levels of hacking turned out to be no greater than usual, however, and the US government and NIPC said the day had passed without ‘large amounts of reported incidents’.

But a new threat to e-commerce sites is appearing. Malicious code has been discovered by computer services company Central Command, which claims to have discovered the first virus based on the hypertext pre-processor (PHP) scripting language.

PHP is one of the most popular scripting languages, and is used to build e-commerce sites. Although the virus does not carry immediate risks, Central Command warned future versions could mutate into a more damaging threat.

Steven Sundermeier, Central Command’s product manager, says: ‘Because the PHP language is free, we are anticipating copycats will become prominent and the script virus will have further damaging consequences.’

But new figures released by the International Chamber of Commerce (ICC) also show online fraud is increasing. Two-thirds of the 4,000 fraud cases were undertaken over the web.

According to Pottengal Mukundan, director of CCS, this is because sometimes even experienced businessmen discard their normal prudence when confronted with a profitable proposal on a well-presented website.

‘It is vital that businesses and consumers apply the same degree of due diligence in their web-based transactions as they do in traditional transactions,’ he says. ‘Cybercrime is traditional crime perpetrated through a new, powerful medium. The fraudsters have not changed. Only the technology is different.’

As a result, ICC’s Commercial Crime Bureau has launched an e-commerce service that checks the credentials of potential business partners with support from its cybercrime unit.

Jon Merrett, CCB’s assistant director, says: ‘Many companies have been caught out by fraudulent sites, and there is a lot of mistrust out there. This service will help restore confidence between businesses.’

He argues it is vital for companies to communicate with their ISPs if they want to combat online fraud. ‘Analytical software helps to establish the relationship between the different entities involved and show the various cybercrime trends that are emerging,’ he explains.

  • Liesbeth Evers writes for Network News

Related reading