CXO

On the trail of cybercriminals

As cybercrimes continue to escalate, many companies are increasing their efforts to track down the perpetrators. In this week's Tech Watch, Bob Weinstein discusses the expanding role of "computer forensics" in enterprise security.


First it was Yahoo, then eBay, followed by Amazon.com, CNN, and even the FBI. Cyberthieves are not only cracking the largest bastions of e-commerce, but the government’s elite sites as well. Hackers have always made headlines, but the recent attacks prove they’ll go to surprising lengths to wreak havoc. What’s next? Fort Knox? The Treasury Department? Bill and Hillary’s joint bank account?

The cyber bad guys are having a hell of a time shaking up the establishment. And the recent attacks demonstrated that Web sites are almost defenseless against sabotage. If something isn’t done fast, copycat crimes become a real possibility, say FBI pundits.

In the wake of the escalating attacks, cybersecurity has grown into a vital IT field.

Data security to the rescue
The science—or maybe art—of catching cyberthieves is called data security, or computer forensics, if you prefer the sexier name. Norman Rankis, CIO at Centenary College in Hackettstown, NJ, says the field is particularly hot now because law enforcement agencies are not sufficiently trained to respond to industry’s needs. Rankis is a data security expert frequently hired by big companies to track down cybercrooks.

The statistics are downright scary, according to Rankis. FBI statistics indicate that about 210 Fortune 1000 companies reported attacks on their computer networks in the past year. Sixty-five percent were virus-related and 40 percent of the losses exceeded a half million dollars.

The reality is that computer crimes are reaching epidemic proportions because more and more people are becoming computer literate. Why hold up a bank and risk your life when you can stay home and create pandemonium or steal millions comfortably stationed behind a computer?

Making matters worse, approximately 65 percent of the corporate victims of cybercrime don’t report it, fearing negative publicity. The situation is far worse than most people imagine. It’s no wonder security software sales are expected to catapult from $7.4 billion in 1999 to $50 billion by the year 2002.

Still, Rankis maintains corporations have a long way to go before they get their security acts together. “Every corporation must start protecting its networks,” he says, “so they’re not broken into by cyberthieves.”
Each Wednesday, Bob Weinstein gives you the scoop on great trends in IT. And you can get his report delivered straight to your e-mail front door. Exclusively for our TechMail subscribers, Bob answers questions from a worldwide network of IT pros.
Companies are hiring techies with strong networking backgrounds and a solid understanding of database technology to track down the cybercriminals. The best candidates for the job are not only technically savvy, they have "an investigative mindset that enjoys the logic and tedium of problem-solving," says Jay Valentine, CEO of Austin, TX-based InfoGlide, a company that makes fraud-busting software. InfoGlide is one of several companies creating what is commonly called "neural net" software technology, which is designed to uncover fraud.

A couple of years ago, it was mostly big-name consulting companies like Andersen Consulting and system integrators that hired cybersleuths. Now, 300 of the Fortune 500 companies are hiring them, says Valentine.

And as the field of data security has grown, the profile of security personnel has changed. "Hardly a decade ago, they used to be former police officers with technical skills. Now they're mainly young techies, many of whom are recent college grads, with a knowledge of C++, Java, and Internet applications," says Valentine.

"At the lower levels, the job title may be ‘security analyst’ with a strong emphasis on technical skills," he notes. "At the higher levels, the job might be ‘VP of computer security.’"

Whether entry-level or management, it’s anything but a dull career. “A security person, for example, may be monitoring log-on procedures, administering passwords, tracing attempts to break into a network, or trying to discover what type of computer it originated from," says Valentine.

Adds Rankis, “It’s hard to describe the thrill of tracking down cyberthieves before they do more damage.”

He should know. He’s done it many times.

Bob Weinstein's weekly syndicated column, Tech Watch, is the first career column covering the exploding technology marketplace. The column appears in major daily newspapers throughout the U.S.

Editor's Picks

Free Newsletters, In your Inbox