Hot-on-the-heels of several widely-publicised computer virus outbreaks, John Cheney rails in defence of the Internet security industry – and explains how commercial reality in the business world should never be undermined by media-driven rhetoric.
Last July, the IT security industry warned end users of the potentially devastating effects of the Code Red worm. This was followed by the outbreak of both the SirCam and Nimda viruses. Did these events really pose as big a threat as the media coverage would have us believe, or was the security industry itself to blame for all the hype?

Although media coverage raises the profile of each virus threat, it also highlights the fact that network security is a serious and legitimate concern for most end users.

Anti-virus software, firewalls or even a sophisticated intrusion detection system are not the final solution. They're not inadequate, but deploying, operating and maintaining them involves (valuable) time, experience and continual effort. It's a complex issue.

For instance, firewalls that protect computer systems from hacker intrusions or data piracy must – by their very nature – be two-way. Legitimate data must be allowed to pass, but governing that data flow requires the configuration of a firewall to ensure that it doesn't act as a barrier to business. In particular e-business.

IT security should be one of the first elements that a company thinks about when devising its network policy. The fact that over one million businesses downloaded the patch to fix the Code Red vulnerability at the eleventh hour merely serves to indicate that not enough care was being taken to keep networks secure.

Time for payout... or payback
Against the current background of softening markets and deepening global recession, of course, any cost that affects the bottom line increases in significance. That said, the cost of a network breach – for certain firms, at least – could well mean a cessation to trading.

Your Board must learn to appreciate that IT security policies and barriers are essential, and that the effort and expertise required to devise them may stretch company resources. For example, taking network managers away from running an enterprise network to police your security policy will not necessarily be desirable. Such action can exert a powerful drag on budgets and time – but will often be essential.

Indeed, the latter is one of the reasons why third party management of IT security is fast becoming an increasingly attractive option. Appointing a service provider to manage your network security immediately and cost-effectively overcomes any skills shortages on site, not to mention the absence of round-the-clock surveillance.

And make no mistake about it. Network security for companies operating in the 'wired world' is a 24-hours-a-day, seven-days-a-week, 365-days-of-the-year business.

While the market has become accustomed to dire warnings, no-one should accuse the industry of blind rhetoric. The alarmist label often attached to security and anti-virus software vendors is understandable but misguided, as evidenced by the increasing levels of virus and hacker-driven activity in tandem with financial losses at many firms.

The real cause for concern, though, lies in the apparent mood of complacency exhibited by businesses who disregard the warnings – and are sadly misguided in being content to maintain the status quo.