Survive's BS 7799 e-risk forum

 e-risk analysis™

"what should 21st century IT security encompass?"

London, UK, 13:30 GMT 29th November 1999 - At the talk being given to "Survive's BS 7799 Special Interest Group" in the City of London on 1st December, mi2g software will reiterate that contrary to popular understanding, most of the serious electronic attacks taking place against financial institutions, multi-nationals and major on-line businesses are highly covert and seldom become public knowledge. The breaches take place because of the lack of an up-to-date IT security policy that encompasses systems, personnel, legal issues and insurance.

mi2g's Security Intelligence Products and Systems (SIPS™) division will give examples of the types of e-risk and counter measures being deployed as well as analyse the impact on share price, profit margin and brand value. Whilst the headlines are grabbed by publicity seeking hacker attacks on web sites, where graffiti is splashed across the screen or data is visibly lost, it is becoming clear that the piracy of intellectual property and internet based financial fraud is taking place in much more subtle ways and over a longer period of time. Each serious incident in 1999 has caused the target multi-national organisation or large on-line business damage to the tune of £25 to £40 Million.

Single off-the-shelf technology solutions offered as packages installed on top of badly designed eBusiness architecture are no longer enough to combat electronic attack or account holder to holder tampering. "If the on-line architecture is not designed properly or built inadequately, one user may be able to see and execute with the confidential information of another without much effort. This loss of control has caused the recent suspension of a few major financial institution's on-line share dealing and banking services", according to DK Matai, Founder of mi2g software.

Subtle electronic attacks, which are normally not detected in time, are not discussed by the victim organisation for fear of share price collapse or copy cat attacks that exploit the same vulnerability. In over 55% instances, the organisation's employees or contractors exposed to sensitive network information have played a part in sustaining and developing the electronic attack.

The e-risk management™ forum being developed by mi2g software with leading financial institutions, Lloyd's of London Syndicates and Lloyd's Brokers as well as top law firms puts forward the integrated 4-way mi2g matrix to address covert electronic attack on large organisations within the context of an IT security policy:

1. Technology dimension including Bespoke Security Architecture™
2. Legal dimension including Downstream Liability™ and Data Protection
3. Human resource dimension including physical issues
4. E-risk insurance™ cover that protects the revenue stream and liabilities

Background:

1. mi2g software presented seminars on e-risk in London at Richards Butler on 4th August, Hammond Suddards on 8th September, Reuters on 27th October, Foreign and Commonwealth Office on 4th November and the eb2 event at the Commonwealth Club on 18th November. A total of 510 CEOs, CTOs, COOs and Partners from USA, Canada, Germany, France, Japan, Singapore and Britain have attended these events. We presented an update on all major e-risk incidents and trends within the escalating threat to large on-line businesses, financial institutions and multi-nationals. Future seminars on e-risk are planned for December 99 and January 2000.

2. Downstream Liability™ is the real possibility of litigation arising from customers and businesses that have bought a product or a service from a vendor in good faith and have surrendered personal and financial information about themselves for a declared purpose only.

3. The total cost of servicing electronic attack incidents worldwide is likely to exceed £12.5 Billion in 1999 according to mi2g software. In the last ten months, there have been three major virus attacks and several full scale electronic attacks. Melissa in March, Chernobyl in April and the fatal ExploreZip in June cost corporations huge unplanned and unbudgeted resources. Variants of these three and other lethal viruses have been emerging at a steady rate to date.

4. Survive is an independent international business continuity user group which seeks to develop, encourage and implement best practice in business continuity planning. It helps to ensure that organisations are better prepared for any interruption to normal business activity and runs a wide range of conferences, seminars and special interest groups on all areas of business continuity and disaster recovery. Address: Survive, The Business Continuity Group, The Chapel, Royal Victoria Patriotic Building, Fitzhugh Grove, London SW18 3SX, United Kingdom. Tel: +44 (0) 181 874 6266. Fax: +44 (0) 181 874 6446. Website: www.survive.com

5. mi2g software (www.mi2g.com) is a leading edge London based e-commerce enterprise specialising in e-risk management™ and bespoke security architecture™.

6. e-risk™, e-risk analysis™, e-risk management™, How to manage e-risk?™, Downstream Liability™, e-risk insurance™, Bespoke Security Architecture™ are trade marks of mi2g software™ (mi2g.com).