A chilling thought…

In the months that the SARS outbreak occurred, a scary thought crossed my mind. What if someone in an overcrowded Mumbai local train had a SARS infection and sneezed? With a dozen or so people packed in per square metre, an entire compartment of people could be infected with the virus before the train reached the next station. That made me wince and cover my face with a handkerchief every time someone nearby coughed or sneezed.

Now let's talk about the digital equivalent.

IT infrastructure and stored information is the pulse for many a business. In some cases, business would come to a grinding halt due to the slightest downtime. Traditionally, unstable power conditions, data corruption and system failure caused business disruption. Today IS Managers worry about other threats: Computer Viruses/Worms, Hackers and e-mail Spam.

Such threats have gained more importance of late. Because more business networks are now interconnected via the Internet, worms and viruses can spread in a few minutes and attack thousands of computer systems worldwide.

In fact it's become a 'dog, cat and mouse' game: A company announces some vulnerability in its software and creates a patch; a virus writer creates a worm/virus that takes advantage of this and strikes unpatched systems; a security solutions company races to create an antidote and fix for end-users.

This game has been going on for awhile, but now the moves are faster. New software vulnerabilities are announced daily. According to Symantec approximately 450 new viruses are reported every month.

Considering the number of information security threats that have arisen in recent months, we at Network Magazine think this issue has reached a point when it can no longer be ignored.

Just because we rarely hear about information security breaches in Indian enterprises, it doesn't mean these aren't happening. While we read reports about the recent Slammer and Blaster worms we wondered how many Indian enterprises got infected. We wondered what steps India Inc. has taken to protect itself from these new threats. So a month ago we decided to investigate.

As part of the research for this month's cover story, our correspondent Anil Patrick R, visited three major Indian companies to investigate the status of its security systems. Some of these admitted to security breaches, notwithstanding all the hi-tech security systems that are in place. And those who have not yet been attacked are fortifying their systems in anticipation for the worst. The smarter ones have administered security policies and update these regularly.

We were alarmed to find that many organizations continue to remain complacent—they feel the expensive firewall, IDS and anti-virus solution that they deployed is enough to keep out any virus or hacker. Worse, a study reveals that 40 percent of Indian organizations lack formal security management processes or written security policies.

Keeping this in mind, I dread to think what would happen to India Inc. if there was an outbreak of the digital equivalent of the SARS virus on our networks.

— Brian Pereira (Assist. Editor)