In Depth
Three Companies that Fought Back
Standing your ground isn't always easy—or popular. But three business leaders tackled their security challenges head-on, and won.
By Scott Berinato, Sarah Scalet
October 01, 2006 — CSO — Not every company can afford a security executive. Even if you're from a large company with a chief security officer and full security staff, you know this from working with companies who don't have that
luxury. And if you're from a smaller company, then you know that you face the same threats the big guys face
But when a small or midsize business faces a real and serious threat, without a full complement of security staffers, an executive leader and a considerable security budget to fend it off, what is that company to do? Pierre Corneille, a 17th century French playwright once said, "Flee an enemy who knows your weakness," and some companies will, understandably, do just that.
But a few brave people at a few small businesses have a different reaction. They decide to fight back, to play the role of CSO themselves, with help from law enforcement and others, in an attempt to stop the steady flow of attacks on their businesses. They make loose calculations in their heads that a little more pain and cost now could lead to a lot less later on, if they can just break the cycle.
Here we present three of those stories, each focusing on a different threat and a different reaction to the threat:
Peter Capolino, president of Mitchell & Ness Nostalgia, which makes popular—and
popularly counterfeited—pro-team jerseys, had enough with fakes being sold on eBay, so he turned his administrative assistant into an anticounterfeiting crusader.
The network administrator at a healthcare company that suffered a three-day network outage dueto a denial-of-service (DoS) attack didn't have the resources to fight back. But then during a sales pitch by a security vendor, he got an idea.
Finally, at US Digital Media, Alane Pignotti wanted to stop the diversion of her blank CDs and DVDs to pirates. So she set up a sting operation.
All three stories provide valuable insight into how small and midsize businesses can fend off security threats, what kind of mind-set it takes and what those businesses can hope for as a return on their investment in Doing the Right Thing. We'd love to say that the ROI is obvious, that all three of these stories have fairy tale endings with the good guys coming out on top and the bad guys vanquished, but security (or life) doesn't work like that.
So is the decision to fight back noble or quixotic? Smart business or a huge risk? Worth it or not worth it?
fought back
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
