The damaged data dilemma worms, viruses, spyware and spam are the culprits

Computer Technology Review,  Feb, 2005  by Fred Moore

• E-mail
• Print
• Link

The latest magazine advertisement from Adobe asking the question "How Did 80% of the Information Become 100% Useless?" caught my attention helping me realize that something has really gone wrong here. Disk and tape devices have become increasingly more reliable in protecting against device and component failures by providing continual improvements for availability, reliability and security of its storage subsystems and devices through RAID and a variety of data-replication techniques such as mirroring, snapshot copy and journaling. Our concerns about data safety are shifting from disk crashes and tape media damage to a new and serious threat that may be harder to resolve. The vast majority of this concern exists on non-mainframe systems such as Windows, Linux and Unix, where over 85% of the world's digital data is stored.

Risk Factors

Today, digital data is being exposed to higher risk factors as a result of destructive security breaches such as worms, viruses, spyware and the onslaught of spam as the wave of hackers and terrorists (now officially criminals) gain momentum worldwide. The spread of cyber crimes is aided by the increased number of nodes on the Internet, increased processor speed, and readily available bandwidth. Recovery from an intrusion is complex and difficult. The impact of an intrusion can result in data theft, permanent data damages, and complete data loss unless special procedures are implemented. Somehow, even after the storage hardware and storage management software suppliers spent decades and millions of R & D dollars developing architectures that protect data from storage device and network failures, the newest, and soon to be the biggest, potential threat to data loss in the 21st century is becoming intrusion.

E-mail is a prime example of an application that is extremely vulnerable to intrusion. The scope and use of e-mail is truly exploding and it is estimated that the number of e-mails sent each day worldwide will exceed 36 billion in 2006. Unfortunately as we enter 2005, about 80% of e-mail traffic is "useless" spam clogging the Internet and private network bandwidth more every day. Most of the world's digital viruses and worms are transmitted by e-mail via the Internet. Blacklists of known spamming computers are no longer an effective method of stopping spam and spyware from arriving in your business. To block spam coming directly from an ISP's computers, all mail from that ISP would be have to be blocked, which would cripple electronic communication. Spammers no longer use their own machines to send spam. Instead, they rely on malicious code placed on consumers' machines via viruses or spyware that transforms them into unknowing "zombies" remotely controlled by spammers. That coupled with other tactics, have allowed spammers to circumvent most technical measures taken by network operators to stop them, and spammers continue to ignore federal and state laws that specifically prohibit their activities. These intrusions can both damage and destroy data.

Regulatory Effects

Numerous government compliance regulations now affect e-mail retention. The Sarbanes-Oxley Act requires every public company to save every record related to the audit process including all e-mails for 7 years. This reflects an important change in the role of e-mail as it has evolved to become a defacto document and records repository for many businesses. E-mail has moved beyond the worldwide communication system it was intended to be. Managing e-mail as a corporate records repository has become another new storage management discipline. Much of the e-mail repository represents "data at rest" and is seldom referenced after a few days since it was created. Historically, encryption has been used only for data in transmission. Today, encrypting stored data or data at rest is becoming increasingly important, as data is still vulnerable to theft. Stealing encrypted data is of little value. Also, the metadata tags that are generated from the approaching wave of security appliances will, in itself, become mission-critical data and require mirroring, encryption and a carefully implemented high-availability strategy.

Recent Impact Studies

In a recent spam study, market research firm Rockbridge Associates Inc. and the Center for Excellence in Service at the University of Maryland's Robert H. Smith School of Business, estimated that deleting spam alone costs nearly $22 billion a year in lost worker productivity. The study was based on a survey of 1,000 adults and said the 78% who said they receive spam spend an average of three minutes deleting it each day they check their e-mail.

The costs and efforts associated with virus and worm attacks had stabilized in the past few years but they are now going up again. The research firm Computer Economics conducted an Impact of Malicious Code study and it estimates that worldwide damages in 2004 were about $17.5 billion, up from $13 billion last year. Nearly $11 billion in 2004 damages came from the MyDoom, Netsky, Bagle, and Sasser viruses. The 2004 CSI/FBI Computer Crime and Security Survey indicated that only 45% of the companies surveyed used intrusion prevention systems. Other recent surveys indicate that less than half of the customers questioned are protected by any type of disaster recovery plan! These surveys suggest a tremendous financial exposure resulting from damaged data still exists. Isn't this 2005?