Companies seek security experts to defend Web sites
One month after hacker attacks shut down Web sites, including Yahoo and eBay, much of the Net world is quietly boosting its defenses.
Job listings for security professionals are now prominent on several leading e-commerce Web sites. eBay's "hot job" listing this week is seeking a high-level computer security pro. Security consultants say the attacks have pushed security from being a back-burner issue to becoming a genuine bottom-line concern across the Net.
"(The industry) has really changed from a reactive to a proactive stance," said Morgan Wright, executive director of the quick-response team for Global Integrity, a large security consulting firm. "For a lot of people who were on the fence in terms of security decisions, this has pushed them over."
The decision to hire security teams or boost internal protections is critical for e-commerce sites struggling to maintain credibility and
customers in the wake of the "distributed denial of service" attacks that shut down Yahoo,
eBay, Amazon.com, Buy.com, CNN.com and others early in February. The attacks were
launched by sending enormous streams of junk data at the targets,
effectively preventing real users from accessing the Web sites.
The FBI is still investigating the attacks, following leads to Canada and elsewhere in the world. A Justice Department representative told Congress yesterday that the investigation is proceeding slowly.
For their part, computer executives are hesitant to ask the federal government for new laws dealing with computer attacks or increased regulation.
For now, the industry has to respond on its own to protect financial interests and reputations. That drive is behind the renewed focus on security, analysts say.
"It's the old joke in security," Forrester Research analyst Frank Prince said. "Nobody gets a radar detector until after they get a ticket."
Several of the sites that were attacked, including Yahoo, eBay and Amazon, are now advertising for security professionals, although some of this effort preceded the February attacks.
Yahoo spokeswoman Shannon Stubo said its job opening has been advertised since late last year.
"Security is and has been a priority with us," Stubo said.
Exodus Communications, the Web hosting facility targeted as a part of the attack on Buy.com, says it has boosted its security division--coincidentally hiring its 8-person team on the day of the attacks.
That team has already helped develop a new set of security tools and standards for the Web hosting company, spokeswoman Maureen O'Connell said.
While a number of companies are looking for security experts, many could be hesitant to go about the search publicly for fear of raising consumer and investor concerns, said Adam Lerner, a high-tech recruiter for Boston-based Winter Wyman.
"There may be more of a demand that we're not seeing," Lerner said.
Global Integrity's Wright said that his firm has gained new clients over the last month, and it has spent considerable time teaching existing clients how to identify and protect against denial of service attacks.
This education effort is critical, he says. In the last month, his company has seen a rise in the kind of tentative network scanning and probing that can lead to attacks.
"We're definitely seeing an increase in the type of activity that is a precursor for denial of service attacks," Wright said. "The signs are there that this is not over."