Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] When staff can be more dangerous than hackers

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] When staff can be more dangerous than hackers
Date: Wed, 29 Sep 2004 02:56:18 -0500 (CDT) 
http://straitstimes.asia1.com.sg/techscience/story/0,4386,275155,00.html

By Chua Hian Hou 
SEPT 29, 2004

COMPANIES here more concerned with preventing computer viruses from
attacking them, are neglecting their biggest information security
threats - their employees and business partners.

Mr John Ho Chi, principal of Ernst & Young's security and technology
risk service, said insiders are dangerous because they 'know where
your most valuable information is, already have trusted access to your
system, and may even know how to get away with it or cover their
tracks'.

For example, an unhappy business partner with access to a company's
price lists can share this access with the company's competitor,
allowing him to see the prices.

Or a disgruntled employee can change the details of customers' orders,
causing havoc to the company's operations, he said.

While a virus or a hacker may cause damage to a company, it cannot do
so undetected and certainly not to the extent a malicious insider with
intimate knowledge of the company can.

Findings from Ernst & Young's Global Information Security Survey 2004,
which included 43 local companies, showed Singapore firms know
security is important. Many invest heavily in firewalls and anti-virus
software to guard against external threats such as viruses and
hackers.

However, these firms pay less attention to internal threats, said Mr
Ho.

According to the survey, nine out of 10 local companies rank external
threats such as viruses and hackers, loss of customer data and
confidentiality breaches as their most important threats, compared to
seven in 10 which are concerned about breaches by disgruntled
employees or business partners.

Mr Ho said publicity given to virus outbreaks and hacker attacks has
highlighted external threats and made them appear more dangerous than
internal threats.

What local companies don't realise is, 'when it comes to employees and
business partners, the only thing standing between the company and
fraud is... trust'.

Woo World, a 10-man mobile games distributor, experienced a malicious
breach last year, said its technology manager Chai Swee Kheat.

An employee had deliberately deleted files he was not supposed to
modify. Fortunately, there were back-up copies and the company did not
suffer too badly in this case.

Lest companies believe their staff are made of sterner stuff, a global
fraud study by Ernst & Young found that one in five employees knew
personally of incidents where colleagues had stolen from their
employer.

'In other words, there are a lot of untrustworthy employees out
there,' warned Mr Ho.



_________________________________________
Donate online for the Ron Santo Walk to Cure Diabetes - 
http://www.c4i.org/ethan.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] When staff can be more dangerous than hackers, InfoSec News <=
Previous by Date:  [ISN] Terrorists grow fat on email scams, InfoSec News
Next by Date:  [ISN] Hackers use porn to target Microsoft JPEG flaw, InfoSec News
Previous by Thread:  [ISN] Terrorists grow fat on email scams, InfoSec News
Next by Thread:  [ISN] Hackers use porn to target Microsoft JPEG flaw, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]