Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Internal hackers pose the greatest threat

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Internal hackers pose the greatest threat
Date: Thu, 23 Jun 2005 04:08:20 -0500 (CDT) 
http://www.vnunet.com/2138597

Robert Jaques
vnunet.com 
23 Jun 2005 

Internal hackers pose the greatest threat to the IT systems of the
world's largest financial institutions, according to the 2005 Global
Security Survey released today by the financial services industry
practices of Deloitte Touche Tohmatsu.

Over a third of respondents admitted to having fallen victim to
internal hack attacks during the past 12 months (up from 14 per cent
in 2004) compared to 26 per cent from external sources (up from 23 per
cent in 2004).

Instances of phishing and pharming, in which hackers lure people into
disclosing sensitive information using bogus emails and websites,
rocketed during the past year, underscoring the human factor as "a new
and growing weakness in the security chain".

The study noted that the shift in tactics to exploit humans, rather
than technological loopholes, is explained by the improved use of IT
security systems.

This includes the increased deployment of antivirus systems (98 per
cent compared with 87 per cent in 2004), virtual private networks (79
per cent compared with 75 per cent) and content filtering and
monitoring (76 per cent compared with 60 per cent).

"Financial institutions have made great progress in deploying
technological solutions to protect themselves from direct external
threats," said Adel Melek, a partner in the Canadian member firm of
Deloitte Touche Tohmatsu.

"But the rise and increased sophistication of attacks that target
customers, and internal attacks, indicate that there are new threats
that have to be addressed.

"Strong customer authentication, training and increased awareness can
play a significant role in narrowing this gap."

However, the survey results show that security training and awareness
have yet to top the agenda of chief information security officers, as
less than half of respondents have training and awareness initiatives
scheduled for the next 12 months.

Training and awareness was at the bottom of the security initiatives
list, far behind regulatory compliance (74 per cent) and reporting and
measurement (61 per cent).

The findings aligned with financial institutions' future investment
plans in security, with 64 per cent of money set aside for security
tools, compared with only 15 per cent for employee awareness and
training.

Ted DeZabala, a principal in the security services group at Deloitte &
Touche LLP, said: "With threats such as identity theft, phishing and
pharming on the rise, organisations should be implementing identity
management solutions encompassing access, vulnerability, patch and
security event management.

"These solutions should be augmented by security training and
awareness if organisations are to minimise the number of human
behavioural threats.

"Clearly, continued vigilance is needed to meet and exceed the
requirements and truly protect corporate data from security threats."



_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Internal hackers pose the greatest threat, InfoSec News <=
Previous by Date:  [ISN] ITL Bulletin for June 2005, InfoSec News
Next by Date:  [ISN] CardSystems' Data Left Unsecured, InfoSec News
Previous by Thread:  [ISN] ITL Bulletin for June 2005, InfoSec News
Next by Thread:  [ISN] CardSystems' Data Left Unsecured, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]