MANY company directors and executives hold the view that the greatest threat to their online security is a pierced young punk in a dark room with far too much time on his/her hands.
MANY company directors and executives hold the view that the greatest threat to their online security is a pierced young punk in a dark room with far too much time on his/her hands.
Few would consider that the greatest threat to their company’s database is more likely to be in a shirt and tie sitting at a desk down the hall.
Experts estimate that between 60 and 80 per cent of all company security breaches come from internal sources.
And that is just from the hacks reported. For obvious reasons, many companies do not report internal security breaches.
Internal security is the number one problem facing companies, according to iiNet legal and regulatory director Kim Heitman.
“I think companies have a bit of a blind spot when it comes to internal information security,” Mr Heitman said.
“Many companies don’t build a computer security network with that in mind.
“They build a very good moat to stop outsiders hacking in, but they don’t always consider the hackers are already inside.”
And rather than simply defacing webpages or changing basic information for some hacker street cred, the internal hackers are in it for personal benefit, he said.
“Internal breaches of security often involve employees trying to fraudulently obtain money from the company,” Mr Heitman said.
Security systems, such as auditing trails and intrusion detection systems, should be used to deter employees from accessing all kinds of company information.
An auditing trail is a program that will track and log everything network users do, enabling any security breaches to be traced to those responsible.
An intrusion detection system is a more advanced device that is programmed to pick up certain patterns of activity consistent with hacking.
Once such activity is picked up, the device can alert security staff or shut down systems to prevent the hack.
Com Tech senior consultant Brett Looney said that, while both systems were excellent deterrents, neither was fool proof.
“They are not a 100 per cent guarantee. An employee determined enough and with enough knowledge could still hack the system and cover their tracks,” he said.
And limiting access to certain information could make it hard for employees to do their jobs and destroy the element of trust in the workplace.
Mr Looney said the problem with internal security systems was they were lagging behind the technological revolution.
Australian Computer Society technical board director Vijay Varadharajan agreed, saying many large organisations with reputations for excellent external security didn’t even have internal security.
“For some reason they are not made a high priority,” Mr Varadharajan said.
“Employees are afforded a great amount of trust.”
Few would consider that the greatest threat to their company’s database is more likely to be in a shirt and tie sitting at a desk down the hall.
Experts estimate that between 60 and 80 per cent of all company security breaches come from internal sources.
And that is just from the hacks reported. For obvious reasons, many companies do not report internal security breaches.
Internal security is the number one problem facing companies, according to iiNet legal and regulatory director Kim Heitman.
“I think companies have a bit of a blind spot when it comes to internal information security,” Mr Heitman said.
“Many companies don’t build a computer security network with that in mind.
“They build a very good moat to stop outsiders hacking in, but they don’t always consider the hackers are already inside.”
And rather than simply defacing webpages or changing basic information for some hacker street cred, the internal hackers are in it for personal benefit, he said.
“Internal breaches of security often involve employees trying to fraudulently obtain money from the company,” Mr Heitman said.
Security systems, such as auditing trails and intrusion detection systems, should be used to deter employees from accessing all kinds of company information.
An auditing trail is a program that will track and log everything network users do, enabling any security breaches to be traced to those responsible.
An intrusion detection system is a more advanced device that is programmed to pick up certain patterns of activity consistent with hacking.
Once such activity is picked up, the device can alert security staff or shut down systems to prevent the hack.
Com Tech senior consultant Brett Looney said that, while both systems were excellent deterrents, neither was fool proof.
“They are not a 100 per cent guarantee. An employee determined enough and with enough knowledge could still hack the system and cover their tracks,” he said.
And limiting access to certain information could make it hard for employees to do their jobs and destroy the element of trust in the workplace.
Mr Looney said the problem with internal security systems was they were lagging behind the technological revolution.
Australian Computer Society technical board director Vijay Varadharajan agreed, saying many large organisations with reputations for excellent external security didn’t even have internal security.
“For some reason they are not made a high priority,” Mr Varadharajan said.
“Employees are afforded a great amount of trust.”