Viruses, worms and physical attacks could have a devastating effect on business, warned speakers at the Protecting Critical Information Infrastructures convention last week.
Criminal gangs are bribing employees of companies in the City of London to raid corporate databases for credit card and sensitive personal details, Mike Bowron, assistant commissioner of the City of London Police revealed.
"There is much more illegal access to databases than companies are prepared to admit to their shareholders and the police: 70% of illegal access is by an employers' own staff," he said.
Lax security and poor oversight of employees' use of sensitive corporate information are also contributing to rapid growth in identity theft, Bowron said. Last year 110,000 people in the UK had their identities stolen at an estimated cost of £1.3bn.
Bowron said thefts of credit card details by employees "were 10 a penny". He knew of at least three recent cases where employees inside financial services companies had passed on credit card details to criminals. In one case, a bank left itself open to blackmail threats from a former member of its IT security staff after allowing him to work unsupervised on sensitive credit card databases.
The employee, who felt aggrieved that the bank had ignored his warnings about poor security, threatened to leak sensitive credit card details to highlight the firm's lax approach.
Businesses can protect themselves by taking simple precautions, said Bowron: buying the best IT security they can afford; training staff about security risks; and making sure they preserve evidence of all database access.
Employers could learn from the police, by segregating information so that no one person knows everything about internal IT systems, and limiting database access to those who really need it.
- The City of London Police will become the lead force in the UK for investigating financial crime from April, and will offer advice and services to other forces.