The biggest IT security threat in most organisations comes from employees, delegates at this month’s BCS Information Security Specialist Group Conference were told.
Employee misdemeanours include hostile defections, theft of proprietary information, the sabotage of systems and the destruction of evidence. Examples include Jason Smathers, who stole 92 million e-mail addresses from America Online and sold them on; and Timothy Lloyd, who inserted a logic bomb into Omega Engineering’s network causing damage costing £5.3m.
Frequently companies become their own worst enemies when facing IT crime, the conference heard. From chief executives who want to believe that everyone in their company is committed to the firm’s ethics and values and hence turn a blind eye, to the IT security department which sees intellectual property theft as someone else’s problem.
Human error is also a problem when it comes to data security, such as using passwords that could be easily guessed, failing to lock PCs while away from the desk, or leaving sensitive information out for others to see.
Individuals must start taking more responsibility for not only their own security but for that of others, the conference heard. The FBI said that most of the computer intrusions it investigated were linked to stolen laptops that were subsequently used to break into corporate servers.
Wireless access was also highlighted as a problem area. Most Wi-Fi connections are unencrypted, making them easy targets for those wanting to eavesdrop, delegates were told. They were advised to be more aware of the risks they and their end-users take whenever they connect to the internet via Wi-Fi.