We live in a society that seems to increasingly abhor the idea that there should be any risk. As health and safety officers tighten their grip on the physical corporate environment, trying to make sure that no one slips on a polished floor or trips on the stairs, it often looks as if the perceived risks either do not exist or are at least highly exaggerated.
But in the field of electronics and computer systems, the opposite is true. As our feature article by Helen Beckett makes clear, the rise in computer-based crime is no figment of the imagination.
While the internet has attracted ever more sinister and powerful criminals, frequently making the headlines in the national press, the continuous internal threat from dishonest or disgruntled employees is easily overlooked on the basis that, "We have to operate from a position of trust," or simply, "It won't happen to us."
Rapid developments in mobile storage devices such as high-capacity USB sticks can provide the opportunity for an individual to steal huge quantities of information from company computers. New devices can link to corporate networks before the IT department has had time to evaluate the risks they pose. Many, like the iPod, will come not from the IT sector but from the burgeoning consumer electronics market.
While some other senior managers may enjoy the luxury of denial, the IT director cannot afford to ignore such threats. It will be their neck on the line if the company falls victim to computer crime.
And it is not simply a matter of preparing adequate defences. The IT director must be ready to act effectively to identify and preserve evidence if threat becomes reality. As Beckett points out, the IT director must adopt the mindset of the computer forensic specialist when dealing with internal security. This risk is real.
This was first published in August 2004