There has been a twelve-fold increase in the number of large UK companies finding unauthorised outsiders on their internal networks, a government report into security breaches will reveal at Infosecurity 2008 today (22 April).
The 2008 Information Security Breaches survey for the Department for Business, Enterprise and Regulatory Reform reveals that 13% of large companies found hackers inside their corporate defences in 2007, compared with 1% in 2006.
Hackers are looking for confidential information such as customer details and marketing plans, which they can sell or use to disrupt a business, said Chris Potter, PricewaterhouseCoopers security practice partner and author of the report.
Potter said this was the flip side of the fact that 60% fewer companies reported malware infections than two years ago. He attributed this to near-universal use of anti-virus and anti-spyware tools.
Because corporate cyber defences are working well, criminals are targeting home PCs and careless web surfers. "They aim to take over machines and make them part of botnets [networks of PCs controlled by criminals]. They then hire out the botnets to spammers and phishers or use them in a distributed denial of service attack to extort money by threatening to block communications," said Potter.
Jim Norton, senior policy adviser at the Institute of Directors, said if someone had got past the firewall, it was a concern, but not necessarily damaging. "The fact that intruders have been identified indicates that the defences are working. What should keep us all awake at night are those who penetrate all the defences and depart undetected," he said.
Norton suggested firms use honeypots, servers disguised to look like they contain secure information. "Any access to these implies that all the defences have been breached and it is time to call in the troops," he said.
Martin Smith, chief executive at training provider The Security Company, said the results of the Information Security Breaches survey showed security technology was working. "Perimeter defence is working, but there are determined attackers out there and the human element is now the weakest link," he said.
Criminals and others are using social engineering attacks to lure staff into insecure behaviour. "Insiders have always been the biggest threat. It is now essential that boards improve security awareness and practice among staff," said Smith.