
Subscribe to
Computerworld
or
Other Management Stories
|
March 09, 2004 (Computerworld) -- "The risk of cyber attacks continues to be high. Even organizations that have deployed a wide range of security technologies fall victim to significant losses. ... The percentage of incidents that are reported to law enforcement agencies remains low ... Attackers may reasonably infer that the odds against their being caught and prosecuted remain strongly in their favor." -- Computer Security Institute/FBI 2003 Computer Crime and Security Survey
In the hit parade of security technology buzzwords, antivirus and intrusion-detection systems are in the top five. After all, there are a lot of bad guys out there writing worms and trying to break in.
Stop for a second and ask yourself a question.
Is intrusion your key threat just because that's what the IT vendors are selling?
You know the joke about the cement factory in Poland. Every day, a worker leaves the factory at closing time with a wheelbarrow of sand. After a month of this, the guard finally says to the worker, "I know you're stealing something; I just can't figure out what the heck it is." The worker replies, "I'm stealing wheelbarrows." That's extrusion: unauthorized transfer of your assets in broad daylight.
The sources of insider theft
Let's examine the sources of digital asset extrusion: trusted insiders, human error and criminals. Trusted insiders are your employees, your suppliers and your customers. Employees may be the software development group that was axed or the sales representative who skims credit card transactions. Suppliers may be the courier who flirts with the receptionist or the night security guard who copies sensitive documents.
Outsourcing contractors are also threats. In the quest for operational efficiency, our industry outsources IT functions, but oddly, some banks and insurance companies outsource their information security functions even though their business is the most information-intensive industry on the planet.
What about human error? One extra click in Outlook, and a casual friend is on the distribution list together with the board members in the middle of due diligence.
Customers may not be direct threats, but many business-to-consumer Web sites are vulnerable to credit card theft by organized crime. Tens of thousands of stolen credit card numbers are offered for sale each week on the Web. This black market e-business, where credit card prices fluctuate with supply and demand, costs the financial system more than $1 billion a year and shows how easily personal information is being stolen and traded.
People do it because of anger and greed. Emotions are a powerful motivator, and anger at being terminated will cause a person to act quickly and irrationally. A supplier trying to collect money may view extrusion of digital assets belonging to his customer as a way of taking a hostage that will ensure receipt of payment.
Employees are aware that extrusions can be traced when they use their office lines or cell phones and may prefer to use alternative channels such as instant messaging or peer-to-peer systems that are readily available in most offices, yet can't be traced or tapped with conventional network facilities.
Most companies don't report extrusion to law enforcement agencies out of fear of negative publicity and of competitors taking advantage of the bad news.
A CEO considering the extrusion problem must gauge the potential damage to a valuable and hard-earned corporate brand without assuming that fear and loyalty will prevent an employee from stealing a digital asset on the network.
Cases of insider theft
In order to understand what digital assets people steal, let's consider the following two brief case studies:
|
|
Print this Story |
|
Send Us Feedback |
|
E-mail this Story |
|
Digg this Story |
|
Slashdot this Story |
|
|
|
|
|
|
|
All Zones Application Performance Zone Business Continuity Zone Data Center Management Zone Enterprise-Class Security Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone Business Intelligence and Analytics Zone |
|
|
| ||||||||
| ||||||||
| ||||||||
|

Intercept Spam & Viruses With MessageLabs MessageLabs is offering a complimentary 30 day trial of its managed Anti-virus and Anti-spam security solutions. MessageLabs guarantees complete protection against all know and unknown email threats. By providing 24 hour support, your business can increase productivity and decrease risk. Register for a complimentary trial and receive a free datasheet.Download this white paper now!
|

|
Is Your Company a Great Place to Work?
Our annual survey recognizes top employers that offer satisfying and challenging work environments for their IT staffs. Nominate a company here.
See the 2007 Best Places to Work in IT report
|

Enhancing Business Mobility with Convertible PCsFor years Pen enabled computing devices have enjoyed great success and acceptance in highly vertical industries like delivery services, auditing and POS. The primary limitations of early pen computing devices, which were the hurdles to early mainstream adoption, were the power limitations of the devices, no stable OS environment for application development, and the lack of a keyboard for traditional input. Now, with the availability of Windows XP Tablet PC edition and Vista, which are both Pen Enabled operating systems, the flexibility afforded by dual function convertible notebooks and a host of 3rd party applications, Pen Computing has expanded into areas like healthcare, insurance, education, retail, and sales force automation. What used to be strictly vertical has now caught on as a preferred alternative to standard notebooks. Is now the right time for you to consider pen computing? Tune in to find out what these amazing mobile devices can do to simplify tasks, expand the utility of a traditional notebook, and increase the ROI of traditional notebook computing. Listen to this podcast now
|
| About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map |
|
CIO The Industry Standard |