[ISN] Companies leave databases wide open to espoinage [sic]

From: mea culpa (jerichot_private)
Date: Sun Jul 05 1998 - 22:15:18 PDT

  • Next message: mea culpa: "Re: [ISN] Signs of Insecurity in Cyberspace - Analysis"

    Forwarded From: Simon Taplin <stickert_private>
    In a recent survey, most companies interviewed showed little grasp of the 
    importance of Internet security, writes Greg Gordon
    A survey conducted among South Africa's top 200 companies by Arthur 
    Anderson shows that 75% of local companies ignore internet security. 
    The company's computer risk management department released the results of 
    the second annual Internet security survey this week, describing the findings as 
    The survy indicates that 73% of respondant companies do not have a 
    comprehensive Internet security policy, and 61% do not have a security 
    awareness programme for end users.
    Mark O'Flaherty, who heads up the computer risk management department, 
    says South African companies don't devot enough resources to keeping 
    confidential information safe on-line.
    "Insufficient time and effort spent identifying and removing internet risks could 
    endanger sensitive information," he says. "Respondants are generally aware of 
    the threats hackers pose to computer systems but they ignore them. They 
    know the risks are there, but they are reluctant to do anything about it."
    It is difficult to gauge the number of hacker hits on South African companies 
    because those that have been infiltrated are reluctant to admit it.
    Says O'Flaherty: "Most companies are not keen to disclose the security 
    breaches because it labels them as vunrable. Those that have spoken to us 
    about hacking incidents say most have been harmless."
    But complaceny is no solution. In many cases, hackers have been able to 
    enter corperate networks and steal sensative information. Malicious hacker can 
    sell information to competing companies or they can postit on public websites, 
    which can prove embarrassing.
    Local security expert Ian Melamed says computer security shoudl not be taken 
    lightly. "Although the recorded incidences of on-line securrity breaches are low, 
    its it not to say that they dopn't happen, they do.
    Most hackers  do it for kicks. They enjoy the challenge of breaking into a 
    computer network and leaving a harmless message behind to show that they 
    were there.
    "The real problem with hackers is that, if they don't want you to know they have 
    been there, they can remain invisible. They can steal data without you knowing 
    about it," says Melamed.
    Unlike any physical object that is stolen, data is merely copies. The original  is 
    right where you stores it - the hacker ha simply made and removed a copy.
    Says: Melamed: "Its not use burying you head in the sand. Security is a 
    serious issie at all levels. Many companies employ security guards or 
    companies to guard their premises, so they should look after their data just as 
    well, particularly that which is crucial to the company's operations."
    Take from the Sunday Times Business Times
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:03 PDT