[ISN] Staff oblivious to computer security threats

From: InfoSec News (isnat_private)
Date: Thu May 03 2001 - 02:33:42 PDT

  • Next message: InfoSec News: "[ISN] Security UPDATE, May 2, 2001"

    http://www.zdnet.co.uk/news/2001/17/ns-22586.html
    
    Wed, 02 May 2001 15:02:06 GMT
    Will Knight
    
    Users still leave passwords on their desks, survey finds
    
    The single biggest cause of network security breaches is not software
    bugs and unknown network vulnerabilities but user stupidity, according
    to a survey published by computer consultancy firm @Stake.
    
    The security research company, which is best known for uncovering bugs
    in operating systems and network software, says that, despite the ever
    risk of computer fraud, many corporate computer users leave passwords
    on post-it notes, fail to change passwords from the default and
    incorrectly configure hardware.
    
    Other security no-brainers include encrypting data, but leaving it on
    a machine in an unencrypted format or locking it with a blank password
    and failing to change system passwords during updates. The survey also
    discovered that some companies connect servers directly to the
    Internet, bypassing router firewalls.
    
    The research shows that splashing out on the most costly security
    products can be a waste of time, according to Royal Hansen, practice
    director for @stake Europe.
    
    "Expensive and elaborate security measures are often completely undone
    by a company's failure to enforce even the most simple precautions,
    opening up the entire corporate infrastructure to malicious attack,"
    Hansen said.
    
    Another survey, conducted recently by consultancy firm KPMG adds
    weight to that suggestion that the greatest threat to company data
    comes from within. KPMG suggests that the majority of computer
    fraudsters will already be an employee or will try to get inside a
    company.
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email LISTSERVat_private with a message body of
    "SIGNOFF ISN".
    



    This archive was generated by hypermail 2b30 : Thu May 03 2001 - 03:49:12 PDT