[ISN] Workers Are No. 1 Threat to Russia's IT

From: InfoSec News (isnat_private)
Date: Wed Apr 03 2002 - 00:47:20 PST

  • Next message: InfoSec News: "[ISN] Server port 80 plagues Internet security"

    By Alexander Boreiko and Yury Granovsky 
    Wednesday, Apr. 3, 2002. Page 8 
    Hackers may the greatest danger to computer systems in the West, but
    in Russia the biggest problems are employees, legislative failings and
    Only 2 percent of damage to computer systems in Russia is connected
    with hackers, said Ivan Kurnosov, deputy head of the Communications
    Ministry's information department.
    Some 55 percent of damaging incidents are the result of employee
    errors, according to the Documentary Electronic Communications
    Association, while 25 percent are caused by intentional employee
    Russia's biggest problem, however, is the continuing absence of laws
    to combat the majority of computer crimes, said Yelena Volchinskaya, a
    consultant with the State Duma security committee.
    "There is nothing in our legislation that outlaws spam," she said,
    referring to junk e-mail.
    Dangerous attacks like flooding servers with fake requests from
    different computers are not considered a crime under Russian law, she
    "Denial of Service" attacks, as they are called, are considered the
    most widespread and dangerous form of computer crime in the world.
    The Documentary Electronic Communications Association is developing a
    concept for information security that would expand an earlier
    presidential decree on information security, said Alexander Sundukov,
    deputy head of the Communications Ministry's security department.
    The document should be adopted later this year, he said.
    The original concept of information security scarcely touches on
    protecting telecommunication systems.
    The greatest threat to telecoms infrastructure is excavating
    equipment, which often damages communication lines during construction
    operations, said Azat Yarmukhamet, one of the developers of the
    concept and director of communications with the Kazan-based ICL-KPO
    VS. Theft of cables and their sale as scrap is another major problem,
    he said.
    Hackers and viruses, however, are the greatest danger to computer
    systems in the West, according to a survey by the KPMG auditing and
    consulting company.
    One company lost $10 million after a so-called postal virus penetrated
    the company's e-mail system. The name of the company was not revealed
    in the report.
    "The main problem is that many companies clearly overestimate the
    means they have at their disposal for protecting information," said
    Sergei Tatarchenko, the head of KPMG Russia's risk management
    "Having wasted millions of dollars on implementing security systems,
    companies often don't even check their effectiveness."
    Ninety-six percent of the respondents to the KPMG survey said they had
    confidence in their information defense systems. But further
    questioning revealed that only about 35 percent of the companies had
    actually tested their systems, while 52 percent had no system for
    detecting hacker intrusions.
    Many companies suffer from simple technical failures, and almost 12
    percent of companies suffered major losses due to electricity cuts.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Apr 03 2002 - 04:36:00 PST