[ISN] Hackers bigger threat than rogue staff

From: InfoSec News (isnat_private)
Date: Fri May 16 2003 - 00:29:53 PDT

  • Next message: InfoSec News: "[ISN] Security spending rising for data centers, surveys show"

    By Emma Nash 
    Survey of financial firms finds 90 per cent of security breaches come
    from outside.
    Most security attacks on financial services organisations are coming
    from outside the company - not from employees as widely thought.  
    Deloitte & Touche's 2003 Global Security Survey examined the security
    at 80 Fortune 500 financial companies, and found that 90 per cent of
    security attacks are coming from external sources.
    "For as many years as I can remember, internal attacks have always
    been higher than external," said Simon Owen, Deloitte & Touche partner
    responsible for technology risk in financial services.
    "Sixty to 70 per cent used to be internally sourced. But most attacks
    are now coming from external forces and that's a marked change."
    The report showed that 39 per cent of respondents experienced a
    security breach in the past year, and only 10 per cent of those were
    generated internally.
    "As organisations become more connected there are more doors people
    can rattle to get in," said Owen.
    There seems to be an increased awareness of security, but it is not as
    widespread as it should be. Some 80 per cent of respondents said they
    had a security policy, but only 47 per cent of those companies said
    the strategy was "embraced by line and functional leaders".
    "The majority of organisations have a security policy, but the
    majority said the organisation doesn't buy into it," said Owen.
    "We have to raise the gambit and education is needed to stop the
    security department churning out paper and nobody taking any notice."
    And banks do not fully understand what a major security attack could
    "I think they're aware of the nuisance and disruption factor, but I
    don't think these organisations have taken into account the potential
    impact on brand and reputation, on the customer base, market profile
    and regulatory impact," Owen said.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri May 16 2003 - 03:48:44 PDT