[ISN] Hackers bigger threat than rogue staff

From: InfoSec News (isnat_private)
Date: Fri May 16 2003 - 00:29:53 PDT

Next message: InfoSec News: "[ISN] Security spending rising for data centers, surveys show"

Previous message: InfoSec News: "[ISN] Who's listening on that port?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.vnunet.com/News/1140907

By Emma Nash 
[15-05-2003]

Survey of financial firms finds 90 per cent of security breaches come
from outside.

Most security attacks on financial services organisations are coming
from outside the company - not from employees as widely thought.  
Deloitte & Touche's 2003 Global Security Survey examined the security
at 80 Fortune 500 financial companies, and found that 90 per cent of
security attacks are coming from external sources.

"For as many years as I can remember, internal attacks have always
been higher than external," said Simon Owen, Deloitte & Touche partner
responsible for technology risk in financial services.

"Sixty to 70 per cent used to be internally sourced. But most attacks
are now coming from external forces and that's a marked change."

The report showed that 39 per cent of respondents experienced a
security breach in the past year, and only 10 per cent of those were
generated internally.

"As organisations become more connected there are more doors people
can rattle to get in," said Owen.

There seems to be an increased awareness of security, but it is not as
widespread as it should be. Some 80 per cent of respondents said they
had a security policy, but only 47 per cent of those companies said
the strategy was "embraced by line and functional leaders".

"The majority of organisations have a security policy, but the
majority said the organisation doesn't buy into it," said Owen.

"We have to raise the gambit and education is needed to stop the
security department churning out paper and nobody taking any notice."

And banks do not fully understand what a major security attack could
do.

"I think they're aware of the nuisance and disruption factor, but I
don't think these organisations have taken into account the potential
impact on brand and reputation, on the customer base, market profile
and regulatory impact," Owen said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Security spending rising for data centers, surveys show"
Previous message: InfoSec News: "[ISN] Who's listening on that port?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 16 2003 - 03:48:44 PDT