[ISN] Business security depends on people

From: InfoSec News (isnat_private)
Date: Fri Jun 13 2003 - 01:34:49 PDT

  • Next message: InfoSec News: "[ISN] Linux Advisory Watch - June 13th 2003"

    Forwarded from: William Knowles <wkat_private>
    
    http://www.santacruzsentinel.com/archive/2003/June/12/biz/stories/01biz.htm
    
    By JENNIFER PITTMAN
    Sentinel correspondent
    June 12, 2003 
    
    SCOTTS VALLEY - Patents and copyrights aren't enough to safeguard a 
    company's treasures, according to Curtis Coleman. The director of 
    worldwide electronic security for Seagate Technology touts the need 
    for an increasing holistic view of corporate security in a competitive 
    world.
    
    Coleman's job is to look for trouble, preferably before it happens by 
    scoping out potential vulnerabilities that could put his employer's 
    business in danger. He is charged with safeguarding the international 
    company's proprietary information, which includes technology the 
    company develops and uses as well as data and business systems.
    
    As the main speaker today at the Santa Cruz-based Intellectual 
    Property Society luncheon, Coleman aims to link high-tech security 
    issues pertinent to business with the everyday security issues that 
    companies often overlook.
    
    "Most people think corporate espionage is only in the movies and has 
    nothing to do with the ordinary company that might just be getting 
    formed, but what we've discovered in the last three to five years is 
    that there's an increase in five areas in how intellectual property is 
    getting out of companies," Coleman said. "People are very lax about 
    security. They think they don’t have to secure anything." 
    
    Coleman, a former U.S. Air Force commander specializing in computer 
    security systems, helps train law enforcement in computer forensic 
    techniques as well as security management courses. He will cover the 
    five problem areas, as well as corporate espionage, and the bridge 
    between high-tech and no-tech security solutions.
    
    "Usually we talk about legal rights," said Patrick Reilly, founder and 
    president of the Intellectual Property Society. "But there is a 
    pragmatic issue of how physically you protect your property." 
    
    Intellectual property security isn't just important for 
    tech-development companies, Reilly said. It's important for artists 
    and small businesses of all kinds that need to protect their 
    competitive secrets about how they win business.
    
    While many smaller and midsize companies may not think they need to 
    protect their intellectual property, or only need to protect 
    information about a specific design or product, Coleman says that 
    companies of all types and sizes are relatively ill-equipped to 
    protect themselves. 
    
    Hired investigators in a growing market for competitive intelligence 
    can learn a lot about a company simply by collecting pieces of 
    information that is often considered innocuous, such as how late 
    people stay at an office or how behind in bill payments they are. The 
    fact that engineers suddenly stop publishing reports on new 
    technologies may indicate a startup is under way.
    
    Coleman is especially wary of friendly little phone conversations 
    involving seemingly innocuous details about a company's routine 
    business that reveal information a company might not normally want to 
    share. 
    
    "Most people think getting something that's high technology is going 
    to protect them," Coleman said. "But the human firewall is key to 
    protecting intellectual property."
    
    According to the Eighth Annual Computer Crime and Security Survey 
    released this month by the FBI and the Computer Security Institute, 
    theft of proprietary information caused the greatest financial loss - 
    about $70.2 million - among 251 organizations interviewed this year. 
    
    The second most expensive computer crime among survey respondents was 
    denial of service, at $65.64 million, according to the survey. 
    Computer viruses and insider abuse of network access were the most 
    commonly cited forms of attack or abuse.
    
    On the brighter side, financial fraud was only about $10.18 million 
    compared to almost $116 million reported last year, and while there 
    were about the same amount of unauthorized computer use at 
    organizations, resulting annual losses were down from 2002, to 2001 
    figures.
    
    The survey included business, government, education and legal 
    respondents. The authors noted that most respondents said they don't 
    report intrusions to law enforcement for fear of negative publicity 
    and competition. 
    
    According to the FBI/CSI report, only 30 percent of the respondents 
    reported computer intrusions in the last 12 months. 
    
    Scotts Valley Police Detective Sergeant Donna Lind, who heads the 
    Santa Cruz County High Tech Crime Investigators Association, said 
    identity theft is the largest growing crime nationwide and is costing 
    individuals and businesses more each year. 
    
    "We have had businesses where their records have been taken," Lind 
    said. "They've obtained personal records, PIN numbers and passwords. 
    The crooks that we're dealing with are becoming more high tech."
    
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Jun 13 2003 - 03:40:12 PDT