http://straitstimes.asia1.com.sg/techscience/story/0,4386,275155,00.html By Chua Hian Hou SEPT 29, 2004 COMPANIES here more concerned with preventing computer viruses from attacking them, are neglecting their biggest information security threats - their employees and business partners. Mr John Ho Chi, principal of Ernst & Young's security and technology risk service, said insiders are dangerous because they 'know where your most valuable information is, already have trusted access to your system, and may even know how to get away with it or cover their tracks'. For example, an unhappy business partner with access to a company's price lists can share this access with the company's competitor, allowing him to see the prices. Or a disgruntled employee can change the details of customers' orders, causing havoc to the company's operations, he said. While a virus or a hacker may cause damage to a company, it cannot do so undetected and certainly not to the extent a malicious insider with intimate knowledge of the company can. Findings from Ernst & Young's Global Information Security Survey 2004, which included 43 local companies, showed Singapore firms know security is important. Many invest heavily in firewalls and anti-virus software to guard against external threats such as viruses and hackers. However, these firms pay less attention to internal threats, said Mr Ho. According to the survey, nine out of 10 local companies rank external threats such as viruses and hackers, loss of customer data and confidentiality breaches as their most important threats, compared to seven in 10 which are concerned about breaches by disgruntled employees or business partners. Mr Ho said publicity given to virus outbreaks and hacker attacks has highlighted external threats and made them appear more dangerous than internal threats. What local companies don't realise is, 'when it comes to employees and business partners, the only thing standing between the company and fraud is... trust'. Woo World, a 10-man mobile games distributor, experienced a malicious breach last year, said its technology manager Chai Swee Kheat. An employee had deliberately deleted files he was not supposed to modify. Fortunately, there were back-up copies and the company did not suffer too badly in this case. Lest companies believe their staff are made of sterner stuff, a global fraud study by Ernst & Young found that one in five employees knew personally of incidents where colleagues had stolen from their employer. 'In other words, there are a lot of untrustworthy employees out there,' warned Mr Ho. _________________________________________ Donate online for the Ron Santo Walk to Cure Diabetes - http://www.c4i.org/ethan.html
This archive was generated by hypermail 2.1.3 : Wed Sep 29 2004 - 10:06:41 PDT