http://www.stuff.co.nz/stuff/4405790a28.html The Dominion Post 18 February 2008 A visiting security expert employed by software giant CA in France hopes big businesses will realise they need to spend more money securing their computer systems in the wake of Societe Generale's 4.9-billion euro rogue trading scandal. Matthew Gardiner, who was in Wellington last week, says it would be sad if business leaders concluded instead that they were throwing money into a bottomless pit. Mr Gardiner, an American who lives 20 miles from rogue trader Jerome Kerviel's home in Brittany, has been following the case to see what lessons can be learned for clients. The Daily Telegraph reported that SocGen employed 2000 people in its compliance department who should have been able to quickly spot any irregular trading by using an automatic computerised warning system. Full details have yet to emerge about how Kerviel circumvented the bank's systems. The newspaper reported that Kerviel was a "computer whiz" who knew how to turn off the bank's warning systems. The bank was not a major CA client but was not regarded as a soft target, Mr Gardiner says. He says a contributing factor may have been that Kerviel had worked in the bank's back office and in compliance before becoming a trader. A common flaw in company security systems is that IT staff and other "privileged users" are given too much access to systems to make it easier for them do their jobs, he says. "One per cent of the time it is a problem." Mr Gardiner hopes for a "rational response" from business leaders. IT security experts employed by businesses know "99 per cent of the time" what needs to be done to better secure their businesses, but are often constrained by budgets. If anything good comes out of the SocGen scandal it is that business managers will "go to them and have a talk", he says. "IT needs money to invest in people, processes and technology, and the other side doesn't know why they need it and whether it is justified. Major businesses are based 100 per cent on IT. The clock is not going to roll back." ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Feb 19 2008 - 01:22:48 PST