Keep An Eye On The Back Door

April 2003

Systems are far more susceptible to internal threats than most companies realise. From a security point of view, businesses tend to overlook this aspect and concentrate on guarding against external threats. Businesses cannot afford to ignore this issue.

"Internal threats against systems are far greater and potentially more harmful than many of the external problems companies protect themselves against. Of course businesses have to adopt a stringent line when it comes to protecting systems against hackers, crackers, viruses and the like. But, what managers tend to neglect is that many problems start inside the company and are caused by negligence, ignorance or through malice," says a security expert.

Organisations continue to make substantial investments to ensure that resources, systems and networks are protected and that everything is done to guard against the theft of information, virus-related problems, vandalism and attacks of any sort. However, it is often company employees that erroneously misinterpret rules, misunderstand certain procedures, tamper with resources or simply 'want to have fun on the system' that cause problems.

Internal threats can be anyone and anything from a disgruntled employee to a virus-infected stiffy. Carte blanche access across the system can lead to security breaches which, according to trends analysis, account for loss of information, denial of service, financial fraud and much more. Ironically, says Seyffert, there may not necessarily be any malicious intent behind a situation - often problems occur more out of ignorance than any other reason.

"Ignorance is a big factor. Many employees are simply allocated a workstation complete with IT resources and told to get on with it. What IT managers or general managers sometimes forget is that not everyone has the ability to navigate their way through systems and what inadvertently happens is that an honest mistake is made, a wrong click here or there, and a company's system is compromised. At the same time, if an employee is left to his or her own devices and not presented with any ground rules, then the company should expect to face deep water at some stage or another. This is why a clear security policy should be in place that states the rules pertaining to the use of a company's resource. The Internet is a major case in point. It is without a doubt one of the most significant tools a business can incorporate, but it is also one of the most risky."

"The issue here the potential risk to the company as a result of any trouble on the system. Worst case scenarios can and do involve the theft of trademarks, company secrets or private information. Espionage is a real danger - and, although this is not necessarily the case with all internal system-related problems, it would be foolish for managers and administrators to simply dismiss this possibility outright. The best defence is proactive, consistent vulnerability assessment, partnering with the experts and implementing and enforcing a clear security policy and system regulation document available to all staff," adds an expert.

Source...

 

With Dionach you get:

• An efficient, friendly and flexible service
• To talk directly to the experts
• Straightforward assessment reports that get to the point
• Complete confidentiality and utmost discretion