Workers Cause More Problems Than Viruses

← Back to Stories (view on slashdot.org)

Workers Cause More Problems Than Viruses

Posted by ScuttleMonkey on Monday September 17, 2007 @05:30AM from the going-postal dept.

Technical Writing Geek writes "A new report finds that, for the first time, virus infections have slipped to the second spot on the list of computer security troublemakers. In first place— a company's own workers. 'The Computer Security Institute has just released the 2007 edition (PDF) of its long-running "Computer Crime and Security Survey," and it offers some dreary news for overworked computer security admins: average losses from attacks have surged this year. More surprising is the finding that the single biggest security threat faced by corporate networks doesn't come from virus writers any more; instead, it comes from company insiders.'"

4 of 191 comments (clear)

Min score:

Reason:

Sort:

Ignoring the Human Factor is not Bliss by foobsr · 2007-09-17 05:31 · Score: 5, Insightful

As of 2004:

"CEOs are increasingly aware of the risks posed to company information by insiders, but they aren't acting on this knowledge, according to the "2004 Ernst & Young Global Information Security Survey." More than 70 percent of the 1,233 organizations surveyed in 51 countries failed to list training and raising employee awareness of information security issues as a top initiative."

A case of 'ignorance is not bliss'.

CC.

--
TaijiQuan (Huang, 5 loosenings)
1. Re:Ignoring the Human Factor is not Bliss by EvanED · 2007-09-17 05:48 · Score: 5, Interesting
  
  Requesting the whole organization use tinfoil hat Linux boxes; with 256bit end to end encryption; with all outgoing and incoming packets sniffed, duplicated and logged; 16 character mixed special char, numeric, and alphabetic passwords; Faraday cages around every office; may be excessive even for the NSA
  
  Actually I bet the NSA is doing everything you name, except for the 256bit thing. I'm sure they're using at least 4096 bit encryption (assuming RS). Maybe biometrics instead of the fancy passwords.
  
  But you can be sure that the rooms are faraday cages; even the CIA does that. ;-)
  
  (The CIA also has double walls between which they pump white noise so that people can't read the vibrations of the glass with laser meters. The building is magnetically shielded so people can't "read" the monitors of people remotely.)
Norton Anti-Worker by biocute · 2007-09-17 05:33 · Score: 5, Funny

Time to place your order.

--
Virtual Betting on Facebook for non-geeks.
Re:The ultimate attainable security ... by cdf123 · 2007-09-17 10:11 · Score: 5, Insightful

If I am a hacker, why would I use a PC in a hacked corporate network to store my porn?
If I was a hacker, the last place I would store anything incriminating, is my own PC.
One of the big reasons to store off site is to use the hacked PC for free/illegal hosting. This makes it harder to trace back to the hacker, and doesn't waist resources of the hacker's PC (storage/bandwidth). Think of how long it would take to find something on a PC if it was just used as a web server, serving files stored in some rootkit hidden directory. Virus scanners wouldn't find it, as the files aren't viral. Unless a firewall log audit, or internal port scan picked up the web server application, it could go unnoticed for months, or maybe years. Now do this to about 20 hacked systems, and you have a semi-reliable distributed network for all your hosting needs.
Sounds like a reasonable thing for a hacker to do to me.